Privacy Policy

Last updated: 13 March 2026

SGsmile ("we", "us", "our") is committed to protecting the privacy of our users and their patients. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you use our dental clinic management platform.

1. Information We Collect

Account Information: When you register, we collect your name, email address, clinic name, and contact details.

Patient Data: Clinics using SGsmile may store patient information including names, NRIC/FIN, contact details, medical history, treatment records, and billing information. This data is entered and managed by the clinic.

Usage Data: We automatically collect information about how you interact with our platform, including IP address, browser type, pages visited, and timestamps.

Payment Information: Payment processing is handled by Stripe. We do not store credit card numbers on our servers.

2. How We Use Your Information

• To provide, maintain, and improve our platform
• To process transactions and send billing notifications
• To send appointment reminders and communications on behalf of clinics
• To provide customer support
• To detect and prevent fraud or security incidents
• To comply with legal obligations

3. Data Storage & Security

Your data is stored on secure cloud infrastructure hosted in Singapore (AWS ap-southeast-1). We employ industry-standard security measures including:

• Encryption in transit (TLS/SSL) and at rest
• Two-factor authentication (2FA) for user accounts
• Role-based access controls
• Regular security audits and monitoring
• Automated backups with point-in-time recovery

4. Data Sharing & Disclosure

We do not sell, trade, or rent your personal data. We may share data with:

• Service providers: Cloud hosting (Vercel, Neon), email delivery (Resend), payment processing (Stripe) — only as necessary to operate the platform
• Legal requirements: When required by Singapore law, court order, or government regulation
• Business transfers: In the event of a merger, acquisition, or sale of assets

5. Data Retention

We retain your data for as long as your account is active or as needed to provide services. Clinics may request deletion of their data at any time. Patient records are retained in accordance with Singapore's healthcare record retention requirements (minimum 6 years after last visit).

6. Your Rights

Under Singapore's Personal Data Protection Act (PDPA), you have the right to:

• Access your personal data held by us
• Correct inaccurate or incomplete data
• Withdraw consent for data processing
• Request deletion of your data (subject to legal retention requirements)
• Transfer your data to another provider

7. Cookies

We use essential cookies for authentication and session management. We do not use advertising or tracking cookies.

8. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or in-app notification.

9. Contact Us

For privacy-related enquiries or to exercise your data rights:

Email: norman@sgsmile.com

Data Protection Officer: Norman Seah
SGsmile, Singapore