Privacy Policy

1. Overview

SureDataPro ("we", "our", or "us") offers three related products: (a) the website www.suredatapro.com, (b) the offline SureDataPro desktop application for Windows, and (c) the cloud-based SureDataPro dashboard at the same domain together with its companion SureDataPro Android application (Google Play package in.areafair.suredataproapp). This Privacy Policy explains how each product handles information.

The two products differ fundamentally in where data lives:

• Offline desktop app: patient data stays entirely on the dentist's local Windows computer. We have no access.
• Cloud dashboard + Android app: patient data is stored on our servers so the clinic can access it from a browser or phone. The dental clinic that owns the account is the data controller; SureDataPro acts as the data processor. See Section 9 for full details.

2. Information We Collect

2a. Desktop Application (Offline Software)

The SureDataPro desktop application runs entirely offline on your local machine. It does not collect, transmit, or upload any patient data, clinical records, or personal information to any server. All data is stored exclusively on your computer.

On startup, the desktop application may send a minimal ping to our server containing only: a unique installation ID, your clinic name, and anonymised patient/record counts. This is used solely for license management and does not include any patient-identifiable information.

2b. This Website (www.suredatapro.com)

When you visit this website or create a cloud account, we may collect:

• Your username and password (stored securely with hashing)
• Standard web server logs (IP address, browser type, pages visited) for security and analytics
• Information you voluntarily provide when contacting us

3. How We Use Information

• To operate and maintain the website and cloud dashboard
• To respond to support requests and enquiries
• To manage software license activations
• To detect and prevent fraudulent or abusive activity

We do not sell, rent, or share your personal information with third parties for marketing purposes.

4. Data Storage & Security

Patient records in the offline desktop application are stored in an SQLite database on your local Windows computer. You are responsible for the security of your local device and any backups you make.

Website account data, cloud-dashboard data, and data uploaded through the Android app are stored on a secured server (Hostinger VPS, Mumbai, India). Passwords are hashed (PBKDF2-SHA256) and never stored in plain text. All transport between client and server uses HTTPS (TLS 1.2+). Patient images are stored on the server filesystem under directories scoped to the owning clinic. See Section 9 for the full inventory of data we store on behalf of cloud-dashboard and Android-app users.

5. Cookies

This website uses a minimal session cookie required for login functionality. We do not use tracking cookies, advertising cookies, or third-party analytics cookies.

6. Third-Party Services

This website loads HTMX from unpkg.com and Chart.js from jsDelivr CDN. No third-party tracking, analytics, or advertising services are used. All CSS and application code is served directly from www.suredatapro.com.

The cloud dashboard and Android app rely on a small number of named sub-processors: Firebase Cloud Messaging (push notifications), Anthropic (Claude API used only by optional clinical-decision-support tools, with no patient identifiers transmitted), Hostinger (VPS hosting), Meta WhatsApp Cloud API (only when a clinic actively triggers a review-request message), and Google Calendar/Contacts (only after the clinic explicitly connects their Google account). Each is described in detail in Section 9d.

7. Children's Privacy

SureDataPro is a professional tool intended for dental practitioners. We do not knowingly collect information from children under 13.

8. Your Rights

You may request deletion of your website account and any associated data at any time by contacting us. For data stored locally in the desktop application, you have full control and can delete it at any time.

9. SureDataPro Cloud Dashboard & Android App

This section applies specifically to the cloud dashboard at www.suredatapro.com and the SureDataPro Android application (Google Play package in.areafair.suredataproapp). These products operate differently from the offline desktop software described in Section 2a.

9a. Data Controller & Processor

The licensed dental clinic that owns the account is the data controller for all patient information entered through the cloud dashboard or the Android app. SureDataPro acts as the data processor on the clinic's behalf — we host and transmit the data, but the clinic is responsible for obtaining patient consent, lawful processing, and responding to any patient-rights requests under applicable law (India's DPDP Act 2023, GDPR, HIPAA, or local equivalent).

9b. Information Stored on Our Servers

When a clinic uses the cloud dashboard or the Android app, the following information is stored on our servers (Hostinger VPS, Mumbai, India):

• Clinic profile (clinic name, doctor name, address, contact)
• User credentials (username + hashed password — never stored in plain text)
• Patient records entered by clinic staff (name, mobile, sex, DOB, address)
• Clinical work records (notes, treatments, fees, payments, dates)
• Patient images uploaded from the Android camera or gallery (X-rays, intraoral photos)
• Invoices, prescriptions, consent forms, expense entries
• Authentication tokens that identify the device for API calls (issued at login, revocable on logout)
• Firebase Cloud Messaging (FCM) registration tokens used to deliver push notifications
• Standard server logs (IP address, timestamps, user-agent string) retained for 90 days for security and debugging

All traffic between the device and our servers uses HTTPS (TLS 1.2+). Patient images are stored on the server filesystem under access-controlled directories scoped to the owning clinic.

9c. Android App Permissions

The SureDataPro Android app requests only the following runtime permissions:

• Camera — to capture intraoral photographs and X-ray images for the patient record. Photos are uploaded directly to the clinic's cloud account; they are not shared with any third party.
• Notifications (POST_NOTIFICATIONS, Android 13+) — to deliver alerts when a patient self-checks in via QR code or other clinic events. The user may revoke this permission from Android Settings at any time.
• Internet — required for the app to communicate with the cloud dashboard. The app does not function offline.

The app does not request location, microphone, contacts, calendar, SMS, phone, accounts, or external storage permissions. The app does not collect device identifiers (advertising ID, IMEI, MAC address) and does not perform any analytics, advertising, or behavioural tracking. The auth token issued at login is stored in the Android Keystore (`flutter_secure_storage`) and is the only identifier persisted on the device.

9d. Sub-processors & Third-Party Services

The cloud dashboard and Android app rely on the following sub-processors:

• Firebase Cloud Messaging (Google LLC) — delivery of push notifications to the device. Only the FCM registration token and the notification payload are shared with Google. Patient identifiers are not included in push payloads beyond the minimum needed to deep-link the notification (typically a patient ID).
• Hostinger — VPS hosting (servers physically located in Mumbai, India).
• Anthropic (Claude API) — used inside optional clinical-decision-support tools (endodontic diagnosis, access-cavity planning, SNOMED CT mapping). Patient names, mobile numbers, and other direct identifiers are never transmitted to Anthropic; only de-identified clinical observations (e.g., "tooth 36, sharp pain on cold, lingers 30s"). Calls are made only when the clinician actively invokes a CDS tool.
• Meta (WhatsApp Business Cloud API) — invoked only when a clinic actively triggers a patient review-request message from the dashboard. The patient mobile number and a Meta-pre-approved template name are sent; no clinical content.
• Google Calendar & Contacts API — invoked only when the clinic explicitly connects their Google account in Settings → Google. Used to sync appointments and contact entries. Disconnecting from Settings revokes the OAuth token and stops further syncing.

9e. Data Retention & Deletion

Patient records, images, and clinical data are retained for as long as the clinic account is active. The clinic may delete individual patient records (Hard Delete) from within the dashboard at any time — this removes all associated images, work records, consent signatures, prescriptions, and invoices.

To close the cloud account entirely (and delete all associated patient data, images, and the clinic profile), the clinic owner may email medunityapp@gmail.com from the registered clinic email; we will action the request within 7 business days. Server backups containing the data are retained for 30 days after deletion as a disaster-recovery safeguard, after which they are overwritten.

9f. Children's Data

Pediatric patient records (under 13) entered by the clinic for legitimate dental treatment purposes are processed under the clinic's explicit consent obligations toward the parent or guardian. SureDataPro itself does not market to or directly collect data from children; the Android app and cloud dashboard are intended for use only by qualified dental professionals and their authorised staff.

9g. Security Incident Response

In the event of a security incident affecting clinic or patient data, we will notify the affected clinic owner via the registered email within 72 hours of discovery, alongside the steps being taken and any recommended actions for the clinic.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated date. Continued use of SureDataPro after changes constitutes acceptance of the updated policy.

11. Contact

For any privacy-related questions or requests: