Privacy Policy

Last updated: May 19, 2026

Effective date: May 19, 2026

1. Introduction

IntelliDent AI Inc. (“IntelliDent,” “we,” “us,” or “our”) is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, store, share, and protect your data when you use our AI-powered dental practice management platform and related services (the “Service”).

This policy applies to all users globally, including those in the European Economic Area (EEA), United Kingdom, United States (including California residents under CCPA), Canada, Australia, and other jurisdictions. Where local law provides greater protection, those provisions shall apply.

2. Data Controller

IntelliDent AI Inc. is the data controller for the personal data processed through the Service. For data processing inquiries:

3. Information We Collect

3.1 Account and Identity Data

  • Full name, email address, phone number
  • Company/practice name and address
  • Job title and professional credentials
  • Account credentials (passwords are stored using industry-standard hashing)
  • Profile preferences and settings

3.2 Billing and Payment Data

  • Payment card details (processed securely by our PCI-compliant payment processor; we do not store full card numbers)
  • Billing address and invoicing information
  • Transaction history and subscription details

3.3 Usage and Behavioral Data

  • Pages visited, features used, and interactions within the Service
  • Session duration, frequency of access, and navigation patterns
  • Device type, browser, operating system, and IP address
  • Error logs and performance data

3.4 Customer Content Data

  • Patient communication records processed through AI agents
  • Appointment scheduling data
  • Practice configuration and integration data
  • Custom AI agent configurations and training data
  • Files, documents, and media uploaded to the platform

3.5 Third-Party Integration Data

  • Data received from connected practice management systems
  • OAuth tokens and API credentials for integrations
  • Communication data from integrated channels (phone, SMS, email)

4. How We Use Your Data

We process your personal data for the following purposes:

4.1 Service Delivery (Contractual Necessity)

  • Providing and maintaining the Service
  • Processing AI agent interactions and generating responses
  • Managing your account and subscription
  • Processing payments and billing
  • Providing customer support

4.2 Service Improvement (Legitimate Interest)

  • Analyzing usage patterns to improve features and performance
  • Conducting internal research and development
  • Fixing bugs and resolving technical issues
  • Generating anonymized, aggregated analytics

4.3 Communications (Consent / Legitimate Interest)

  • Sending transactional emails (account verification, password resets, billing)
  • Sending product updates and security notifications
  • Marketing communications (only with your explicit consent; you can opt out at any time)

4.4 Security and Compliance (Legal Obligation / Legitimate Interest)

  • Detecting and preventing fraud, abuse, and security incidents
  • Complying with legal obligations and regulatory requirements
  • Enforcing our Terms of Service
  • Responding to legal requests from authorities

5. AI Data Processing

We do not use your Customer Content Data to train our AI models. Your data is processed solely to deliver AI-powered features you have requested. Specifically:

  • AI inference requests are processed in real-time and not retained by AI providers
  • Our AI sub-processors are contractually bound to zero data retention policies for your content
  • No Customer Content Data is used for model training, fine-tuning, or improvement without your explicit, separate opt-in consent
  • Anonymized metadata (response times, token counts, error rates) may be used for system performance optimization

6. Data Sharing and Third Parties

We may share your data with the following categories of recipients:

6.1 Service Providers (Sub-Processors)

  • Cloud Infrastructure: Hosting, storage, and compute services
  • Payment Processors: Secure payment handling (PCI DSS compliant)
  • AI Providers: Natural language processing and machine learning inference
  • Communication Providers: Email delivery, SMS, and telephony services
  • Analytics Tools: Product analytics and error monitoring

All sub-processors are bound by Data Processing Agreements (DPAs) that meet GDPR Article 28 requirements and include appropriate security measures.

6.2 Legal Requirements

We may disclose your data when required by law, legal process, government request, or to protect our rights, safety, or property.

6.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your data may be transferred as part of the transaction. You will be notified via email and/or prominent notice on our Service.

We never sell your personal data to third parties.

7. International Data Transfers

Your data may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place, including:

  • EU Standard Contractual Clauses (SCCs) for transfers from the EEA
  • UK International Data Transfer Agreement (IDTA) for transfers from the UK
  • Adequacy decisions where applicable
  • Binding Corporate Rules where relevant

8. Data Retention

We retain your data only as long as necessary for the purposes described in this policy:

  • Account Data: Retained for the duration of your account plus 30 days after deletion request
  • Billing Data: Retained for 7 years as required by tax and accounting regulations
  • Customer Content: Retained during active subscription; deleted within 30 days of account termination (exportable upon request)
  • Usage Logs: Retained for 12 months, then anonymized or deleted
  • Communication Records: Retained for 90 days unless a longer period is required for dispute resolution

9. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

9.1 GDPR Rights (EEA/UK Residents)

  • Right of Access: Obtain a copy of your personal data
  • Right to Rectification: Correct inaccurate or incomplete data
  • Right to Erasure: Request deletion of your data (“Right to be Forgotten”)
  • Right to Restriction: Limit how we process your data
  • Right to Data Portability: Receive your data in a machine-readable format
  • Right to Object: Object to processing based on legitimate interest
  • Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent
  • Right to Lodge a Complaint: File a complaint with your local data protection authority

9.2 CCPA Rights (California Residents)

  • Right to Know: What personal information we collect and how we use it
  • Right to Delete: Request deletion of your personal information
  • Right to Opt-Out: Opt out of the sale of personal information (we do not sell data)
  • Right to Non-Discrimination: Equal service regardless of privacy choices

We honor Global Privacy Control (GPC) signals as valid opt-out requests.

9.3 Exercising Your Rights

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days (or sooner as required by applicable law). We may need to verify your identity before processing certain requests.

10. Security Measures

We implement comprehensive technical and organizational measures to protect your data:

  • AES-256 encryption for data at rest
  • TLS 1.3 encryption for data in transit
  • Multi-factor authentication support
  • Role-based access control (RBAC) with principle of least privilege
  • Regular security audits and penetration testing
  • 24/7 infrastructure monitoring and intrusion detection
  • SOC 2 Type II compliance program
  • Automated vulnerability scanning
  • Incident response plan with 72-hour breach notification

11. Cookies and Tracking Technologies

We use cookies and similar technologies for:

  • Essential Cookies: Required for Service functionality (authentication, security, preferences)
  • Analytics Cookies: Understanding usage patterns and improving the Service
  • Performance Cookies: Monitoring application performance and error tracking

We do not use third-party advertising cookies. You can manage cookie preferences through your browser settings. Disabling essential cookies may affect Service functionality.

12. Children’s Privacy

The Service is not intended for individuals under 18 years of age. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child, we will delete it promptly. If you believe a child has provided us with personal data, please contact us at [email protected].

13. Data Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms, we will:

  • Notify the relevant supervisory authority within 72 hours (as required by GDPR)
  • Notify affected users without undue delay when the breach is likely to result in high risk
  • Provide details of the breach, its likely consequences, and measures taken to mitigate it

14. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes via email or prominent notice on the Service at least 30 days before the changes take effect.

15. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

EU/UK residents may also contact our EU representative at [email protected].