Privacy Policy

Last Updated: January 17, 2026

1. Introduction and Data Controller

Welcome to dentfol.io ("we," "our," or "us"). We respect your privacy and are committed to protecting your personal data. This privacy policy explains how we collect, use, store, and protect your information when you use our dental portfolio platform.

Data Controller:
dentfol.io
Contact: privacy@dentfol.io

This policy applies to all users of dentfol.io, including those in the European Union, European Economic Area, and the United Kingdom. We comply with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

2. Data We Collect

We collect the following categories of personal data:

2.1 Identity and Account Data

Email Address: Used for account authentication and communication.
Name: Optional profile information you may provide.
Profile Photo: Optional image you may upload.

2.2 User Content

Dental Case Data: Case information, tooth numbers, procedure types, and descriptions you create.
Photos and Images: Clinical photos you upload to document your cases.
CV/Profile Information: Professional credentials and experience (Pro users).

2.3 Student Platform Data

Patient Records: De-identified patient information you create for tracking clinical work. We encourage you not to store any personally identifiable patient information.
Requirements Tracking: Your graduation requirements, progress counts, and linked cases.
Schedule Data: Availability blocks, appointment slots, and scheduling requests you create.

2.4 Technical and Usage Data

Device Information: Browser type, operating system, and device identifiers.
Usage Analytics: Pages visited, features used, and interaction patterns (anonymized).
Error Reports: Application errors and performance data for troubleshooting.

2.5 Payment Data

Subscription Status: Your current subscription tier and billing cycle.
Payment Method: Processed securely by LemonSqueezy; we do not store credit card numbers.

3. Lawful Basis for Processing

We process your personal data based on the following legal grounds under GDPR:

Purpose	Lawful Basis
Account creation and authentication	Contract performance
Providing the portfolio service	Contract performance
Processing payments	Contract performance
Error monitoring and debugging	Legitimate interest
Usage analytics	Legitimate interest
Service announcements	Legitimate interest
Marketing communications	Consent (opt-in)

4. How We Use Your Data

We use your personal data to:

Provide and maintain your portfolio account.
Process and manage your subscription.
Sync your case data securely across devices.
Generate shareable portfolio links (Pro users).
Monitor and improve application performance.
Respond to your support requests.
Send important service updates and security notices.

5. Third-Party Services and Data Sharing

We use the following third-party services to operate dentfol.io:

5.1 Supabase (Database and Authentication)

Purpose: User authentication, data storage, and file storage.
Data Shared: Email, account data, case data, uploaded photos.
Location: United States
Privacy Policy: supabase.com/privacy

5.2 Vercel (Hosting and Analytics)

Purpose: Application hosting and anonymous usage analytics.
Data Shared: Anonymized page views and performance metrics.
Location: United States
Privacy Policy: vercel.com/legal/privacy-policy

5.3 Sentry (Error Monitoring)

Purpose: Application error tracking and performance monitoring.
Data Shared: User ID, email address, subscription tier, error details, browser information.
Location: United States
Privacy Policy: sentry.io/privacy

5.4 LemonSqueezy (Payment Processing)

Purpose: Subscription billing and payment processing.
Data Shared: Email address, subscription details.
Location: United States
Privacy Policy: lemonsqueezy.com/privacy

We do not sell your personal data to third parties. We only share data with the service providers listed above as necessary to operate our platform.

6. International Data Transfers

Your personal data may be transferred to and processed in the United States, where our service providers are located. These transfers are protected by:

Standard Contractual Clauses (SCCs) approved by the European Commission.
Data Processing Agreements with each service provider.
Appropriate technical and organizational security measures.

By using dentfol.io, you acknowledge and consent to these transfers. If you have concerns about international data transfers, please contact us at privacy@dentfol.io.

7. Data Retention

We retain your personal data according to the following schedule:

Data Type	Retention Period
Active account data	Retained while your account is active
Case data and photos	Retained while your account is active
Patient records and requirements	Retained while your account is active
Schedule and appointment data	Retained while your account is active
Deleted account data	Deleted within 30 days of account deletion request
Error logs (Sentry)	90 days
Analytics data	Anonymized and aggregated
Payment records	7 years (legal requirement)

8. Your Data Subject Rights

Under GDPR and applicable data protection laws, you have the following rights:

8.1 Right to Access

You can request a copy of the personal data we hold about you. Use the "Export Data" feature in Settings, or contact us for a complete data export.

8.2 Right to Rectification

You can correct inaccurate personal data directly in your account settings, or contact us for assistance.

8.3 Right to Erasure ("Right to be Forgotten")

You can delete your account and all associated data using the "Delete Account" feature in Settings. This will permanently remove:

Your account and profile information
All dental cases you created
All photos you uploaded
Your CV/portfolio data
All patient records
Requirements tracking data
Schedule and appointment data

8.4 Right to Data Portability

You can export your data in a machine-readable format using the "Export Data" feature in Settings.

8.5 Right to Object

You can object to processing based on legitimate interests. Contact us at privacy@dentfol.io to exercise this right.

8.6 Right to Restrict Processing

You can request that we limit how we process your data in certain circumstances.

8.7 Right to Withdraw Consent

Where processing is based on consent, you can withdraw consent at any time without affecting the lawfulness of prior processing.

8.8 Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority. For EU residents, you can find your local Data Protection Authority at edpb.europa.eu.

To exercise any of these rights, contact us at privacy@dentfol.io. We will respond within 30 days.

9. Data Security

We implement appropriate technical and organizational measures to protect your personal data:

Encryption: All data is encrypted in transit (TLS) and at rest.
Access Control: Row-level security ensures only you can access your private data.
Secure Authentication: Industry-standard authentication via Supabase Auth.
Regular Security Updates: We promptly apply security patches and updates.
Limited Access: Only authorized personnel can access production systems.

10. Cookie Policy

We use cookies and similar technologies to operate our service:

10.1 Essential Cookies

Cookie	Purpose	Duration
sb-*-auth-token	Authentication session	Session/7 days
cookie_consent	Stores your cookie preferences	1 year

10.2 Analytics Cookies

Cookie	Purpose	Duration
_vercel_insights	Anonymous usage analytics	Session

You can manage cookie preferences using the cookie consent banner or by adjusting your browser settings.

11. Children's Privacy

dentfol.io is intended for dental professionals and students aged 18 and older. We do not knowingly collect personal data from children under 18. If we learn that we have collected data from a child under 18, we will delete it promptly.

12. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of significant changes by:

Posting the updated policy on this page with a new "Last Updated" date.
Sending an email notification for material changes.

We encourage you to review this policy periodically.

13. Contact Us

If you have questions about this privacy policy or our data practices, please contact us:

Email: privacy@dentfol.io
Support: support@dentfol.io