PRIVACY POLICY

DentalPlan.ai — CRM & Patient Communication Platform

Operated by Smileapp Dental Technologies OÜ

Effective Date: April 1, 2026 | Last Updated: April 1, 2026

Introduction & Scope

This Privacy Policy describes how Smileapp Dental Technologies OÜ ("Company", "we", "our", "us") collects, uses, stores, and protects personal data in connection with the DentalPlan.ai application ("DentalPlan", "Application").

DentalPlan.ai is a CRM and patient communication platform designed exclusively for licensed dental clinics and dental professionals. The Application enables lead management, patient communication, and appointment workflows.

This policy applies to: (a) all users who access or use DentalPlan.ai, (b) all data subjects whose data is processed through the Application, and (c) all integrations between DentalPlan.ai and third-party services.

1. Data Controller

The Data Controller for personal data processed through DentalPlan.ai is:

Company Name: Smileapp Dental Technologies OÜ
Registered Address: Estonia
Application: DentalPlan.ai (dentalplan.ai)
Contact Email: info@dentalplan.ai

2. Personal Data We Collect

2.1 Data Provided by Clinic Users

  • Name, email address, phone number, clinic name and role
  • Account credentials and profile settings
  • Billing address and payment information (processed via third-party gateways; card data is never stored by us)

2.2 Patient Data (Processed as Data Processor)

When dental clinics use DentalPlan.ai to manage patient records, we act as a Data Processor on behalf of the clinic (the Data Controller). This data may include:

  • Patient name, contact details, treatment notes, appointment history
  • Photos and case documentation uploaded by the clinic
  • Communication history between clinic and patient

2.3 Data Received from Third-Party Integrations

When clinics connect third-party platforms to DentalPlan.ai, we may receive:

  • Lead information submitted via connected platforms (name, phone, email, responses to lead form questions)
  • Messages sent to the clinic via connected messaging platforms
  • Account metadata from connected platforms (account ID, account name)

Data received from third-party integrations is used solely for the purpose of enabling the clinic to respond to inquiries and manage patient leads within DentalPlan.ai. We do not use third-party sourced data for advertising, profiling, or any purpose beyond direct service provision to the connected clinic.

2.4 Technical Data

  • IP addresses, device type, browser type, operating system
  • Usage logs, session data, and feature interaction data
  • Cookies and similar tracking technologies (see Section 10)

3. How We Use Personal Data

  • To provide, operate, and maintain DentalPlan.ai services
  • To manage user accounts and authenticate sessions
  • To process and display leads received from connected platforms
  • To facilitate messaging between clinics and patients via connected platforms
  • To send transactional notifications (appointment reminders, system alerts)
  • To improve platform performance and analyze usage trends
  • To comply with legal obligations
  • To send marketing communications only with explicit opt-in consent

4. Legal Basis for Processing (GDPR)

  • Performance of a Contract: To provide DentalPlan.ai services to registered users.
  • Legal Obligation: To comply with applicable EU and Estonian laws.
  • Legitimate Interests: For platform security, fraud prevention, and service improvement.
  • Consent: For marketing communications and optional data processing activities.

5. Third-Party Integrations

DentalPlan.ai may integrate with third-party platforms to provide lead management and messaging features. Our use of third-party data complies with the respective platform's terms and policies. Specifically:

  • Lead data is used only to display and manage leads within the clinic's DentalPlan.ai account.
  • Messaging data is used only to enable the clinic to view and respond to patient messages.
  • Third-party data is not transferred to other parties, used for ad targeting, or combined with other data sources for profiling.
  • Clinics may disconnect integrations at any time via Settings > Integrations; disconnection will halt further data retrieval.
  • Upon disconnection or account deletion, third-party sourced data is deleted within 30 days.

6. Data Sharing & Third-Party Transfers

We may share personal data only in the following circumstances:

  • Service Providers: Hosting, infrastructure, and payment processing partners who are contractually bound to data protection obligations.
  • Third-Party Platforms: Data is shared with connected platforms as required by the integration; governed by each platform's own privacy policy.
  • Legal Authorities: When required by applicable law or to protect our legal rights.
  • Business Transfers: In the event of a merger, acquisition, or asset sale, with advance notice to affected users.

We do not sell personal data. Any transfer outside the European Economic Area (EEA) is governed by Standard Contractual Clauses or equivalent GDPR transfer mechanisms.

7. Data Retention

  • Account data: Retained while the account is active; deleted within 60 days of account closure upon request.
  • Patient data: Retained according to the clinic's instructions; default retention is 5 years unless instructed otherwise.
  • Third-party lead & messaging data: Retained for 12 months or until the clinic deletes the record, whichever comes first.
  • Transaction data: Retained for 7 years as required by Estonian financial regulations.
  • Technical/log data: Retained for 90 days.

8. Your Rights (GDPR)

  • Right to Access: Request a copy of your personal data.
  • Right to Rectification: Correct inaccurate or incomplete data.
  • Right to Erasure: Request deletion of your data (subject to legal retention obligations).
  • Right to Restriction: Limit processing of your data.
  • Right to Data Portability: Receive your data in a structured, machine-readable format.
  • Right to Object: Withdraw consent or object to processing based on legitimate interests.
  • Right to Complain: Lodge a complaint with the Estonian Data Protection Inspectorate or your local supervisory authority.

To exercise any of these rights, contact us at: info@dentalplan.ai

9. Security

  • TLS/HTTPS encryption for all data in transit
  • Encryption at rest for sensitive data
  • Role-based access controls and least-privilege principles
  • Regular security audits and vulnerability assessments
  • Multi-factor authentication for user accounts
  • Secure, isolated tenant environments (schema-per-tenant database architecture)

10. Cookies & Tracking

  • Essential Cookies: Required for authentication and core platform features.
  • Analytical Cookies: Used to understand platform usage and improve performance.
  • Marketing Cookies: Used only with explicit user consent.

Users can manage cookie preferences via the cookie settings panel within the Application.

11. Children's Privacy

DentalPlan.ai is intended for use by licensed dental professionals and business entities only. We do not knowingly collect personal data from individuals under the age of 18. If you believe a minor's data has been submitted, contact us at info@dentalplan.ai.

12. Changes to This Policy

We may update this Privacy Policy periodically. Material changes will be communicated to registered users via email or an in-app notification at least 14 days before the change takes effect.

13. Contact Us

Smileapp Dental Technologies OÜ
Application: DentalPlan.ai — https://dentalplan.ai
Email: info@dentalplan.ai

© 2026 Smileapp Dental Technologies OÜ. All rights reserved. This policy governs the DentalPlan.ai application.