We raised $2.3M in our pre-seed round to transform dental administration. Read More

    Privacy Policy

    How we protect and handle your personal data when you use Dentio's services

    Dentio AB – Privacy Policy

    Version 1.1 - 10 January 2026

    Legal entity: Dentio AB

    Organisationsnummer: 559498-5136

    Address: Norrtullsgatan 6, 113 29 Stockholm, Sweden

    Contact: dpo@dentio.io

    1. Introduction and Scope

    This Privacy Policy explains how Dentio AB ("Dentio") processes personal data. Our cloud platform (the "Service") transforms recorded dental consultations into structured administrative drafts.
    This policy applies to:

    • Website Visitors: How we process your data (e.g., via cookies).
    • Clinic Staff ("Users"): How we process your account and usage data as a Data Controller.
    • Patients: How we process your health data as a Data Processor on behalf of your clinic.

    Our GDPR Roles:

    SituationDentio's GDPR RoleExamples of Data
    Clinic staff who create a Dentio account.ControllerName, work email, role, audit logs.
    Patient consultation content generated for a clinic.Processor (your clinic is the controller)Audio, transcript, AI-generated draft notes.

    AI Transparency: Dentio uses large-language models solely to draft clinical text. We never use patient data to train AI models or for any other secondary purpose.

    AI & Model Training Restriction: Dentio strictly guarantees that no Customer Data or Personal Data (including audio recordings and transcripts) is used to train, fine-tune, or improve the foundational Artificial Intelligence models used by Dentio or its third-party sub-processors (such as OpenAI, Google, or AWS). Your data is isolated and used solely for generating your specific documentation.

    Voice Profile for Speaker Identification: To enable accurate speaker diarization (distinguishing between different speakers during a consultation), Dentio stores a short voice sample of up to five (5) seconds for each User. This voice profile is encrypted at rest and in transit, stored securely within the EU, and used solely for the purpose of identifying speakers within the Service. By using the Service, Users consent to the storage and processing of their voice profile for this limited purpose. Voice profiles are deleted upon account termination or upon request.

    2. How and Why We Process Personal Data

    PurposeDentio's RoleLegal Basis (GDPR)
    A. Provide and maintain the Service for UsersControllerArt. 6(1)(b) – Contract
    B. Transcribe and draft notes from consultationsProcessorArt. 28 – DPA Instructions
    C. Billing, accounting, and tax complianceControllerArt. 6(1)(c) – Legal Obligation
    D. Platform security and fraud preventionControllerArt. 6(1)(f) – Legitimate Interest
    E. Product development & troubleshootingProcessorArt. 28 – DPA Instructions
    F. Speaker identification via voice profileControllerArt. 6(1)(b) – Contract / Art. 6(1)(a) – Consent

    3. Data Retention and Deletion

    • Raw Audio Stream: Deleted immediately after transcription (transient buffer, ≤ 24 hours).
    • Full Transcript & AI Drafts: Retained for 7 days from creation, then automatically deleted (unless Customer elects extended retention per the Terms of Service).
    • Voice Profiles: Retained for the duration of the User's active account, then deleted upon account termination or upon request.
    • Application & Security Logs: Retained for up to 12 months (365 days).
    • Encrypted Backups: Retained for 7 days on a rolling basis, then purged.

    4. Sub-processors and Data Transfers

    We use a limited number of sub-processors to deliver the Service. All patient data is processed and stored exclusively within the European Union (EU).

    #Sub-processorPurposeLocation (EU)
    1Google Cloud EMEA Ltd.AI model inference, confidential compute, object storage, audit logging.Finland, Sweden, Germany
    2Supabase Ltd.PostgreSQL database hosting, object storage, draft text storage.Sweden

    We will notify clinic administrators at least 30 days in advance before changing sub-processors.

    5. Your Individual Rights

    The GDPR provides you with rights over your personal data. How you exercise these rights depends on our role.

    GDPR RightFor Clinic Staff (Dentio = Controller)For Patients (Dentio = Processor)
    InformationProvided in this Policy.Your clinic provides you with their privacy notice.
    Access, Rectification, Erasure, etc.Submit your request to dpo@dentio.io.Submit your request directly to your dental clinic. We will support your clinic in fulfilling your request.

    6. Security Measures

    We take the security of your data seriously. Our security program includes encryption in transit and at rest, strict access controls, and a formal incident response plan. In the event of a Personal Data Breach affecting you, we will notify your clinic without undue delay and within 24 hours where feasible.

    7. Cookies and Similar Technologies

    We use strictly necessary cookies to operate our Service. We use analytics cookies only if you provide explicit consent by clicking "Accept analytics" in our cookie banner.

    8. External Links

    Our website may contain links to external sites. We are not responsible for their content or privacy practices.

    9. Children's Privacy

    The Service is not directed to children under 16. Clinics must ensure any recording involving minors complies with Swedish healthcare consent rules.

    10. Changes to This Policy & Contact

    We will notify you of any material changes to this policy at least 30 days before they take effect. For any questions, please contact us at dpo@dentio.io. The supervisory authority in Sweden is the Integritetsskyddsmyndigheten (IMY).

    For more information, contact us at info@dentio.io.