OccluTrace.ai

Legal

Privacy Policy

Effective date: January 1, 2026 · Last updated: March 14, 2026

1. Information We Collect

Account information: When you register, we collect your name, email address, and authentication credentials. If you sign in via Google OAuth, we receive your name, email address, and profile image as provided by Google.

Dental scan files: You upload STL files containing 3D dental geometry. These files contain surface mesh data and do not inherently include patient identifiers such as name, date of birth, or medical record numbers. You are responsible for ensuring files do not contain unnecessary protected health information before upload.

Usage data: We collect standard technical data including pages visited, features used, browser type, operating system, and IP address.

Payment information: Payment transactions are processed by Stripe. We do not store full payment card details. We retain transaction records (amount, date, status) and Stripe customer IDs.

Processing results: Corrected STL files, contact heatmaps, and associated metrics generated by our system.

2. Legal Basis for Processing (GDPR)

For users in the European Economic Area, we process your personal data under the following legal bases:

  • Contract performance (Art. 6(1)(b)): Processing necessary to provide the Service you have signed up for, including scan processing, account management, and credit billing.
  • Legitimate interests (Art. 6(1)(f)): Security monitoring, fraud prevention, service improvement using aggregated analytics, and enforcement of our Terms of Service.
  • Legal obligation (Art. 6(1)(c)): Retention of transaction records and other data required by applicable law.
  • Consent (Art. 6(1)(a)): Non-essential cookies and analytics, where you have provided consent via our cookie banner.

3. How We Use Your Information

  • Provide the Service: Process your dental scans and generate occlusion alignment results
  • Account management: Authenticate your identity, manage credits, and communicate service updates
  • Billing: Process payments and manage your subscription or credit balance via Stripe
  • Service improvement: Analyze aggregate, anonymized usage patterns to improve performance and user experience. We do not use your individual scan files to train AI models without explicit consent.
  • Security: Detect and prevent unauthorized access, fraud, and abuse
  • Legal compliance: Comply with applicable laws and respond to lawful requests from public authorities

4. Data Storage and Security

Your data is stored on secure servers with encryption in transit (TLS 1.2+) and encryption at rest. STL files and processing results are stored on isolated infrastructure with access controls. Access to production data is restricted to authorized personnel on a need-to-know basis. In the event of a data breach that affects your personal data, we will notify you as required by applicable law.

5. Data Retention

Scan files: Retained until you delete them or request account deletion.

Account data: Retained while your account is active. Upon account deletion request, personal data is removed within 30 days, except where retention is required by law.

Transaction records: Retained for a minimum of 7 years for financial and legal compliance purposes.

Analytics data: Aggregated and anonymized data may be retained indefinitely for service improvement.

6. Third-Party Services

We use the following third-party services to operate the Service:

  • Google OAuth: Authentication provider. Subject to Google’s Privacy Policy and Terms of Service.
  • Stripe: Payment processing. Subject to Stripe’s Privacy Policy. Stripe acts as an independent data controller for payment data.
  • Cloud infrastructure: Servers for scan processing and data storage. Data is processed in accordance with provider data processing agreements.

We do not sell your personal data or scan files to any third party, and we do not use your data for advertising purposes.

7. HIPAA Notice

STL files contain 3D surface geometry and do not inherently include Protected Health Information (PHI) as defined by HIPAA. However, we recommend that users de-identify any files before upload by removing patient names from filenames and metadata.

OccluTrace is not a HIPAA-covered entity and does not enter into Business Associate Agreements (BAAs). If you are subject to HIPAA obligations, you are responsible for ensuring that any data you upload complies with your obligations under HIPAA, including de-identification requirements.

8. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

  • Access: Request a copy of your personal data we hold
  • Rectification: Request correction of inaccurate or incomplete data
  • Erasure: Request deletion of your personal data (subject to legal retention requirements)
  • Portability: Request transfer of your data in a machine-readable format
  • Restriction: Request that we restrict processing of your data in certain circumstances
  • Objection: Object to processing of your data based on legitimate interests
  • Withdraw consent: Where processing is based on consent, withdraw that consent at any time without affecting the lawfulness of prior processing

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days. If you are in the EEA and believe your rights have not been respected, you have the right to lodge a complaint with your local data protection authority.

9. Cookies

We use cookies for:

  • Essential / session: Maintaining your authenticated session. Required for the Service to function. Cannot be disabled.
  • Preferences: Remembering your theme and display preferences.
  • Analytics: Understanding how the Service is used (anonymous). Only set after you consent via our cookie banner.

You can manage cookie preferences through our cookie banner or your browser settings. Disabling non-essential cookies does not affect core Service functionality.

10. Children’s Privacy

OccluTrace is a professional tool not intended for use by individuals under the age of 18. We do not knowingly collect personal information from minors. If we become aware that we have collected data from a minor, we will delete it promptly upon discovery or notification.

11. Changes to This Policy

We may update this Privacy Policy periodically. We will notify registered users of material changes via email at least 14 days before they take effect. The updated policy will be posted on this page with a revised “Last updated” date. Your continued use of the Service after the effective date constitutes acceptance of the revised policy.

12. Data Controller

The data controller responsible for your personal data is Dental Cloud Technologies LLC, operating OccluTrace at occlutrace.ai. For privacy inquiries, contact us at [email protected].