Privacy Policy

Last Updated: December 1, 2025

OrthoInvoice ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your information when you use our dental lab management software.

This policy is published in compliance with the Information Technology Act, 2000 and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 (the "SPDI Rules").

1. Information We Collect

We collect the following types of information:

  • Personal Information (Lab Owners/Admins): Name, email address, phone number, lab name, and address (including GST number if provided).
  • Business Information: Doctor profiles, clinic names, and pricing configurations.
  • Sensitive Personal Data (Patient Data): You (the Lab) may enter patient names, case IDs, and tooth specifications ("Work Entries"). Note: You act as the "Data Fiduciary" (Controller) for this data, and we act as the "Data Processor." You represent that you have obtained necessary consent from patients to share this data with us for processing.

2. How We Use Your Information

We use your data solely for the following purposes:

  • To provide and maintain the OrthoInvoice service.
  • To generate invoices and track financial ledgers.
  • To send you transactional emails (e.g., password resets, invoice copies) via our email service provider (Resend).
  • To improve our software functionality and user experience.

3. Data Storage and Security

We implement reasonable security practices and procedures as required by the SPDI Rules:

  • Encryption: Data is encrypted in transit (SSL/TLS) and at rest.
  • Access Control: Strict Row Level Security (RLS) ensures you can only access your own data.
  • Hosting: Our infrastructure is hosted on secure cloud providers (Supabase, Vercel) which adhere to global security standards (SOC2, ISO 27001).

4. Sharing of Information

We do not sell your personal data. We may share data with third-party service providers only as necessary to provide the service:

  • Supabase: Database hosting.
  • Vercel: Application hosting.
  • Resend: Email delivery services.
  • Cloudflare: Security and content delivery.

5. Your Rights

Under Indian law, you have the right to:

  • Access and review your personal information.
  • Correct or amend inaccurate information.
  • Withdraw consent for data processing (which may result in termination of services).

6. Grievance Officer

In accordance with the IT Act, 2000, the name and contact details of the Grievance Officer are provided below:

Name: [Insert Name]

Email: grievance@orthoinvoice.com

Address: [Insert Your Registered Business Address]

7. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page.