Logo
Documentation
Pricing Plans
About Company
Contact Support
Sign In Initialize Workspace

Privacy Policy

Enterprise data custody, absolute multi-tenant sovereignty, and clinical information security frameworks engineered for modern healthcare providers.

Charter Version Effective: June 20, 2026

The Sovereign Corporate Data Guarantee

At Odontware, we operate strictly as an enterprise technology ecosystem architect. We do not participate in, support, or profit from corporate data serialization. We do not own your clinical registers, and we maintain an absolute prohibition against the indexing, leasing, sharing, or processing of Protected Health Information (PHI) for secondary advertising vectors. Your databases remain entirely sovereign and isolated.

1. Scope, Jurisdiction & Operational Definitions

This Privacy Policy serves as the definitive legal and technical charter governing information sovereignty on the Odontware Healthcare SaaS platform. Throughout this document, the system distinguishes between two regulatory operations:

  • Data Controller: The corporate entity, clinical practice, or medical licensee initializing the clinical workspace is the primary custodian of patient profiles. The Controller holds exclusive ownership and legal responsibility for data generation.
  • Data Processor: Odontware functions exclusively as a technology pipeline executing compute execution, data relational layout compilation, and cloud object hosting strictly on behalf of and under instruction from the Data Controller.
  • System Scope: This policy applies to all operations executed across core routing points, including the public interface (odontware.com) and any provisioned tenant environments (app.odontware.com).

By executing account provisioning, database initialization, or medical workspace runtime sequences, you ratify the technical boundaries outlined within this operational chart.

2. Granular Data Taxonomy & Collection Matrices

To preserve structural performance and runtime security metrics, the application manages data via isolated programmatic vectors. We do not accumulate unnecessary meta-traits outside the operational scope:

  • Administrative Identity Protocols: Upon subscription routing, we register foundational corporate traits including Admin Names, verified BMDC (Bangladesh Medical & Dental Council) Registration matrices, active corporate contact arrays, and tokenized enterprise billing reference maps.
  • Protected Health Information (PHI) Collections: Relational datasets stored within isolated instances on behalf of the clinic include core patient diagnostic profiles, longitudinal medical histories, interactive 3D Odontogram vectors, historical lab parameters, binary X-Ray arrays, and digital e-Prescription streams.
  • Technical Telemetry Streams: Non-identifiable transaction metrics gathered automatically include browser user-agent indicators, secure IP address routing footprints, and server-side programmatic action logs designed to feed the immutable security audit trails.
  • Storage Metadata: Metrics concerning overall cluster usage, uploaded attachment sizes, and generated log volumes are accumulated to track quota boundaries against active SaaS tiers.

3. Programmatic Compute & Algorithmic Processing Scope

Data allocated within the system workspace is handled strictly to provide a performant clinical SaaS interface. Processing scopes are strictly limited to the following computational parameters:

  • Dynamic UI/UX Mapping: Compiling patient variables into interactive visual objects, such as processing clinical history indicators or calculating transactional micro-billing outstanding sums.
  • Identity & Permission Verification: Enforcing strict Role-Based Access Control (RBAC) across tenant arrays to block unauthorized administrative mutations.
  • System Notifications: Dispatched strictly via asynchronous webhooks to trigger critical subscription lifecycle statements, technical alerts, or service maintenance boundaries.
  • Diagnostic Continuity: Relational processing of historical sessions alongside the active SVG odontogram charts to render a clear chronological timeline of dental treatment development.

4. Cryptographic Safeguards & Multi-Tenant Data Isolation

Security is modeled directly into the architecture of our platform, eliminating common multi-tenant system failure vectors and malicious injection attempts:

  • Absolute Tenant Isolation: Clinic clusters are dynamically separated at the database query execution layer. Every SQL procedure executes through isolated tenant hashes, rendering it structurally impossible for separate workspaces to cross-read data arrays.
  • Cryptographic Pipelines: All data packets traversing public routing infrastructures are secured via high-grade TLS 1.3 protocols. Passive data columns, secure system backup nodes, and patient record clusters are hardened leveraging enterprise AES-256 encryption at rest.
  • RBAC Integrity Guards: Core data state mutations—such as clearing past invoices or correcting past prescription tables—require active administrative multi-layered cryptographic authorization.
  • Hash Frameworks: Passwords and authorization keys are salted using advanced one-way cryptographic hashing prior to storage. Staff credentials can never be reverse-engineered or viewed by platform operators.

Advanced Multi-Layered Security Guard

Every system compute sequence is heavily protected against typical injection vectors by strict anti-clickjacking headers, robust Content Security Policies (CSP), and cryptographic form-level Cross-Site Request Forgery (CSRF) token checks.

5. Tokenized Third-Party Sub-Processing Integrations

To preserve clinical confidentiality, the ecosystem limits data exposures strictly to verified core technical sub-processors under secure, isolated APIs:

  • Enterprise Cloud Infrastructure: Cloud operations are executed within isolated, secure enterprise server nodes (e.g., Cloudflare R2 object networks and secure data arrays).
  • Tokenized Financial Gateways: Subscription transactions are completely offloaded via tokenized parameters to verified institutional clearing partners (Stripe / SSLCommerz / bKash). Raw credit card metrics never cross our persistent server layers.
  • Notification APIs: Dispatched strictly via tokenized parameters to cellular gateways to route necessary prescription or appointment streams directly to confirmed patient devices.

6. Immutable Retention Lifecycles & Purge Protocols

The Data Controller maintains absolute command over data lifecycle spans. The application applies structured retention constraints:

  • Subscription Grace Cycles: Account termination transitions the target clinical workspace into a secure Read-Only architecture. All data modifications are blocked while retaining absolute view rights for historical verification.
  • Permanent Purge Execution: Upon a formal, verified written command dispatched by the master admin, the platform processes a complete cryptographic delete sequence across the specific database shard and binary media vault. Once executed, this database wipe is mathematically irreversible.
  • System Backup Governance: Encrypted secondary disaster recovery nodes are generated daily and stored across distributed cloud locations. Backups are recycled automatically after a strict 30-day retention envelope.

7. Statutory Compliance & Global Health Care Standards

The system is continually maintained to preserve architectural alignment with localized and global healthcare frameworks, providing clinic owners complete legal reassurance:

  • Sovereign Compliance: Completely aligned with the statutory parameters governing electronic data capture and consumer data privacy protections within our operational regions.
  • HIPAA Alignment Core: Built around the technical constraints of the Health Insurance Portability and Accountability Act (HIPAA), maintaining complete encryption structures, robust tracking metrics, and administrative tracking loops.

8. Data Protection Officer (DPO) Contact Framework

For technical compliance queries, infrastructure security audits, or data sovereignty reviews, please contact our Data Governance and Privacy Team immediately:

Official Governance Endpoint: info@odontware.com

All privacy escalations are formally reviewed, logged, and processed within 48 business hours.