Privacy Policy

Last Updated: June 28, 2026

The CoreSphere Technologies operates the DentaSphere SaaS platform. This Privacy Policy explains how we collect, use, store, and protect information when you register for, access, or use DentaSphere.

1. Information We Collect

We may collect the following categories of information:

• Registration Data: Clinic name, administrator name, email address, phone number, workspace/subdomain, clinic logo, and account details.
• Consent Data: Terms acceptance, privacy acceptance, communication consent, AI-assisted feature acknowledgement, timestamp, IP address, and browser/user-agent details.
• Authentication Data: Phone OTP verification status, login details, password hashes, session data, and security-related logs.
• Clinic Operational Data: Patient records, appointments, prescriptions, invoices, payments, follow-ups, media uploads, AI summaries, reminders, staff/user records, and clinic settings entered by authorized clinic users.
• Communication Data: WhatsApp/SMS/email message links, reminder logs, support requests, message delivery status where available, and related communication history.
• Technical Data: IP address, browser information, device information, server logs, error logs, usage timestamps, and security audit data.

2. How We Use Information

We use collected information to:

• Create and manage clinic workspaces.
• Verify phone numbers and secure account registration.
• Send login credentials, onboarding messages, trial updates, service alerts, and subscription notices.
• Enable clinic workflows such as appointments, billing, prescriptions, follow-ups, patient communication, and reporting.
• Provide AI-assisted suggestions, summaries, reminders, and workflow recommendations where enabled.
• Provide customer support, troubleshoot issues, and improve platform reliability.
• Maintain audit trails, security logs, and compliance-related records.
• Detect misuse, prevent unauthorized access, and protect tenant isolation.

3. Clinic Responsibility for Patient Data

DentaSphere provides technology infrastructure for clinics. The clinic is responsible for deciding what patient data is collected, uploaded, processed, communicated, exported, or deleted within its workspace.

• The clinic must obtain patient consent where required for storing records, sending messages, uploading clinical images, generating prescriptions/invoices, and using AI-assisted features.
• The clinic must ensure that only authorized doctors, staff, and administrators access patient data.
• The clinic must verify all patient-facing communication before sending where human approval is required.
• The clinic remains responsible for medical, clinical, billing, legal, and operational decisions made using the platform.

4. AI-Assisted Processing

DentaSphere may use AI-assisted features to generate summaries, recommendations, reminders, support guidance, follow-up suggestions, image observations, and workflow assistance.

• AI outputs are assistive and may not always be accurate or complete.
• Authorized clinic users must review AI outputs before relying on them or sharing them with patients.
• AI-assisted features are not a substitute for professional dental, medical, legal, accounting, or compliance judgement.
• Where third-party AI providers are used, data may be processed by those providers only for providing the requested service, subject to applicable provider terms and safeguards.

5. WhatsApp, SMS, Email, and Communication Providers

DentaSphere may use or integrate with third-party communication providers for WhatsApp Business API, SMS, email, OTP verification, payment links, appointment confirmations, billing reminders, follow-up messages, review requests, and support communication.

• Message delivery may depend on third-party providers, telecom networks, WhatsApp/Meta policies, templates, recipient settings, and service availability.
• Clinics are responsible for obtaining patient consent before sending patient-facing messages.
• We may store logs of communication actions, message type, status, time, recipient reference, and related invoice/appointment/follow-up IDs for audit and support purposes.

6. Data Isolation and Security

DentaSphere is designed as a multi-tenant SaaS platform with logical separation between clinic workspaces. We use reasonable technical and organizational measures to protect data against unauthorized access, misuse, alteration, or loss.

Security measures may include password hashing, tenant filtering, session checks, role-based access controls, secure server configuration, audit logs, and restricted administrative access.

However, no internet-based service can guarantee absolute security. Clinics must also maintain strong passwords, limit user access, train staff, and promptly report suspected security issues.

7. Data Sharing and Third-Party Service Providers

We do not sell clinic or patient data. We may share limited data with third-party service providers only when necessary to operate, secure, host, support, or improve DentaSphere.

Such providers may include:

• Hosting and server providers.
• Email and SMTP providers.
• SMS, OTP, and WhatsApp API providers.
• Payment gateway or payment link providers.
• AI service providers where AI-assisted features are used.
• Analytics, monitoring, security, or support tools.

These providers are expected to use data only for the services they provide to us or to the clinic.

8. Data Retention

We retain data for as long as needed to provide DentaSphere services, comply with legal or contractual requirements, resolve disputes, maintain security, support backups, and enforce agreements.

Trial, inactive, suspended, or cancelled accounts may be archived, limited, or deleted according to our internal retention practices and applicable subscription terms. Clinics should export or backup data where required before cancellation or expiry.

9. User Rights and Requests

Depending on applicable law and your relationship with the clinic, you may request access, correction, export, restriction, or deletion of certain data. For patient data inside a clinic workspace, requests should generally be directed first to the concerned clinic, because the clinic controls the patient record.

Clinic administrators may contact DentaSphere support for account-level data, billing, workspace, or technical support requests.

10. Cookies and Technical Logs

DentaSphere may use cookies, sessions, local storage, and technical logs to keep users signed in, improve security, remember preferences, support PWA features, and troubleshoot service issues.

11. Children and Patient Records

DentaSphere is intended for use by clinics and authorized professionals. If a clinic stores records of minors, the clinic is responsible for obtaining appropriate guardian/parental consent where required.

12. International or Third-Party Processing

Some third-party services used for hosting, messaging, email, AI, analytics, or support may process data on servers located outside your city, state, or country. By using DentaSphere, you acknowledge that such processing may occur where required to provide the service.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Updated versions will be posted on this page with the latest update date. Continued use of DentaSphere after changes means you accept the updated Privacy Policy.

14. Contact

For privacy-related questions or requests, please contact DentaSphere support through the official website or your registered communication channel.

This page is provided for operational transparency and should be reviewed by a qualified legal professional before large-scale commercial rollout.