Privacy Policy
SmileSync is committed to protecting your data and your patients' data. This policy explains what information we collect, how we use it and what your rights are.
1. Who We Are
SmileSync is a SaaS (Software as a Service) platform developed for dental clinics and practices. The platform provides an AI-powered virtual assistant that acts as a receptionist: it communicates with patients through WhatsApp to book appointments, confirm schedules and answer basic administrative questions.
The platform operator — the clinic or dentist — is the data controller for their patients. SmileSync acts as a data processor on their behalf.
2. What Data We Collect
Depending on your role, the platform may collect the following types of data:
Operator data (clinic / dentist):
- Full name, email address and phone number
- Clinic details (name, physical address, clinic number for the AI to communicate with your patients)
- Login credentials (email + encrypted password)
- Schedule and service configuration preferences
Patient data (collected by the AI assistant):
- Full name and phone number / email
- Requested appointment date and time
- Type of dental service requested
- Conversation history with the AI assistant (text)
- Appointment status (confirmed, cancelled, rescheduled)
Technical data:
- IP address and browser / device type
- Login time and activity within the platform (logs)
- Session cookies for login management
3. How We Use Your Data
- To operate the AI assistant and manage appointment schedules
- To send patients appointment confirmations and reminders (SMS / email)
- To authenticate and protect operator accounts
- To analyze platform performance and detect technical errors
- To comply with legal and regulatory obligations
- To communicate with operators regarding service updates and changes
4. The AI Assistant — How It Works
SmileSync's virtual assistant communicates with patients via WhatsApp to help them book, change or cancel appointments. The assistant:
- Is configured by the clinic (schedules, services offered, communication language)
- Does not make medical decisions and does not offer clinical advice
- Records conversations solely for administrative purposes (appointment management)
- Informs patients that they are communicating with an automated assistant
Conversations are stored for the necessary operational period (maximum 12 months) and are then deleted automatically or upon the operator's request.
5. Sharing with Third Parties
SmileSync may share data only in the following cases:
- Infrastructure providers — certified cloud servers and databases (e.g. AWS / Azure) operating under Data Processing Agreements (DPA)
- Messaging services — for sending appointment confirmation SMS and emails
- Legal authorities — only when required by law or court order
6. Data Storage and Security
Data is stored on servers within the EU or Albania geographic zone, with:
- Encryption in transit (TLS 1.2+) and at rest (AES-256)
- Two-factor authentication (2FA) for operator accounts
- Role-based access controls (only authorized staff have access)
- Daily backups and 24/7 monitoring
- Periodic security audits and penetration testing
Retention period: patient data is kept for as long as the clinic account is active, plus 30 days after closure to allow for export. After this period it is permanently deleted.
7. Your Rights
Operators (clinics / dentists) have the right to:
- Access — view what data is held about them
- Correct — update inaccurate information
- Delete — request deletion of their account and data (the "right to be forgotten")
- Export — receive their data in a readable format (CSV / JSON)
- Restrict — limit data processing in specific cases
- Complain — to the competent data protection authority
Patients who have communicated with the AI assistant may request deletion of their conversations by contacting the clinic or SmileSync directly at the address below.
8. Cookies and Similar Technologies
SmileSync uses only technical (essential) cookies:
- Session cookie — to keep your session active while using the platform
- CSRF cookie — for protection against cross-site attacks
We do not use advertising or third-party analytics cookies except Google Analytics, we use that just to see the progress of the service.
9. Policy Changes
SmileSync may update this policy from time to time. Material changes will be communicated to you:
- By email sent to your account address, at least 14 days before taking effect
- With a prominent notice within the platform upon your next login
Continued use of the platform after the effective date is considered acceptance of the updated policy.
10. Contact Us
For any questions about this policy or to exercise your rights, please contact us:
SmileSync
Albania