Privacy Policy

Last updated: April 2026

1. Who We Are

Vaidant ("we", "us", "our") is a practice management platform for dental clinics in India. We are incorporated in India and our infrastructure runs entirely within India (AWS Asia Pacific — Mumbai, ap-south-1).

This Privacy Policy explains how we collect, use, store, and protect information when dental clinics ("Clinic") and their patients ("Patient") use our platform.

2. Roles Under Data Protection Law

Under India's Digital Personal Data Protection Act, 2023 (DPDPA):

  • The Clinic is the Data Fiduciary — it decides the purpose and means of processing patient data and is responsible for obtaining patient consent before entering their information into Vaidant.
  • Vaidant is the Data Processor — we process personal data strictly on the Clinic's instructions and do not use patient data for any purpose beyond providing the platform.

3. Data We Collect

3.1 Clinic and Staff Data

  • Name, email address, phone number of clinic owners and staff
  • Clinic name, address, and registration details
  • Billing and subscription information (payment is processed by Razorpay — we do not store card details)

3.2 Patient Data (entered by the Clinic)

  • Name, date of birth, gender, phone number, email address
  • Appointment history and notes
  • Dental chart, treatment plans, clinical notes, and prescriptions
  • Documents and X-rays uploaded by the clinic
  • Billing records and invoices

3.3 Usage Data

  • Log data, IP addresses, and browser/device information for security and debugging
  • Feature usage analytics (self-hosted data pipeline, no data leaves India)

4. How We Use Data

  • To provide and operate the platform
  • To send patients transactional emails on behalf of the Clinic — appointment confirmations, reminders (24h and 2h before), post-appointment follow-ups, and recall notifications every 6 months
  • To generate invoices and billing records for the Clinic
  • To respond to support requests
  • To improve platform reliability and performance

We do not sell, rent, or share personal data with third parties for marketing purposes. We do not send promotional or marketing emails to patients.

5. Data Storage and Security

  • All data is stored in India — database and file storage run in AWS Mumbai (ap-south-1)
  • Data is encrypted in transit (TLS 1.2+) and at rest
  • Access to production systems is restricted to authorised personnel only
  • We use AWS SES for email delivery with bounce and complaint monitoring
  • Documents and X-rays are stored in AWS S3 and served via signed URLs that expire after one hour

6. Data Retention

We retain clinic and patient data for as long as the clinic's subscription is active. When a clinic cancels, we retain data for 90 days to allow for export, after which it is permanently deleted. Backup copies are purged within 30 days of deletion.

Clinics may request data export or deletion at any time by contacting support@vaidant.io.

7. Patient Rights

Patients whose data is entered into Vaidant by a clinic may contact us to:

  • Access a copy of their personal data
  • Correct inaccurate personal data
  • Request deletion of their personal data
  • Withdraw consent to receive reminder emails

To exercise these rights, email us at privacy@vaidant.io. We will respond within 30 days.

8. Cookies

The marketing website (vaidant.io) uses no tracking cookies. The application (dental.vaidant.io) uses a single session cookie for authentication. We do not use third-party advertising cookies.

9. Changes to This Policy

We may update this policy as the platform evolves. Material changes will be notified to registered clinics by email at least 14 days before they take effect.

10. Contact

For privacy-related questions or requests:

Email: privacy@vaidant.io
Support: support@vaidant.io