Privacy Policy

DentsKart ("we," "us," or "our") operates the dentskart.com platform and related services (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered dental practice management platform. We are committed to protecting the privacy of dental professionals, clinic staff, and the patients whose data is managed through our platform.

By accessing or using the Service, you agree to the practices described in this Privacy Policy. If you do not agree, please discontinue use of the Service immediately.

1. Data We Collect

1.1 Clinic & Account Data

When you register for DentsKart, we collect information necessary to create and manage your account:

• Clinic name, address, phone number, and email address
• Dentist/owner name, professional qualifications, and registration number (e.g., Dental Council of India registration)
• Billing information including GST number, PAN, and bank account details for payment processing
• Clinic operating hours, services offered, and pricing information
• Staff member names, roles, email addresses, and phone numbers
• Clinic logo and photographs uploaded for public profile pages

1.2 Patient Data

Clinic administrators and staff input patient data into DentsKart. This data is owned by the clinic and processed by us on the clinic's behalf as a data processor:

• Patient name, phone number, email address, date of birth, gender, and address
• Medical and dental history, treatment plans, clinical notes, and prescriptions
• Dental X-rays, photographs, and other diagnostic images
• Appointment history, treatment records, and billing/payment information
• Insurance details where applicable
• WhatsApp communication history for appointment reminders and follow-ups

1.3 Analytics & Usage Data

We automatically collect certain information when you use the Service:

• Device information (browser type, operating system, screen resolution)
• IP address and approximate geographic location
• Pages visited, features used, and time spent on the platform
• Referral source and landing page information
• Error logs and performance metrics to improve service reliability
• Aggregated and anonymized usage statistics for product improvement

2. How We Use Your Data

We use collected data for the following purposes:

• Service Delivery: To provide, maintain, and improve the DentsKart platform including patient management, appointment scheduling, treatment tracking, billing, and analytics dashboards.
• AI-Powered Features: To generate treatment summaries, clinical note suggestions, appointment reminders, and other AI-assisted features. Patient data sent to AI models is not used for model training.
• WhatsApp Communications: To send appointment reminders, treatment follow-ups, birthday wishes, and other clinic communications via the official Meta WhatsApp Cloud API on behalf of the clinic.
• Payment Processing: To process subscription payments via Razorpay and manage billing cycles.
• Analytics & Improvement: To understand usage patterns, diagnose technical issues, and improve the platform experience.
• Communications: To send transactional emails (receipts, account alerts), product updates, and, with your consent, marketing communications.
• Legal Compliance: To comply with applicable laws, regulations, and legal processes.

3. Data Storage & Security

We take the security of your data seriously and employ industry-standard measures:

• Infrastructure: All data is stored on Supabase (built on Amazon Web Services). Our primary database and storage infrastructure is hosted in AWS data centers with SOC 2 Type II and ISO 27001 certifications.
• Encryption at Rest: All data stored in our databases and file storage is encrypted at rest using AES-256 encryption.
• Encryption in Transit: All data transmitted between your device and our servers is encrypted using TLS 1.2 or higher.
• Row-Level Security (RLS): We enforce PostgreSQL Row-Level Security policies to ensure that each clinic can only access its own data. No clinic can view, modify, or delete another clinic's data.
• Authentication: We use Supabase Auth with secure session management, including support for email/password and OTP-based authentication.
• Backups: Automated daily backups with point-in-time recovery capabilities ensure data resilience.

For detailed information about our security practices, please visit our Security page.

4. India's Digital Personal Data Protection Act, 2023

DentsKart is committed to compliance with the Digital Personal Data Protection Act, 2023 (DPDP Act) enacted by the Government of India. Under the DPDP Act:

• Lawful Purpose: We process personal data only for lawful purposes with the consent of the Data Principal or for certain legitimate uses as permitted under the Act.
• Purpose Limitation: Personal data is collected and processed only for the specific purposes communicated to you at the time of collection.
• Data Minimization: We collect only the personal data that is necessary for the stated purposes.
• Storage Limitation: Personal data is retained only for as long as necessary to fulfill the purpose for which it was collected or as required by law.
• Data Fiduciary Obligations: As a Data Fiduciary, we implement appropriate technical and organizational measures to protect personal data and ensure compliance with the Act.
• Data Principal Rights: You have the right to access, correct, and erase your personal data, as well as the right to nominate a representative and file grievances. See Section 8 below.
• Consent Management: We obtain clear and informed consent before processing personal data and provide mechanisms to withdraw consent at any time.
• Breach Notification: In the event of a personal data breach, we will notify the Data Protection Board of India and affected Data Principals in accordance with the Act's requirements.

For clinics using DentsKart, the clinic acts as the primary Data Fiduciary for patient data, while DentsKart acts as a Data Processor. Clinics are responsible for obtaining appropriate consent from patients before entering their data into the platform.

5. Third-Party Services

We use the following third-party services to operate the platform. Each has been selected for its security posture and compliance standards:

6. Data Retention

• Active Accounts: Clinic and patient data is retained for as long as your account remains active and you continue to use the Service.
• Account Deletion: Upon account deletion request, we will delete or anonymize your data within 90 days, except where retention is required by law (e.g., financial/tax records may be retained for up to 8 years as required under Indian law).
• Subscription Cancellation: After subscription cancellation, your data is retained in read-only mode for 90 days to allow for data export and reactivation. After 90 days, data is scheduled for deletion.
• Patient Records: Dental treatment records may be subject to medical record retention requirements under Indian law. Clinics are responsible for ensuring compliance with applicable retention periods before requesting deletion.
• Backups: Deleted data may persist in encrypted backups for up to 30 additional days before being permanently purged.
• Analytics Data: Aggregated, anonymized analytics data may be retained indefinitely for product improvement purposes.

7. Cookies & Tracking Technologies

We use the following cookies and similar technologies:

We do not use third-party advertising cookies or trackers. We do not sell your data to advertisers. You can manage cookie preferences through your browser settings.

8. Your Rights

Under the DPDP Act, 2023 and applicable laws, you have the following rights:

• Right to Access: Request a summary of personal data we process about you and the processing activities.
• Right to Correction: Request correction of inaccurate or incomplete personal data.
• Right to Erasure: Request deletion of your personal data, subject to legal retention requirements.
• Right to Data Portability: Export your clinic and patient data in standard formats (Excel, PDF) at any time through the platform's built-in export features.
• Right to Withdraw Consent: Withdraw consent for data processing at any time. This will not affect the lawfulness of processing performed before withdrawal.
• Right to Nominate: Nominate a representative to exercise your rights on your behalf in the event of death or incapacity.
• Right to Grievance Redressal: File a grievance with our Grievance Officer or escalate to the Data Protection Board of India.

To exercise any of these rights, contact us at support@dentskart.com. We will respond to your request within 30 days.

9. Children's Privacy

DentsKart is designed for use by dental professionals, not by patients directly. While clinics may store data about minor patients, this data is managed entirely by the clinic. We do not knowingly collect personal data directly from children under the age of 18. Clinics are responsible for obtaining appropriate parental or guardian consent before entering minor patient data, as required by the DPDP Act.

10. International Data Transfers

Your data is primarily stored in AWS data centers in the Asia-Pacific region (Singapore). Some data may be processed by third-party services (such as Anthropic for AI features) whose servers may be located outside India. In such cases, we ensure that appropriate safeguards are in place, including contractual data processing agreements, and that transfers comply with the DPDP Act's provisions regarding cross-border data transfer. We will not transfer data to any country restricted by the Government of India.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by posting a notice on the platform, sending an email to your registered address, or through an in-app notification. Your continued use of the Service after changes take effect constitutes acceptance of the updated policy. We recommend reviewing this page periodically for the latest information.

12. Contact Us

If you have questions, concerns, or requests related to this Privacy Policy or your personal data, please contact us: