Legal
DentiPath Ledger Privacy Policy
Effective date: July 9, 2026. This policy explains how the DentiPath Ledger™ app handles privacy. It supplements the general DentiPath privacy policy, which also applies.
Plain-language summary. DentiPath Ledger is local-first. Your production entries, lab fees, expenses, deposits, optional estimated-set-aside settings, import history, and settings are stored on your device by default, with no DentiPath account required for the core app experience. CSV, Excel, text, ZIP, and pasted-table import runs on your device; DentiPath does not receive your files or entries. The app does not use advertising trackers or third-party analytics SDKs. The current release is fully usable without iCloud sync, browser access, or hosted convenience features; those capabilities are not included in the current release. Backup files you create remain your responsibility. Never enter patient-identifying information.
1. Who we are
DentiPath Ledger is built by Dentipath Technologies Inc., operating publicly as DentiPath, a Canadian software company. In this policy, “DentiPath,” “we,” “us,” and “our” refer to Dentipath Technologies Inc. Contact: support@dentipath.ca.
2. Local-first by design
In the current core app experience, DentiPath does not operate a server that receives your Ledger entries. Ledger is designed to be fully usable without sync or a DentiPath account. Optional iCloud or CloudKit sync is not included in the current release. If a future release offers it, that feature will be off unless you choose to enable it or the app screen clearly says otherwise. iCloud sync would use Apple infrastructure and your Apple account. DentiPath does not receive your Apple account password or payment-card details.
The Mac version runs in Apple’s App Sandbox. It accesses files outside its private container only after you choose them through system open or save panels. Its outbound connections support Apple StoreKit and the service-notice check described below.
Service notices. When you open or return to the app, DentiPath Ledger may request a small file from dentipath.ca that lists occasional service notices (for example, an “update available” message). That request is not designed to include your entries, an account identifier, or an app-specific device identifier, and the connection stores no DentiPath cookies. If it fails, the app continues. The file is served by Cloudflare, which processes basic connection data such as your IP address to deliver and secure the request.
Current Ledger records, import history, and estimated-set-aside profile data are stored locally in locations excluded from device-level backups. To move your data to a new device or recover it after device loss, create an encrypted backup file in the app and keep it somewhere safe.
3. The patient-information boundary
DentiPath Ledger is for professional financial tracking, not patient records. Entries use structured fields, not open charts or free-text patient notes. Do not enter patient names, chart numbers, dates of birth, health-card numbers, contact details, treatment notes, or any other patient-identifying information. The reference or label field is optional, and an on-device check in current versions helps keep patient-identifying text out of it and can prevent saving text that looks identifiable without transmitting that text to DentiPath.
Current Ledger import is limited to CSV, Excel, text, ZIP, and pasted-table financial totals such as production, collections, lab fees, and expenses. Import parsing, column mapping, privacy exclusion, preview, and commit run on your device. Ledger reads a selected source file temporarily in memory; it does not copy, retain, upload, or delete the original file. When the import flow ends, Ledger retains only financial entries you accepted and limited privacy-screened import metadata, such as the source type, a safe filename when available, row counts, date range, and excluded-column labels. A rejected or cancelled import does not create imported entries or import-history metadata. Columns that look like patient information are excluded by default, but you remain responsible for reviewing source files, mappings, excluded fields, and generated entries before saving or sharing them. Photo, camera, image, OCR, and PDF import remain disabled in current releases pending privacy and legal approval. The dormant on-device scan code does not upload or retain a source image and cannot be activated in an App Store build by a runtime setting.
4. Device access and app lock
Access to current app data is governed by your Apple device settings and the protections you choose. On iPhone and iPad, protected app files use Apple data protection while the device is locked. On Mac, local-file protection depends on your macOS login, physical access controls, and disk-encryption settings such as FileVault. You can also turn on App Lock: iPhone and iPad use Face ID, Touch ID, or the device passcode and cover app-switcher snapshots; Mac uses Touch ID or the Mac login password and locks after about a minute of app inactivity or immediately on backgrounding. Current releases do not provide a DentiPath account, password recovery, or a server-side copy of your Ledger entries.
5. Reports and encrypted backups
CSV exports, monthly PDF reports, import previews, import commits, import undo, and backup files are generated or processed on your device only when you choose. On iPhone and iPad, files leave through the system share sheet; on Mac, they use user-selected open/save panels, and monthly PDFs can be sent to the system print dialog. Backups are always encrypted with a password you set, using authenticated AES-GCM encryption; there is no unencrypted backup option. Because the encryption key is derived from your password, DentiPath cannot read or recover a backup. Once a file leaves the app, it is governed by wherever you send, save, or print it.
Sync, backup, restore, and export features can fail, conflict, duplicate records, omit records, or be interrupted because of device, operating-system, account, network, Apple, or service-provider issues. Review important reports and maintain your own backups before deleting the app, changing devices, resetting a device, or relying on a synced record.
Optional sync, backup, account, browser, and hosted features are convenience features. Unless a specific product page says otherwise, the core app remains fully usable without enabling them.
6. Shared on-device preferences
If you also have DentiPath Finance™ or DentiPath Launch™ installed on the same device, the apps can share a few non-identifying defaults (such as currency notation, collection rate, associate split, and card theme) through an Apple App Group container, so the suite agrees on numbers you have already entered. In the current release, this App Group sharing occurs locally on that device and is not transmitted to DentiPath.
7. Purchases
Ledger Pro is offered as monthly or annual auto-renewable subscriptions, processed by Apple through the App Store under Apple’s terms. DentiPath does not receive your payment-card details; Apple provides purchase status to the app and App Store sales and transaction reporting to DentiPath.
8. Deleting your data
Delete individual entries in the app. To remove local app data completely, follow your platform’s app-data removal steps when uninstalling: iPhone and iPad normally remove the app container with the app, while macOS may retain sandbox support files after the app itself is removed. Encrypted backup files you created remain wherever you saved them until you delete them; automatic device backups do not include your ledger data.
9. Children
DentiPath Ledger is intended for dental students and professionals and is not directed to children under 13. A user under the age of majority may use it only with a parent or legal guardian’s permission and supervision. See the general privacy policy for how to report information sent by a child.
10. Changes and contact
If this policy changes, the updated version is posted here with a new effective date. Questions: support@dentipath.ca. See also the general privacy policy, Terms of Use, and Disclaimer.
