1. Introduction

DentoMate ("we", "us", or "our") is a dental clinic management platform built for independent dental practices across India. We are committed to protecting the privacy of clinic owners, staff, and the patient data entrusted to us. This Privacy Policy explains what information we collect, how we use it, and the choices you have.

By using DentoMate, you agree to the collection and use of information as described in this policy. If you are a clinic owner using DentoMate to manage patient records, you are the data controller for your patients' data; DentoMate acts as a data processor on your behalf.

2. Information We Collect

We collect the following categories of data:

• Account & Clinic Data — name, email address, phone number, clinic name, clinic address, and any information provided during registration or onboarding.
• Staff Data — names, roles (doctor/receptionist), and login credentials for staff members added by the clinic owner.
• Patient Records — patient name, mobile number, visit dates, treatment notes, prescriptions, medical history flags, and any data entered into the platform by clinic staff. This data belongs to the clinic and is stored on our servers solely to provide the service.
• WhatsApp Messaging Data — message content, delivery status, and patient phone numbers used when sending messages via the Meta WhatsApp Business API.
• Payment & Billing Data — subscription plan, billing history, and Razorpay transaction references. We do not store full card or bank account numbers; all payment processing is handled by Razorpay.
• Usage & Technical Data — IP address, browser type, device information, pages visited, and session logs. This data is used for platform security, debugging, and improving the service.
• AI Feature Data — when you use AI-powered features (such as medicine suggestions), the relevant clinical context (e.g., diagnosis notes) is sent to Google's Gemini API to generate a response. We do not use this data to train models.

3. How We Use Your Information

• To provide, maintain, and improve the DentoMate platform and its features.
• To process subscription payments and manage your plan via Razorpay.
• To send WhatsApp messages (appointment reminders, post-visit care instructions, marketing campaigns) on behalf of your clinic through the Meta WhatsApp Business API.
• To power AI-assisted features using Google Gemini, where you have explicitly triggered them.
• To respond to support requests and communicate service updates.
• To detect and prevent fraud, abuse, or security incidents.
• To comply with applicable Indian laws, including the Information Technology Act, 2000 and the Digital Personal Data Protection Act, 2023 (DPDP Act).

4. Patient Data & Your Responsibilities

As a clinic owner, you are responsible for ensuring that patient data entered into DentoMate is collected with appropriate consent and in compliance with applicable laws. This includes obtaining patient consent before sending WhatsApp messages through the platform. DentoMate processes patient data solely on your instructions and does not use it for any purpose beyond providing the service to your clinic.

5. Third-Party Integrations

DentoMate integrates with the following third-party services. Each has its own privacy policy:

• Meta WhatsApp Business API — used to send and receive WhatsApp messages on behalf of your clinic. Message content and phone numbers are transmitted to Meta's servers in accordance with their policies.
• Razorpay — used to process subscription payments. Payment credentials are entered directly on Razorpay's secure interface and are not stored by DentoMate.
• Google Gemini API — used for AI-powered features. Clinical context is sent to Google's API only when you explicitly invoke an AI feature.

We do not sell your data or your patients' data to any third party.

6. Data Retention

We retain your account and clinic data for as long as your account is active. Patient records are retained as long as you maintain an active subscription. If you cancel your account, we will delete or anonymise your data within 90 days of account closure, unless retention is required by law.

7. Data Security

We implement industry-standard security measures including encrypted connections (HTTPS/TLS), access controls, and server-side security practices to protect data from unauthorised access, alteration, or disclosure. Access to your clinic data is restricted to your authorised staff and DentoMate's engineering team for operational purposes only.

While we take all reasonable precautions, no system is completely secure. In the event of a data breach that affects your information, we will notify you as required by applicable law.

8. Your Rights

Under the Digital Personal Data Protection Act, 2023 and other applicable laws, you have the right to:

• Access the personal data we hold about you.
• Correct inaccurate or incomplete data.
• Request deletion of your account and associated data.
• Withdraw consent for specific processing activities where consent is the legal basis.
• Lodge a complaint with the relevant data protection authority.

To exercise any of these rights, contact us at the email address below.

9. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you via email or an in-app notice. Continued use of DentoMate after the effective date of any update constitutes acceptance of the revised policy.

10. Contact Us

If you have any questions about this Privacy Policy, want to exercise your data rights, or need to report a concern, please contact us at singhravindrapratap812@gmail.com.