Privacy Policy

1. Introduction

Welcome to DentalFlow. We are committed to protecting your privacy and the privacy of your patients. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our patient management software.

2. Information We Collect

2.1 Clinic Information

We collect information about your dental clinic including clinic name, address, contact details, and clinic key for authentication purposes.

2.2 Patient Information

Through your use of DentalFlow, you may store patient information including:

• Patient names and contact information
• Medical and dental history
• Appointment records
• Treatment plans and billing information
• Visit notes and documentation

2.3 Usage Data

We may collect information about how you access and use DentalFlow, including your IP address, browser type, pages visited, and time spent on pages.

3. How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve DentalFlow services
• Process and manage patient records securely
• Generate treatment history and billing records
• Send appointment reminders and communications (when enabled)
• Provide customer support and respond to inquiries
• Monitor and analyze usage patterns to improve our service
• Detect, prevent, and address technical issues

4. Data Storage and Security

4.1 Data Storage

Your data is stored securely using industry-standard database encryption. We use PostgreSQL for production environments with appropriate security measures in place.

4.2 Third-Party Services

We may use the following third-party services to provide our software:

• Twilio: For WhatsApp messaging services including appointment reminders, follow-up notifications, and patient education messages
• Backblaze B2: For secure video storage
• ElevenLabs: For AI voice generation (Hindi language support)

4.3 Security Measures

We implement appropriate technical and organizational security measures to protect your data, including:

• Encryption of data in transit and at rest
• JWT-based authentication with HTTP-only cookies
• Regular security audits and updates
• Access controls and user authentication

5. Data Sharing and Disclosure

We do not sell, trade, or rent your patient data to third parties. We may share information only in the following circumstances:

• With your explicit consent
• To comply with legal obligations or court orders
• To protect our rights, property, or safety, or that of others
• With service providers who assist in operating our software (under strict confidentiality agreements)

6. Data Retention and Deletion

We retain patient data for as long as your clinic maintains an active account with DentalFlow.

6.1 How to Request Data Deletion

To request deletion of your clinic data and associated patient records, please contact our support team at support@dored.org. Include your clinic name and registered contact details in your request.

6.2 What Gets Deleted

Upon a verified deletion request, we will permanently remove the following data within 30 days:

• All patient records and profiles
• Appointment history and schedules
• Treatment plans and notes
• Billing and payment records
• All clinic settings and preferences
• User accounts associated with your clinic
• Any stored media files (videos, images)

Please note that data deletion is permanent and cannot be undone. We recommend backing up any important information before submitting a deletion request.

7. Cookies and Tracking

We use HTTP-only cookies for session management and authentication. The cookie "dental-session" is used to maintain your login session and expires after 7 days. We do not use third-party advertising or tracking cookies.

8. Your Rights

You have the right to:

• Access your data and patient records at any time
• Correct or update inaccurate information
• Request deletion of your account and associated data
• Export your data in a portable format
• Withdraw consent for data processing (where applicable)

9. HIPAA Compliance

While DentalFlow is designed with healthcare data security in mind and follows industry best practices, we recommend consulting with your legal advisor regarding HIPAA compliance for your specific use case. We are continuously working to meet healthcare industry standards.

10. Children's Privacy

DentalFlow is designed for use by dental professionals and is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date. We encourage you to review this Privacy Policy periodically for any changes.

12. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us: