Privacy Notice

Last updated: May 7, 2026

Odontavio provides dental clinic operations software. For patient records, the clinic normally acts as data controller and Odontavio acts as processor under clinic instructions. Some limited account, security, billing, and service telemetry may be processed by Odontavio as an independent controller.

Controller and processor roles

Your clinic is the controller for patient health records, appointments, communications, consents, documents, and clinical notes. Odontavio processes those records only to provide, secure, maintain, and support the service under contract.

Categories of data

The service may process identity and contact data, appointment data, dental and health records, prescriptions, consent records, uploaded documents, diagnostic images, staff account data, audit logs, security events, support metadata, and minimized AI usage metadata.

Legal bases

Clinics determine their legal bases for patient-care processing, including healthcare provision, legal obligations, vital interests where applicable, contract administration, legitimate interests, consent where required, and Article 9 healthcare or public-health bases for special-category health data.

Recipients and subprocessors

Data may be made available to authorized clinic staff, service providers used to host, store, secure, email, audit, and support the application, and authorities where legally required. Subprocessors are reviewed for DPA, region, transfer mechanism, and PHI approval before production use.

International transfers

Production deployments should use EU-region hosting, storage, and databases. Transfers outside the EEA require an approved transfer mechanism, such as SCCs and a transfer-impact assessment, before production PHI use.

Retention

Clinical records are retained or restricted according to clinic legal obligations and configured retention policies. Operational and AI metadata should be minimized, deleted, anonymized, or restricted when no longer needed.

Data Subject Requests

Depending on applicable law, you may request access, rectification, erasure where legally allowed, restriction, objection, portability, and a copy of processing information. Patients should submit requests through their clinic or the patient portal.

AI decision support

AI features are clinician-support tools only. Odontavio is designed to minimize PHI sent to AI providers, gate providers by compliance approval, and block production PHI AI processing unless clinic and vendor requirements are satisfied.

Security

The service uses role-based access controls, encryption, audit logging, security event tracking, MFA-ready staff controls, private storage, and retention/audit evidence workflows.

Complaints and contacts

Patients may contact their clinic for privacy requests and may lodge complaints with the Spanish Data Protection Agency or the competent supervisory authority. Clinics should configure a DPO or privacy contact before launch.

Back to App Access