Start Free Trial

Privacy Policy

  • Home
  • Privacy Policy

ToothTrack Privacy Policy

Version: 1.0  •  Effective Date: 2025-12-27  •  Last Updated: 2025-12-27

ToothTrack processes health information and treats confidentiality seriously. We apply strong access controls, data isolation per tenant, and retention practices suitable for medical records.

1. Who We Are

ToothTrack (“Platform”) is operated by Webmobyle Limited (“we”, “us”, “our”). This Privacy Policy explains how we collect, use, disclose, store, and retain personal data when you use ToothTrack.

2. Roles: Practice vs ToothTrack

For most data processed in ToothTrack, the Practice is the “data controller” (decides what data to collect and why), and ToothTrack acts as a “data processor” (processes data on the Practice’s instructions to provide the service).

If you are a patient, your dental Practice is typically the primary party responsible for your clinical record. ToothTrack provides the secure system used by the Practice.

3. What Data We Collect

3.1 Data Provided by Practices and Users

  • Practice and staff account data: names, emails, phone numbers, roles/permissions, branch assignments.
  • Patient data: identifiers (name, contact details), demographics, dependants, appointment history.
  • Clinical data: medical history, treatment notes, procedures, diagnoses, prescriptions, attachments.
  • Billing data: subscription plan details, invoices, payment references (processed via payment providers where applicable).
  • Communications: messages or requests sent through forms, support tickets, and platform notifications.

3.2 Data Collected Automatically

  • Usage and log data: access logs, audit events, device/browser info, IP address, timestamps.
  • Security data: authentication events, failed login attempts, and other security signals.

4. Why We Use Personal Data (Purposes)

  • To provide, operate, and maintain the Platform.
  • To authenticate users and enforce role-based access controls.
  • To support Practice workflows: appointments, reminders, records, reporting.
  • To secure the Platform, prevent fraud, and monitor for abuse.
  • To bill Practices and manage subscriptions.
  • To respond to support requests and service communications.
  • To comply with lawful requests and applicable legal obligations.

5. Legal Basis (General)

Depending on jurisdiction, we process personal data based on one or more of: performance of a contract (providing the Platform), legitimate interests (security and service improvement), compliance with legal obligations, and where required, consent (typically managed by the Practice for patient-facing functions).

6. Data Retention Policy (Including Medical Records)

Clinical records are retained long-term. Medical record-keeping often requires extended retention for continuity of care, audits, and medico-legal purposes.

6.1 Clinical Data

ToothTrack retains clinical data in accordance with healthcare record-keeping expectations and the Practice’s lawful needs. In practice, this usually means long-term or indefinite retention, unless and until a lawful basis exists to delete specific records and such deletion is permitted by applicable laws and professional standards.

6.2 Archiving Instead of Deleting

Rather than deleting clinical records, ToothTrack uses archiving/inactivation methods where appropriate. Archived records remain accessible to authorised users and remain available for audits or continuity of care.

6.3 Operational Data

Operational data (e.g., account metadata, logs) is retained for as long as needed to operate the service, maintain security, and meet legal obligations. Audit logs are commonly retained for multiple years for accountability and investigation purposes.

6.4 Backups

We maintain secure backups for disaster recovery and business continuity. Backup copies may persist beyond changes in the live system for a reasonable period, based on our backup retention schedules.

6.5 Tenant Suspension or Cancellation

If a Practice cancels or is suspended, we may restrict access (e.g., read-only archived mode). We continue to retain and protect data, especially clinical records, to support potential reactivation and to align with medical record retention expectations.

7. Data Sharing & Disclosure

We may share personal data only as necessary to deliver the Platform:

  • With the Practice: the Practice controls access to tenant data via permissions.
  • Service providers: hosting, storage, email delivery, SMS, and payment processors (as applicable).
  • Legal compliance: where required by law or lawful requests by authorities.
  • Business transfers: if Webmobyle Limited is involved in a merger, acquisition, or asset sale (with suitable safeguards).

8. Cross-Border Transfers

Depending on hosting and service providers, data may be processed in countries outside the Practice’s country. Where applicable, we apply appropriate safeguards (e.g., contractual protections and security measures) consistent with recognised data protection frameworks.

9. Security Measures

We implement reasonable technical and organisational measures designed to protect data, including access controls, tenant isolation, encryption in transit (TLS), and operational monitoring. No method of transmission or storage is 100% secure; therefore, we cannot guarantee absolute security.

10. Your Rights

Depending on jurisdiction, individuals may have rights such as access, correction, objection, restriction, and portability. For patients, requests related to clinical records are usually handled through the Practice, because the Practice is typically the controller of patient records.

10.1 Right to Deletion / “Erasure”

Where privacy law provides a deletion right, it is not absolute and may be limited where retention is required by law or reasonably necessary for legitimate purposes. In healthcare contexts, clinical record retention obligations often override deletion requests.

11. Cookies

ToothTrack may use essential cookies or similar technologies required for login sessions and security. If we introduce non-essential analytics cookies on public marketing pages, we will provide appropriate notice and choices where required.

12. Changes to This Policy

We may update this Privacy Policy from time to time. If changes are material, we will provide notice through the Platform or by email. Continued use after the effective date of an update constitutes acceptance.

13. Contact

Webmobyle Limited
Support: [email protected]
Website: https://toothtrack.dental

Contact Us
Monday - Friday 10:00 - 16:00
+265 899 25 21 95 / +265 993 77 72 43
[email protected]
About Us

ToothTrack is a cloud-based dental practice management system designed to help dental clinics manage patients, appointments, staff, and daily operations from one secure platform.

Whether you run a single dental clinic or multiple practice locations, ToothTrack gives you clarity, control, and structure: without unnecessary complexity.