Privacy Policy

Last updated: 25 March 2026

1. Introduction

Smart Dental Desk ("we", "us", "our"), a product of Yeshika Enterprises (a registered proprietorship firm), is committed to protecting the privacy of our users, their patients, and end recipients of messages sent through our platform. This Privacy Policy explains how we collect, use, store, and protect information when you use our dental clinic management software and WhatsApp Business messaging services.

2. Information We Collect

Clinic Account Information

  • Clinic name, address, registration details
  • Staff names, email addresses, roles
  • Billing and subscription information

Patient Data (processed on behalf of clinics)

  • Patient demographics (name, age, gender, contact)
  • Dental charts and treatment records
  • Prescriptions and medical history
  • Appointment records
  • Invoices and payment records

WhatsApp Business Messaging Data

  • Phone numbers of message recipients
  • Message content (appointment reminders, notifications, campaign messages)
  • Message delivery status (sent, delivered, read, failed)
  • WhatsApp Business Account credentials for enterprise clients (encrypted at rest)
  • Message templates and their approval status

Usage Data

  • Log data (IP address, browser type, access times)
  • Feature usage analytics
  • Message volume and delivery metrics
  • Error reports (via Sentry)

3. How We Use Information

  • To provide and maintain the Service, including clinic management and messaging features
  • To process subscriptions and payments
  • To send appointment reminders and communication (via SMS, WhatsApp, and Email) on behalf of clinics
  • To deliver WhatsApp Business messages from clinics to their patients
  • To manage WhatsApp Business Accounts for enterprise clients
  • To track message delivery and provide analytics to clinics
  • To improve the Service through usage analytics
  • To ensure security and prevent fraud
  • To comply with legal obligations

4. WhatsApp Business Messaging

Smart Dental Desk acts as a WhatsApp Business Solution Provider (BSP) / Tech Provider, enabling dental clinics to send and receive WhatsApp messages to their patients. In this capacity:

  • We process WhatsApp messages on behalf of clinics as a data processor
  • Clinics are responsible for obtaining patient consent before sending WhatsApp messages
  • We do not use patient phone numbers or message data for our own marketing purposes
  • Message content is transmitted securely via Meta's WhatsApp Cloud API and encrypted end-to-end by WhatsApp
  • WhatsApp Business Account credentials provided by enterprise clients are encrypted at rest and never shared with third parties
  • We comply with Meta's WhatsApp Business Platform Terms and Commerce Policy
  • Patients can opt out of WhatsApp communications at any time by replying "STOP" or through the clinic's opt-out link

For Enterprise Clients (Own WhatsApp Number)

Enterprise plan clients may connect their own WhatsApp Business Account to our platform. When doing so:

  • We access your WhatsApp Business Account only to send and receive messages on your behalf
  • Your API credentials are encrypted and stored securely
  • You retain full ownership and control of your WhatsApp Business Account
  • You may disconnect your account at any time from your dashboard

5. Data Storage & Security

  • Data is stored on secure, encrypted cloud infrastructure
  • All data is transmitted over HTTPS/TLS
  • Passwords are hashed using bcrypt with secure salt rounds
  • WhatsApp API credentials are encrypted at rest using AES-256
  • Access is controlled via role-based permissions
  • Data is multi-tenant isolated — each clinic can only access its own data
  • Regular automated backups with 30-day retention
  • Webhook payloads from Meta are verified using app secret signature validation

6. Medical Data Handling

We recognize the sensitive nature of medical records stored in the Service. We follow HIPAA-inspired best practices for data handling:

  • Patient medical data is encrypted at rest and in transit
  • Access to patient data is restricted to authorized clinic staff only
  • All data access is logged via our audit trail system
  • We do not sell, share, or use patient medical data for advertising or marketing purposes
  • Clinics are the data controllers; Smart Dental Desk acts as a data processor

7. Communication Compliance

Our messaging services comply with applicable Indian regulations and Meta's policies:

  • SMS sent via registered DLT-compliant sender IDs as per TRAI regulations
  • Templates registered with TRAI as required
  • NDNC/DND registry checks before promotional messages
  • Do Not Disturb hours are respected (9 AM – 9 PM)
  • WhatsApp message templates are submitted for Meta approval before use
  • WhatsApp messaging complies with Meta's Business Messaging Policy and Commerce Policy
  • Patients can opt out of communications at any time via reply or unsubscribe link

8. Data Retention

  • Active account data is retained for the duration of the subscription
  • Message logs and delivery reports are retained for 90 days
  • After account cancellation, data is retained for 30 days before deletion
  • Clinic admins can export all data before cancellation via the data export feature
  • Backup copies are automatically purged after the 30-day retention period
  • WhatsApp Business Account credentials are deleted immediately upon disconnection

9. Third-Party Services

We use the following third-party services:

  • Razorpay — Payment processing
  • MSG91 — SMS delivery (DLT compliant)
  • Meta WhatsApp Cloud API — WhatsApp Business messaging
  • Sentry — Error tracking (anonymized data)
  • Cloud hosting providers — Infrastructure (AWS)

10. Your Rights

  • Data Export: Clinic admins can export all clinic data at any time
  • Data Deletion: Request complete data deletion by contacting support
  • Rectification: Update or correct your information through the application
  • Opt-out: Patients can opt out of marketing communications via WhatsApp, SMS, or email
  • Disconnect: Enterprise clients can disconnect their WhatsApp Business Account at any time

11. Changes to Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of changes via email or in-app notification. The updated policy will be effective when posted.

Contact

For privacy-related concerns, contact our Data Protection Officer at support@smartdentaldesk.com

Smart Dental Desk is a product of Yeshika Enterprises, a registered proprietorship firm.