Last updated: February 22, 2026

This policy explains what data Odonto.me collects, how we use it, and your rights.

1. What We Collect

Practice and staff: Practice name, email, timezone, locale, currency, staff names, emails, roles, encrypted passwords, login timestamps, and profile pictures.

Patients: Name, date of birth, contact details, health information (allergies, medical history, medications, lifestyle habits), treatment records, appointment history, notes, and balance records. This data is entered by your dental practice.

Payments: We do not store credit card numbers. Payments are processed by Stripe. We store Stripe account identifiers, subscription status, and transaction references.

Technical: Browser type, IP address, device info, session cookies, and error reports (which may include your user ID, email, and name).

2. How We Use It

To operate the platform (scheduling, patient management, payments), authenticate users, send transactional emails (appointment reminders, password resets), monitor and fix technical issues, and comply with legal obligations.

3. Who We Share It With

We never sell, rent, or trade your data. We share it only with these service providers:

• Stripe — payment processing
• Cloudflare R2 — secure file storage for profile pictures
• SendGrid — email delivery (reminders, notifications)
• Bugsnag — error monitoring (receives user ID, email, name when errors occur)

AI Assistant (optional): If enabled, patient names, IDs, doctor names, and appointment details are shared with the connected AI service (Claude or ChatGPT). Emails, phone numbers, addresses, dates of birth, allergies, insurance, and health history are never shared. No data goes to any AI service unless you explicitly enable the feature.

We may also disclose data if required by law or court order.

4. Cookies

We use a session cookie (expires when you close your browser) and an optional remember-me cookie (2 weeks, only if you choose "Remember me"). Both are secure and HTTP-only.

5. Security

TLS encryption in transit, one-way password hashing, SHA-256 hashed API keys, firewalled infrastructure, filtered logs, and audit trails on all patient and appointment changes.

6. Data Retention

We keep your data while your account is active. After cancellation, data is retained for a reasonable period to allow reactivation or export, then permanently deleted. Data may persist in encrypted backups briefly after deletion.

7. Your Rights

Depending on your location, you may request access to, correction of, or deletion of your personal data, as well as data portability and withdrawal of consent. Contact hello@odonto.me and we will respond within 30 days.

For patients: Your dental practice controls your data. Contact them directly to exercise your rights, or reach out to us if you need help.

8. Children

Dental practices may enter data about minor patients as part of care. The practice is responsible for obtaining parental consent. We do not collect data directly from children.

9. International Transfers

Our servers and providers may be in different countries. By using the service, you consent to these transfers with appropriate safeguards.

10. Breach Notification

If a data breach poses a risk to your rights, we will notify affected users by email within 72 hours and report to relevant authorities as required by law.

11. Changes

We may update this policy and will notify you by email. Continued use means you accept the updated policy.

12. Contact

Questions? Email us at hello@odonto.me.