Insta F Insta-1
Contactez-nous
en
logo
Se connecter Demander une démo

Privacy Policy

EndoData SAS (« EndoData », « we », « us ») operates OralData, a cloud-hosted software solution designed for dental clinical practice.
Registered at the RCS of Paris under number 820 212 397.
Registered office: 50 rue Richer, 75009 Paris, France.
Last updated: January 2026

1. Overview

This Privacy Policy describes how OralData collects, uses, stores and protects your personal data when you use our services. It applies to all users of OralData, including dental practitioners, their staff, and patients who interact with our platform through online forms or follow-up questionnaires.

2. Data We Collect

2.1 Account Data

When you create an OralData account, we collect:

  • Name, email address, professional credentials
  • Login information and authentication data (managed via Google Firebase Authentication with mandatory Multi-Factor Authentication)
  • Access traces and usage logs

2.2 Patient Data

OralData processes patient data entered by dental practitioners, including:

  • Patient identity and contact information
  • Clinical records (dental charts, diagnoses, treatments, radiographs)
  • Medical history and prescriptions

This data is entered and controlled by the dental practitioner. EndoData acts as a data processor on behalf of the practitioner (data controller).

2.3 Google Calendar Data

If you choose to connect your Google Calendar, OralData accesses:

  • Calendar events: event titles, dates, times, and attendees from your selected Google Calendar(s)
  • Calendar list: the list of calendars available in your Google account (for selection purposes)

OralData uses this data solely to:

  • Display your appointments within the OralData calendar view
  • Synchronize events between Google Calendar and OralData
  • Match calendar events with patient records for streamlined workflow

OralData does not:

  • Share your Google Calendar data with third parties
  • Use your calendar data for advertising or profiling
  • Retain calendar data after you disconnect your Google account

You can disconnect your Google Calendar at any time from the OralData calendar settings. Upon disconnection, all stored calendar tokens and synced event data are deleted.

2.4 AI-Based Features

OralData includes AI-powered features for clinical documentation (audio transcription, data extraction, report generation). These features process data in real-time and do not retain any patient data beyond the processing session. AI outputs are stored within the patient’s record in OralData, under the practitioner’s control.

3. How We Use Your Data

We use personal data for the following purposes:

  • Service delivery: providing OralData features, including clinical documentation, calendar management, patient follow-up, and AI-assisted workflows
  • Support and maintenance: helpdesk, troubleshooting, and corrective maintenance
  • Analytics and improvement: aggregated, anonymized usage statistics to improve our services
  • Communication: transactional emails (follow-up questionnaires, notifications) sent via Lettermint

4. Data Storage and Security

4.1 Hosting

All data is hosted on Google Cloud Platform in the European Union. Our infrastructure holds HDS certification (Hébergeur de Données de Santé) in compliance with Article L.1111-8 of the French Public Health Code.

4.2 Encryption

  • At rest: AES-256 encryption via Google Cloud Platform
  • In transit: TLS 1.2 or higher (HTTPS)
  • Credentials: OAuth tokens and sensitive credentials are encrypted with AES-256-GCM using dedicated encryption keys stored in Google Secret Manager

4.3 Access Control

  • Mandatory Multi-Factor Authentication (MFA) for all users
  • Row-Level Security (RLS) at the database level ensures data isolation between dental practices
  • Strict separation of duties for internal operations

4.4 Backups

  • Daily database snapshots with 30-day retention (Point-in-Time Recovery enabled)
  • Weekly off-site replication to a secondary region
  • Continuous file storage with versioning

5. Data Sharing

We do not sell personal data. We share data only with the following subprocessors, all located in the EU:

SubprocessorLocationPurpose
Google Cloud PlatformFrance / Belgium (EU)Hosting, database, logging, AI processing (Vertex AI)
LettermintEUTransactional email delivery (follow-up questionnaires, notifications)
AttachmentAVEUMalware scanning for uploaded files

No personal data is transferred outside the European Union.

6. Data Retention

  • Account and patient data: retained for the duration of the subscription. Upon termination, data is deleted or returned within one (1) month.
  • Google Calendar data: deleted upon disconnection of the Google account.
  • Usage logs: retained for operational and security purposes, in compliance with applicable law.

7. Your Rights (GDPR)

Under the General Data Protection Regulation (EU 2016/679), you have the right to:

  • Access your personal data
  • Rectify inaccurate data
  • Erase your data (« right to be forgotten »)
  • Restrict processing
  • Data portability
  • Object to processing
  • Withdraw consent at any time (for consent-based processing)

To exercise these rights, contact us at: admin@oraldata.ai

8. Cookies

OralData uses only essential technical cookies required for authentication and session management. We do not use advertising or tracking cookies.

9. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated « Last updated » date. Continued use of OralData after changes constitutes acceptance of the updated policy.

10. Contact

For any questions about this Privacy Policy or our data practices:

EndoData SAS
50 rue Richer, 75009 Paris, France
Email: admin@oraldata.ai
Support: support@oraldata.ai

This Privacy Policy is a summary of our data protection practices. For the complete legal terms, please refer to our Terms of Service.

Accueil|Privacy Policy