Security

Security and Trust

Effective April 12, 2026 · Last updated May 21, 2026

OccluTrace publishes the controls that matter to customers without exposing a live infrastructure map. The service is designed around de-identified mesh files, scoped access, encryption, auditability, and clear operational boundaries.

Data posture

De-identified scan workflow by default

Customer scans

Never used for model training

Access

Least privilege and account-scoped authorization

Provider disclosure

Category-level public disclosure

Overview

OccluTrace is a professional tool for dental labs and clinical teams. Our security program focuses on protecting account access, uploaded scan files, generated results, billing workflows, and operational reliability.

We do not publish provider-by-provider topology, server locations, internal network structure, or live processing architecture on public pages. That level of detail is handled through enterprise security review, contractual review, or regulator/auditor requests under appropriate confidentiality.

Data Protection

Connections to the Service use encrypted transport.
Uploaded files and generated artifacts are stored in private object storage.
Access to case files is account-scoped and checked at the application boundary.
Administrative actions are logged for audit and abuse investigation.
Full payment card numbers are handled by a PCI-compliant payment processor.

Scan Handling

Files are processed solely to provide the alignment, preview, and export workflows the user requested. Uploaded scan files are automatically deleted within 90 days unless the customer chooses to retain them, subject to backups, logs, disputes, and legal retention obligations.

Customer scans are not used to train, fine-tune, or improve models unless a separate written agreement says otherwise.

Access Control

Users authenticate before accessing account, dashboard, scan, and export data.
Case access is scoped to the authenticated account or authorized organization.
Administrative access is limited to operational need and reviewed for misuse.
Security-sensitive actions use server-side authorization, not client-side trust.

Application Security

Upload flows validate file type, size, ownership, and job state.
Presigned file access is time-limited and scoped to requested artifacts.
Errors shown to users are sanitized to avoid leaking internal details.
Error monitoring is used for reliability and security diagnostics with sensitive payload redaction.
Security headers, rate limits, and server-side input validation protect public endpoints.

Service Provider Categories

We use specialized service providers to operate the product. Publicly, we describe categories, data roles, and controls. We do not publish a provider-level infrastructure map because doing so can expose operational architecture without giving customers useful control.

Category	Role	Data involved	Controls
Application hosting and operations	Operate the web application, database, job orchestration, and account services.	Account records, job metadata, security logs.	Least-privilege access, audit logging, encrypted connections, configuration review.
Object storage and file delivery	Store uploaded mesh files, generated results, and export artifacts.	Uploaded files, output files, object metadata.	Private objects, scoped access paths, encryption, deletion workflows.
Compute and processing	Run scan alignment and related mesh processing jobs.	Uploaded scans and derived intermediate files for the requested job.	Transient processing, service authentication, job-level isolation, post-processing cleanup.
Payments, email, authentication, analytics, and error monitoring	Bill accounts, send transactional messages, authenticate users, diagnose faults, measure reliability.	Billing metadata, recipient email, login metadata, redacted error and request context.	Purpose limitation, payload redaction, vendor review, and contractual confidentiality.

We maintain a provider-level list internally. Enterprise customers, auditors, and regulators may request the current provider-level list under appropriate confidentiality or contractual terms. When a data processing agreement requires notice of material changes to providers, we provide that notice through the agreed channel.

HIPAA Position

Incident Response

We maintain an incident response process for security events affecting confidentiality, integrity, or availability. If we confirm an incident affecting customer data, we notify affected users without undue delay and as required by applicable law or contract.

Notifications include the nature of the incident where known, the data involved where known, steps we are taking, and recommended customer actions when applicable.

Customer Controls

Use anonymous case labels and de-identified filenames.
Delete cases that should no longer be available in the dashboard.
Use strong passwords and protect access to your email account.
Limit team access to users who need it for lab or clinical workflow.
Contact support immediately if you suspect unauthorized account access.

Vulnerability Reporting

If you discover a security issue, contact [email protected]. We welcome good-faith reports and will acknowledge security reports within five business days.