SmileGen Data Retention Policy

1. Transformation Data (Patient Images)

Data Type	Retention Period	Deletion Method
Before images (patient photos)	30 days from creation	Automatic purge
After images (AI-generated)	30 days from creation	Automatic purge
Video transformations	30 days from creation	Automatic purge
Patient name	30 days from creation	Deleted with transformation
Patient email	30 days from creation	Deleted with transformation
Patient phone number	30 days from creation	Deleted with transformation

2. Practice/Business Account Data

Data Type	Retention Period	Deletion Method
Practice owner email	Duration of subscription + 30 days	Manual deletion on request
Practice name	Duration of subscription + 30 days	Manual deletion on request
Location ID	Duration of subscription + 30 days	Manual deletion on request
Credit purchase history	7 years (legal/financial requirement)	Automatic purge
Subscription records	7 years (legal/financial requirement)	Automatic purge

3. Technical/Operational Data

Data Type	Retention Period	Deletion Method
Server/application logs	30 days	Automatic rotation
Audit logs (database access)	1 year	Automatic purge
Rate limiting data	24 hours	Automatic purge

Biometric Data Clarification

SmileGen processes facial photographs for AI visualization purposes. We do NOT:

• Create or store biometric templates
• Perform facial recognition for identification
• Extract biometric identifiers for storage

Photographs are processed solely to generate cosmetic smile visualizations and are automatically deleted after 30 days. No biometric data is retained beyond the standard image retention period.

4. Data Deletion Requests

For Patients

To request deletion of your smile transformation data:

• Contact the dental practice that created your transformation - they can delete it immediately using the SmileGen dashboard
• Or email us directly at [email protected] with:
  • The dental practice name
  • Your name (as provided during the transformation)
  • Approximate date of the transformation

For Dental Practices

Practice owners can delete transformation data using any of these methods:

Bulk/Account Deletion:

Email [email protected] with:

• Your practice name
• Location ID (found in your SmileGen dashboard URL)
• Specific transformation IDs to delete, OR "all transformation data"
• For full account deletion, specify "delete my entire account"

We process deletion requests within 7 business days and confirm completion via email.

Automatic Deletion

All patient transformation data is automatically and permanently deleted 30 days after creation. No action is required for routine data cleanup.

Data That Cannot Be Immediately Deleted

The following data may be retained beyond your deletion request due to legal requirements:

• Financial transaction records (7 years - tax/legal compliance)
• Audit logs related to your data access (1 year - security compliance)
• Data subject to active legal holds or investigations

5. Data Storage & Security

Where Your Data Is Stored

All BiteBot and SmileGen data is stored in:

• Supabase - US-based data centers (PostgreSQL database + file storage)
• Vercel - US-based edge network (application hosting)

Security Measures

• Encryption in transit: TLS 1.2+ (HTTPS) for all data transmission
• Encryption at rest: AES-256 for database and file storage
• Access controls: Role-based access, audit logging enabled
• Compliance: SOC 2 Type II certified infrastructure

6. Third-Party Data Sharing

Patient images are temporarily shared with:

• Replicate (AI image processing) - Images are processed and not retained after transformation

Patient contact information may be shared with:

• GoHighLevel (CRM webhook) - Only when configured by the practice

7. Implementation Notes

To implement automatic data purging, the following database job should be scheduled:

8. Policy Updates

This policy may be updated periodically. Significant changes will be communicated to active subscribers via email.