Legal
Privacy Policy
Effective date: July 15, 2026. This policy explains how Dentipath Technologies Inc. handles privacy for the dentipath.ca website and DentiPath™ apps.
Plain-language summary. DentiPath products are local-first by default. In the current app experience, the information you enter is stored on your device, with no DentiPath account required. DentiPath does not sell your data, use it for advertising, or train machine-learning models on it. Some features may connect to third parties you choose or enable, including Apple for App Store purchases, TestFlight, device diagnostics, iCloud or CloudKit sync if offered and enabled, and Cloudflare for website hosting and security. Current Ledger import runs on device for CSV, Excel, and pasted-table financial totals. If DentiPath offers browser-based accounts, cloud sync, or web versions of the suite in the future, those features will be optional or separately described, and the core app experience will remain usable without them unless a specific product page clearly says otherwise. The apps are not patient-record systems and should never be used to store patient-identifying information.
1. Who we are
Dentipath Technologies Inc., operating publicly as DentiPath, is a Canadian software company building educational, planning, and record-keeping tools for dental learners and professionals. In this policy, “DentiPath,” “we,” “us,” and “our” refer to Dentipath Technologies Inc. Contact: support@dentipath.ca.
2. Scope
This policy covers the website at dentipath.ca, the DentiPath apps (DentiPath Finance™, DentiPath Ledger™, DentiPath Launch™, and DentiPath SkillsLab™) as available, and support communications you send to us. The SkillsLab Privacy Policy provides additional product-specific details about practice history, camera access, augmented reality, imports, and exports. Some processing is controlled by third parties, principally Apple (App Store purchases, iCloud, TestFlight, and device-level crash and diagnostics settings) and Cloudflare (website hosting and security), under their own terms and privacy practices.
3. Local-first, optional sync, and optional web services
DentiPath apps are designed to keep professional financial information and educational practice data on your device by default. Some features may give you the choice to move, sync, back up, or access information across devices. For example, a future version may offer Apple iCloud or CloudKit sync through your Apple account. If enabled, your data may be transmitted to and stored by Apple to provide that sync.
Optional sync, backup, account, browser, and hosted features are convenience features. The core apps remain usable without enabling them, unless a specific product page clearly says otherwise. DentiPath will not enable a feature that materially changes where your app entries are stored or processed without explaining that feature before or when it is offered.
If DentiPath later offers browser-based accounts, web dashboards, hosted reports, or cross-device web versions of the suite, those services may require DentiPath or service providers acting on our behalf to process account information, authentication information, subscription status, browser and device information, support communications, and the content you choose to store, sync, upload, or create through that browser-based service.
4. The patient-information boundary
DentiPath apps are intended for professional financial information and educational practice data: production amounts, collection rates, split percentages, lab fees, direct costs, expenses, loan and overhead assumptions, tax-estimate settings, work-location labels, school and living costs, student budgets, debt and repayment assumptions, anatomy modules, tooth-model identifiers, practice results, scores, durations, and similar planning, record-keeping, and learning data.
They are not clinical, charting, billing, insurance, or patient-record systems. Do not enter patient names, chart numbers, dates of birth, health-card numbers, contact details, treatment notes, images, medical histories, or any other patient-identifying information. Do not enter bank credentials, full payment-card numbers, social insurance numbers, or government identifiers. The apps are designed so none of this is needed.
To keep you inside this boundary, the apps use structured fields rather than open charts or free-text patient notes. In DentiPath Ledger™ and DentiPath Launch™, optional reference, label, or note fields include an on-device check that helps keep patient-identifying text out and can prevent saving it. In current versions, that check runs locally on your device and does not transmit the text to DentiPath.
5. Local storage and limited processing
Information you enter in the current DentiPath apps is stored locally on your device by default, and the current core app experience does not require a DentiPath account. DentiPath does not sell app data, use it for advertising, or train machine-learning models on it.
Current app versions do not use advertising trackers or third-party analytics SDKs. Limited network connections may occur for Apple purchases, optional features you enable, service notices, security, diagnostics, or support. An occasional request for a small service-notice file may carry basic connection data, such as an IP address, to Cloudflare so it can deliver and secure the request.
On-device data is covered by the device access controls and file protections you choose. Device-backup behaviour varies by product: current Ledger and Launch records are excluded from device-level backups, while Finance and SkillsLab data may be included according to your Apple backup settings.
The apps add their own on-device safeguards. The local store is written with at-rest file protection, so its contents are protected by your device’s encryption while the device is locked. You can also turn on an optional app lock that requires Face ID, Touch ID, or your device passcode to open the app.
6. Backups you control
Where a current app offers backup, it creates a backup file only when you choose, and how that file is protected depends on the app. DentiPath Ledger backups are encrypted with a password you set, using AES-GCM authenticated encryption, with no unencrypted option; because the password is yours alone and is not provided to DentiPath, DentiPath cannot read or recover one, and if you lose the password the backup cannot be opened. Current DentiPath Launch backups are also password-encrypted; if you still have older plain JSON Launch backup files, keep them somewhere safe and treat them like sensitive documents. CSV and PDF reports are separate exports you create and share yourself. Once any file leaves the app, it is governed by wherever you send it.
Current versions of Ledger and Launch keep their main records in a location excluded from device-level backups. If a future version offers optional iCloud or CloudKit sync, the app will explain what data is transmitted and stored before you enable it. Any device backup or iCloud feature you configure is also governed by your settings and Apple’s terms.
7. Reports you create
The apps can generate files such as CSV and PDF reports, SkillsLab practice summaries and history files, and password-encrypted Ledger or Launch backups, only when you choose. Ledger can import CSV, Excel, and pasted-table financial totals on device after you review mappings and previews; SkillsLab can import a compatible practice-history file on device. Once you share or import a file, you are responsible for reviewing it and keeping patient-identifying or other prohibited information out. Once an exported file leaves the app’s storage, it is governed by wherever you send it (for example, your email provider or another destination you choose).
8. Purchases
Purchases, subscriptions, free trials, and refunds are processed by Apple through the App Store. DentiPath receives aggregate, non-identifying transaction reporting from Apple (for example, sales counts by region). We do not receive your payment-card details.
9. Browser tools and future browser-based services
Some DentiPath tools run in your browser and perform calculations locally without sending the numbers you type to DentiPath. When a browser tool works this way, the page describes that current behaviour.
Future browser-based services may work differently. A browser account, hosted dashboard, cloud-saved plan, or cross-device web version may require information to be sent to DentiPath or to service providers acting on our behalf. Those features will be optional or separately described, and the app-based local-first experience will remain available without them unless a specific product page clearly says otherwise.
10. The website
dentipath.ca is a static informational site. It does not set DentiPath tracking cookies, run advertising, or include third-party analytics scripts. The site is served by Cloudflare, which processes technical request data (such as IP addresses) to deliver and secure the site under Cloudflare’s own policies. Links that open your email client or the App Store hand you to those services.
11. Service providers
We may use service providers to operate the website, process purchases, provide optional sync or hosting features, deliver support email, send launch notices you requested, secure the service, diagnose errors, and prevent misuse. Current key providers include Apple for App Store purchases, TestFlight, and device diagnostics; Cloudflare for website hosting, delivery, and security; and our email provider for support communications. iCloud and CloudKit sync are not included in current releases; if released later, Apple would process selected data needed to provide that feature. These providers process information under their own terms and privacy practices or under agreements with DentiPath, depending on the service. Some service providers store or process information outside Canada, including in the United States; while it is there, it may be accessible to the courts, law enforcement, and national-security authorities of those jurisdictions under their laws.
DentiPath remains accountable for personal information under its control when a provider processes it for us. We limit provider access to what is reasonably needed for the service, use contractual or other safeguards where appropriate, and assess privacy and security risks before a new arrangement or a transfer outside Québec or Canada when applicable law requires it.
12. Support email and launch notices
If you email us, we receive your email address and what you write. We use it to respond, improve the products, and keep simple support records. Support email is hosted by our email provider under its own terms. Please do not include patient-identifying information or sensitive identifiers in support messages.
If you request launch updates or product-availability notices, we collect the email address you provide and use it only to send the requested notice or a closely related product update for which we have consent or another lawful basis. We do not sell the list. Each commercial electronic message will identify DentiPath and include a working unsubscribe method as required by law. You can also withdraw your request at any time by contacting support@dentipath.ca; we will action an unsubscribe request within the period required by law.
13. Legal bases, privacy rights, and consent
For personal information DentiPath receives, we rely on consent and other grounds permitted by applicable privacy law. As a Canadian company, applicable law may include the federal Personal Information Protection and Electronic Documents Act (PIPEDA) and substantially similar provincial privacy laws.
Subject to applicable exceptions, you may ask what personal information DentiPath holds about you and how it has been used or disclosed; request access, correction, or deletion; withdraw consent for an optional use; and, where Québec law applies, request eligible computerized information in a structured, commonly used technological format. Withdrawing consent does not affect prior lawful processing, and it may prevent us from providing an optional communication or service that needs that information. Current DentiPath services do not make decisions about you based exclusively on automated processing.
We can only act on information that DentiPath actually holds. App entries stored only on your device, in your own backups, or in your own Apple iCloud account are controlled by you and the applicable service provider, not by DentiPath. We may need to verify your identity before completing a request and will collect only the verification information reasonably necessary for that purpose.
The apps are not patient-record systems. Dental professionals remain responsible for their own obligations under any health-information or privacy laws that apply to the records they keep in their own systems.
14. Retention and deletion
For current local-only app entries that DentiPath does not receive, delete entries in the app or remove the app to delete its local data; your own backups, exports, synced copies, or files saved elsewhere may retain copies. DentiPath applies a retention schedule by information category and keeps information only as long as reasonably needed for the disclosed purpose, security, legal obligations, dispute resolution, or enforcement. Support correspondence is reviewed for deletion or de-identification after the matter and any reasonably necessary follow-up period end; launch-notice addresses are removed when the notice purpose ends or consent is withdrawn, subject to a minimal suppression record where needed to honour the request; provider security logs follow the provider’s applicable retention settings. At the end of the applicable period, information is securely deleted or irreversibly de-identified where permitted. You may ask us to delete applicable prior correspondence at support@dentipath.ca.
15. Safeguards and breach response
We protect the limited personal information DentiPath actually holds with safeguards appropriate to its sensitivity, including encrypted connections (HTTPS) for the website, restricted access to the support mailbox, and reliance on the platform protections of our service providers. App entries in current releases are protected on your device by iOS security features and, where you enable them, device passcode, Face ID, app lock, and encrypted backups. If DentiPath becomes aware of a breach of security safeguards involving personal information under our control, we will assess the incident, keep records where required, and notify affected individuals, regulators, or other organizations when required by applicable law.
16. Children
DentiPath products are intended for dental students and professionals and are not directed to children under 13. We do not knowingly collect personal information from a child under 13. A person under the age of majority may use a product only with a parent or legal guardian’s permission and supervision. If you believe a child has sent personal information to DentiPath, contact the Privacy Officer so we can investigate and delete it where appropriate.
17. Changes to this policy
If we change this policy, we will post the updated version here with a new effective date. We will provide reasonable notice of a material change through the website, the app, or App Store release notes and obtain consent before a new collection, use, or disclosure where required by law. App Store privacy labels will be updated when a change affects them.
18. Requests and complaints
Send a privacy request or complaint to the Privacy Officer at support@dentipath.ca and describe the request, the DentiPath service involved, and how we can reply. Do not send patient information or identity documents unless the Privacy Officer specifically requests a secure verification step. We will acknowledge the matter, investigate it fairly, and normally respond within 30 days. If applicable law permits an extension or requires us to refuse all or part of a request, we will explain the reason and available recourse.
If we do not resolve your concern, you may contact the privacy regulator that applies to your circumstances, including the Office of the Privacy Commissioner of Canada or, for Québec matters, the Commission d’accès à l’information du Québec.
19. Contact
Privacy Officer / Person responsible for the protection of personal information
Dentipath Technologies Inc.
support@dentipath.ca
