DentalEngage Privacy Policy

# DentalEngage Privacy Policy

**Last updated:** April 9, 2026

DentalEngage ("we", "our", or "us") provides a patient engagement platform for dental clinics. This Privacy Policy explains what information we collect, how we use it, who we share it with, and the rights you have over your data.

By creating an account or using DentalEngage, you agree to the terms described below. If you do not agree, please do not use the service.

---

## 1. Who We Are

DentalEngage is operated by **[YOUR COMPANY LEGAL NAME]**, located at **[YOUR COMPANY ADDRESS]**.

For privacy questions, contact: **[[email protected]]**

The service is provided to dental clinics ("Clinics") who in turn invite their patients ("Patients") to use the mobile application. Each Clinic acts as the **data controller** for the Patient information it manages through DentalEngage. We act as the **data processor** on behalf of the Clinic.

---

## 2. Information We Collect

### 2.1 Information you provide directly

When you register or use DentalEngage, we collect:

- **Account information:** first name, last name, phone number, email address (optional), preferred language, password
- **Clinic association:** the clinic invite code that links your account to a specific dental clinic
- **Authentication data:** hashed passwords (we never store passwords in plain text)

### 2.2 Information collected automatically

- **Device information:** Firebase Cloud Messaging (FCM) push notification token, device type, operating system version
- **Usage data:** which screens you visit, which games you play, your scores, when you confirm appointments
- **Technical data:** IP address (used for rate limiting and audit logging), user agent string

### 2.3 Health-related information

Because DentalEngage is used by dental clinics, we process limited health-related information **on behalf of your clinic**:

- **Appointments:** date, time, type (checkup, aligner fitting, emergency, other), status, clinical notes entered by clinic staff
- **Aligner treatment plans:** start date, total number of aligners, change frequency, current progress, status

We do **not** collect or process: medical history, X-rays, payment/billing details, social security numbers, or any insurance information.

---

## 3. How We Use Your Information

We use your information to:

- Provide the core features of DentalEngage (account login, appointment management, treatment progress tracking, gamified engagement)
- Send push notifications about upcoming appointments and aligner change reminders
- Allow your dental clinic to manage your appointments and treatment plans
- Display anonymized leaderboards for the games feature (you can opt out at any time)
- Maintain audit logs of staff actions for security and compliance
- Detect and prevent abuse (rate limiting, suspicious-login detection)

We do **not**:

- Sell your data to anyone
- Use your data for advertising or marketing profiling
- Share your data with third parties for their own marketing purposes

---

## 4. Push Notifications

Push notifications are sent through **Google Firebase Cloud Messaging (FCM)**. The content of notifications is intentionally minimal:

- Appointment reminders contain the date and time of your appointment
- Aligner change reminders contain your current aligner number and progress percentage

We do not include your name, full appointment details, or any sensitive medical information in the body of any notification.

You can disable push notifications at any time in your device settings or in the DentalEngage app settings.

---

## 5. Who We Share Information With

We share your information only with:

- **Your dental clinic.** Clinic staff can view your name, contact info, appointments, treatment progress, and audit logs of your account activity. The clinic determines who on their staff has access.
- **Google Firebase Cloud Messaging.** Your device's FCM push token is sent to Firebase so we can deliver notifications. Firebase is operated by Google LLC and is governed by [Google's privacy policy](<https://policies.google.com/privacy>).
- **Practice Management Systems (PMS).** If your clinic has connected DentalEngage to their existing PMS (e.g., Dentrix, OpenDental, EagleSoft), appointment data may be synchronized between the two systems on your clinic's instructions.
- **Hosting and infrastructure providers.** Our backend is hosted on cloud infrastructure providers who process data on our behalf under contractual data-protection commitments.
- **Legal authorities,** when required by law, valid legal process, or to protect the rights and safety of users.

We do not share your data with anyone else.

---

## 6. Data Retention

- **Account data** is retained for as long as your account is active.
- **Appointment and treatment records** are retained for the period required by your clinic's record-keeping obligations (typically 6–10 years depending on jurisdiction).
- **Audit logs** are retained for security and compliance purposes.
- **Push notification logs** are retained for up to 90 days for delivery troubleshooting.

When you delete your account (see Section 7), all data associated with your account is permanently removed within 30 days, except where we are legally required to retain it.

---

## 7. Your Rights

You have the following rights over your data. To exercise any of them, you can use the in-app controls or contact us at **[[email protected]]**.

### 7.1 Right to access and export your data

You can download a complete copy of your DentalEngage data at any time by going to **Settings → Privacy → Export My Data** in the mobile app. The export is provided as a JSON file.

### 7.2 Right to delete your account ("right to be forgotten")

You can permanently delete your DentalEngage account at any time by going to **Settings → Privacy → Delete My Account** in the mobile app. Deletion removes:

- Your profile (name, email, phone, password)
- Your appointments
- Your aligner treatment plans
- Your game scores and leaderboard entries
- Your push notification logs
- Your audit log entries

Deletion is **immediate and irreversible**. If you wish to use DentalEngage again afterward, you will need to re-register with a new clinic invite code.

> **Note:** If your dental clinic has separate clinical records about you outside of DentalEngage (for example, in their PMS), those records are governed by your clinic's own privacy policy, not this one. To delete those records, contact your clinic directly.

### 7.3 Right to correct inaccurate information

You can update your profile information at any time in the app settings. To correct appointment or treatment information, please ask your dental clinic staff.

### 7.4 Right to opt out of leaderboards

The games feature includes optional anonymized leaderboards. You can opt out at any time in **Settings → Privacy → Hide me from leaderboards**.

### 7.5 Right to lodge a complaint

If you live in the European Union, the United Kingdom, or another jurisdiction with a data protection authority, you have the right to file a complaint with that authority if you believe we have mishandled your data.

---

## 8. How We Protect Your Information

We take reasonable technical and organizational measures to protect your data, including:

- Passwords are hashed with bcrypt before storage
- All API traffic is encrypted in transit using HTTPS / TLS
- Role-based access control prevents staff from viewing data outside their clinic
- All write operations by clinic staff are recorded in audit logs
- Rate limiting protects against brute-force attacks
- Sensitive fields (passwords, tokens) are automatically masked in audit logs

No system is perfectly secure. If we become aware of a breach affecting your personal information, we will notify you and the appropriate authorities as required by applicable law.

---

## 9. Children's Privacy

DentalEngage is intended for use by patients of any age, but accounts for patients under the age of 13 (or the equivalent age of digital consent in your country) **must be created and managed by a parent or legal guardian**. We do not knowingly collect personal information directly from children under that age without parental consent.

If you believe a child has provided us with personal information without parental consent, please contact us at **[[email protected]]** and we will delete the account.

---

## 10. International Data Transfers

DentalEngage is operated from **[YOUR COUNTRY]**. If you access the service from another country, your data may be transferred to and processed in **[YOUR COUNTRY]** and in the countries where our infrastructure providers operate. By using DentalEngage, you consent to this transfer.

Where required, we rely on appropriate safeguards (such as the European Commission's Standard Contractual Clauses) for international transfers.

---

## 11. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you in the app and update the "Last updated" date at the top of this page. Continued use of DentalEngage after a change constitutes acceptance of the updated policy.

---

## 12. Contact Us

For any questions, concerns, or requests related to this Privacy Policy or your personal data, please contact:

**[YOUR COMPANY LEGAL NAME]**
**[YOUR COMPANY ADDRESS]**
Email: **[[email protected]]**

---

*This Privacy Policy is provided as a starting template and should be reviewed by qualified legal counsel before publication, especially for clinics operating in jurisdictions with strict health data laws (HIPAA in the United States, GDPR in the European Union, PIPEDA in Canada, etc.).*