DPDP Compliance

India's Digital Personal Data Protection Act, 2023 · Last updated 10 March 2026

Dentomate is built India-first. We designed our data practices to align with the Digital Personal Data Protection Act, 2023 (DPDP Act) so that dental clinics using Dentomate can meet their own obligations toward patients (data principals) with confidence.

1. Our Roles

Under the DPDP Act, the clinic is typically the Data Fiduciary for its patients' personal data, and Dentomate acts as a Data Processor that processes data on the clinic's instructions. We only process personal data to provide and improve the Dentomate service.

2. Lawful Consent

We support clinics in obtaining and recording informed, specific, and freely given consent from patients before their data is collected and used — for example, before sending WhatsApp appointment reminders. Consent notices are provided in clear and plain language.

3. Data Principal Rights

Dentomate provides tools that help clinics honour patient rights under the DPDP Act, including:

  • The right to access a summary of personal data being processed.
  • The right to correction and erasure of personal data.
  • The right to nominate another individual to exercise rights in the event of death or incapacity.
  • The right to grievance redressal.

4. Data Localisation & Storage

Dentomate hosts application data on infrastructure located in India / the Asia-Pacific region and applies encryption in transit and at rest. We do not sell personal data, and we do not transfer it to third parties except as required to deliver the service (for example, the Meta WhatsApp Business API) or as required by law.

5. Data Retention

Personal data is retained only for as long as necessary to provide the service and to meet legal, accounting, or reporting requirements. When a clinic closes its account, associated personal data is deleted or anonymised within a reasonable period, subject to legal retention obligations.

6. Data Breach Handling

We maintain incident-response procedures to detect, assess and respond to personal data breaches. In the event of a breach affecting personal data we process, we will notify the affected clinic(s) and support their obligations to notify the Data Protection Board of India and affected data principals where required.

7. Grievance & Contact

For any DPDP-related request or grievance, contact our data protection point of contact at singhravindrapratap812@gmail.com. See also our Privacy Policy and Security pages.

This page is provided for information only and does not constitute legal advice. Clinics should seek independent counsel regarding their own DPDP obligations.