Privacy Policy

When you use OralAI, we collect the following information to provide the screening service:

We do not collect passwords, payment information, government ID numbers, or biometric identifiers beyond dental and face images used solely for screening.

Your data is used exclusively to provide OralAI's screening service:

• To capture and validate 4 images — your face photo first, then 3 dental images
• To run YOLOv8 object detection on your dental images
• To generate a personalised AI analysis report in your chosen language
• To create and deliver your PDF screening report via download, email, or WhatsApp
• To improve the accuracy and performance of our AI models (anonymised and aggregated only)
• To respond to support requests or contact inquiries

OralAI is hosted on AWS EC2 (Amazon Web Services) infrastructure with the following protections:

• All data transmitted over HTTPS/TLS encryption
• Server access restricted to the development team only via key-based authentication
• Face and dental images are processed in real-time and not permanently stored after the report is generated
• Patient personal details are stored in access-controlled databases not exposed publicly
• Regular security reviews conducted by the development team

Because OralAI processes dental and face images — a category of sensitive health-related data under the DPDP Act, 2023 — we take extra precautions:

• All 4 images are processed only by our automated AI pipeline (YOLOv8 + language model)
• Your face image is used for patient identification in the PDF report only — it is not used for facial recognition or biometric profiling
• No human team member manually reviews your images unless you contact us for support and explicitly consent
• Images are not shared with dentists, clinics, or any third party without your explicit consent
• AI-generated reports are for informational purposes only and do not constitute a medical diagnosis

When you choose to receive your report via WhatsApp or Email:

• Your phone number is used only to send the PDF report via the WhatsApp Business API
• Your email address is used only to deliver the screening report
• We do not send promotional messages, newsletters, or unsolicited communications
• Your contact details are not shared with WhatsApp/Meta beyond what is technically required for message delivery
• If delivery fails, we do not retry more than twice and do not store contact info beyond 30 days

We do not sell, rent, or trade your personal information. We may share data only in these limited situations:

• Service providers: AWS (hosting), WhatsApp Business API, email delivery service — solely to operate OralAI, bound by confidentiality obligations
• Legal obligation: If required by Indian law, a valid court order, or a competent government authority
• Academic research: Only fully anonymised, aggregated data — never individual records or identifiable information

How We Obtain Consent

By clicking "Start Screening" and submitting your images and personal details, you expressly consent to the collection and processing of your data as described in this policy. You may withdraw consent at any time by contacting us at [email protected].

Data Breach Notification

In the unlikely event of a data breach that may affect your personal information, we will:

• Notify affected users by email within 72 hours of becoming aware of the breach
• Inform the relevant authority as required under the DPDP Act, 2023
• Describe the nature of the breach, data affected, and steps we are taking to contain it
• Provide guidance on steps you can take to protect yourself

OralAI may be used for screening individuals under 18 years of age only under the following conditions, in compliance with the DPDP Act, 2023:

• A parent or legal guardian must provide explicit consent before submitting any data or images of a minor
• The consent must be verifiable — by providing the guardian's contact details during the screening
• We do not knowingly collect data from children without parental consent
• If we discover that a child's data was submitted without parental consent, we will delete it within 48 hours
• Parents or guardians may request access, correction, or deletion of a child's data at any time

OralAI uses minimal, essential cookies and browser storage only:

We do not use advertising cookies, third-party trackers, analytics platforms (e.g. Google Analytics), or any cross-site tracking technology. No cookie consent banner is currently shown because we use only strictly necessary cookies.

Under the Digital Personal Data Protection (DPDP) Act, 2023 (India), you have the right to:

• Access — Request a copy of the personal data we hold about you
• Correct — Request correction of inaccurate or incomplete personal information
• Delete (Erasure) — Request deletion of your personal data from our systems
• Withdraw Consent — Withdraw consent to data processing at any time without affecting prior lawful processing
• Nominate — Nominate another person to exercise your data rights in the event of your death or incapacity
• Grievance — Lodge a complaint with our Data Protection Officer or with the Data Protection Board of India

To exercise any right, email us at [email protected] with subject line: "Data Request – [Your Name]". We will respond within 72 hours.

We may update this Privacy Policy as OralAI evolves. When we make material changes, we will update the effective date at the top of this page and, where possible, notify registered users by email at least 7 days before changes take effect.

Continued use of OralAI after the effective date of any change constitutes your acceptance of the revised policy. If you disagree with changes, you may request deletion of your data before the effective date.

This policy was last updated: March 2026.