Privacy Policy

Last Updated: 20250310

1. Introduction

Welcome to Dentframe! Dentframe AB (“Dentframe”, “we”, “us”, “our”) is committed to protecting the privacy and security of your Personal Data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our international cloud-based platform and associated services (collectively, the “Service”).  

This policy outlines our practices both when we act as a Data Controller (for data we collect for our own purposes, like account management) and as a Data Processor (when we handle data, potentially including Personal Data, contained within the content you upload to the Service on your behalf).

Please read this Privacy Policy carefully. By using the Service, you acknowledge the practices described herein. This Privacy Policy is incorporated by reference into our Terms of Service.

2. Data Controller Information

The Data Controller for Personal Data collected directly by Dentframe AB for account management, service provision, communication, and billing purposes is:

Dentframe AB Stenöregatan 60, 218 31 Bunkeflostrand 559189-3291 Sweden

For privacy-related inquiries, please contact us at: info(at)dentframe.com

3. What Personal Data We Collect

We collect different types of information depending on how you interact with our Service:

Information You Provide Directly:

Account Information: When you register, we collect information such as your name, email address, phone number, company name, address, username, password, and professional qualifications (if applicable).

Transaction Information: Information related to purchases or sales made through the platform (details of the transaction, but financial account information like full credit card numbers are typically processed directly by our third-party payment processors).

Communications: Information you provide when you contact us for support, provide feedback, or otherwise communicate with us.

Information Collected Automatically:

Usage Data: Information about how you access and use the Service, including your IP address, browser type, device type, operating system, pages viewed, features used, dates and times of access, and referring website addresses.  

Cookies and Similar Technologies: We may use cookies, web beacons, and similar technologies to collect usage data, personalize your experience, and improve the Service.For more details, please see our Cookie Policy at https://dentframe.com/cookie-policy/.

Information Processed on Your Behalf (Dentframe as Data Processor):

User Content: This includes digital dental designs, files, associated notes, and any other data you upload, store, or transmit through the Service. This Content may contain Personal Data, including potentially sensitive patient data if you choose to upload it. As specified in our Terms of Service, you are the Data Controller for this data, and we process it solely on your behalf and according to your instructions (as implied by your use of the Service) or the Terms of Service. We strongly recommend de-identifying patient data before upload.

4. How We Collect Personal Data

Directly from you: When you register, use interactive features, make transactions, or communicate with us.

Automatically: Through your use of the Service via server logs, cookies, and other tracking technologies.

From Third Parties: We may receive information from our payment processors regarding transaction status.

5. How We Use Personal Data (Legal Bases for Processing)

We use your Personal Data based on the following legal grounds under GDPR:

To Provide and Manage the Service (Performance of Contract):

Creating and managing your user account.

Providing, operating, maintaining, and improving the Service.

Processing transactions facilitated through the platform.

Providing customer support and responding to your requests.

For Our Legitimate Interests:

Monitoring and analyzing usage trends to improve the Service and user experience.

Ensuring the security and integrity of our Service, preventing fraud and abuse.

Communicating with you about service updates, security alerts, and administrative messages (non-marketing).

Enforcing our Terms of Service and other policies.

To Comply with Legal Obligations:

Meeting legal and regulatory requirements (e.g., financial record-keeping, tax obligations).

Responding to lawful requests from public authorities.

With Your Consent:

Sending you marketing communications about products, services, and offers from Dentframe (we will obtain your explicit opt-in consent before doing so). You can withdraw your consent at any time.

6. Data Sharing and Disclosure

We do not sell your Personal Data. We may share your information only in the following circumstances:

With Service Providers (Sub-processors): We share information with third-party vendors and service providers who perform services on our behalf, such as cloud hosting (e.g., AWS, Google Cloud, Azure – be specific if possible or state categories), payment processing, data analytics, customer support platforms, and security services. These providers are contractually obligated to protect your data and use it only for the services they provide to us.

To Facilitate User Interactions: Information necessary to facilitate transactions and communications between Users on the platform (e.g., usernames, details of offered designs/services as intended by the platform’s functionality) may be visible to other registered users you interact with.

For Legal Reasons: We may disclose your information if required by law, subpoena, or other legal process, or if we have a good faith belief that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request.  

Business Transfers: In connection with a merger, acquisition, financing, reorganization, bankruptcy, or sale of all or a portion of our assets, your information may be transferred as part of that transaction, subject to standard confidentiality arrangements.  

Aggregated or De-identified Data: We may share aggregated or de-identified information that cannot reasonably be used to identify you for research, marketing, analytics, or other purposes.  

7. International Data Transfers

Dentframe AB is based in Sweden (EU). If you are accessing the Service from outside the European Economic Area (EEA), your information may be transferred to, stored, and processed in Sweden and potentially other countries where our service providers are located. When we transfer Personal Data originating from the EEA to countries outside the EEA that have not been deemed adequate by the European Commission, we implement appropriate safeguards, such as the Standard Contractual Clauses (SCCs), to ensure your data is protected in accordance with GDPR requirements.  

8. Data Security

We implement appropriate technical and organizational measures designed to protect the security of the Personal Data we process. These measures aim to protect your data from unauthorized access, disclosure, alteration, and destruction. However, please note that no internet transmission or electronic storage method is 100% secure, and we cannot guarantee absolute security. You are also responsible for maintaining the security of your account credentials.  

9. Data Retention

We retain Personal Data for as long as necessary to fulfill the purposes outlined in this Privacy Policy unless a longer retention period is required or permitted by law. Generally, this means:  

Account information is kept while your account is active and for a reasonable period afterward for legitimate business purposes (e.g., record-keeping, dispute resolution).

Usage data may be kept for shorter periods for analytics and service improvement.

Data processed on your behalf (User Content) is retained according to your instructions or our data deletion processes upon termination of your account, as outlined in the Terms of Service.

Data required for legal obligations (e.g., financial records) is kept for the period mandated by law.

10. Your Data Protection Rights (GDPR)

If you are located in the EEA, you have the following rights regarding your Personal Data:

Right to Access: You can request copies of your Personal Data that we hold.  

Right to Rectification: You can ask us to correct inaccurate or incomplete Personal Data.

Right to Erasure (“Right to be Forgotten”): You can ask us to delete your Personal Data under certain conditions.  

Right to Restrict Processing: You can ask us to restrict the processing of your Personal Data under certain conditions.

Right to Data Portability: You can ask us to transfer the Personal Data we collected directly from you to another organization, or directly to you, under certain conditions.  

Right to Object: You can object to our processing of your Personal Data based on legitimate interests.  

Right to Withdraw Consent: If we are processing data based on your consent (e.g., for marketing), you can withdraw it at any time.

To exercise these rights, please contact us at the email address provided in Section 2. We will respond to your request in accordance with applicable data protection laws.

You also have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or place of the alleged infringement. The relevant authority in Sweden is the Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten – IMY).  

11. Dentframe’s Role as Data Processor

As outlined in our Terms of Service, when you upload Content containing Personal Data to the Service, you are the Data Controller, and Dentframe acts as the Data Processor. In this role, we commit to:

Processing such data only on your documented instructions (including as set out in the Terms of Service).

Ensuring personnel authorized to process the data are bound by confidentiality.

Implementing appropriate security measures.

Assisting you, where possible, in fulfilling your obligations regarding data subject rights related to the data we process on your behalf.

Notifying you of Personal Data Breaches affecting the data we process for you.

Assisting you with data protection impact assessments, where relevant and required.

Deleting or returning the data upon termination of the service, as specified in the Terms of Service.

12. Cookies and Tracking Technologies

We use cookies and similar technologies. For detailed information on the cookies we use, their purpose, and how you can manage them, please refer to our separate Cookie Policy: https://dentframe.com/cookie-policy/. If no separate policy exists, you might briefly describe cookie use here (e.g., essential, performance, functional) and how users can manage browser settings.

13. Children’s Privacy

The Service is not intended for or directed at individuals under the age of 18 (or other applicable minimum age in relevant jurisdictions). We do not knowingly collect Personal Data from children. If we become aware that we have inadvertently collected Personal Data from a child, we will take steps to delete such information promptly.  

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or relevant laws. We will notify you of any material changes by posting the new policy on our website and updating the “Last Updated” date. We encourage you to review this Privacy Policy periodically.  

15. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us.