Privacy Policy

This Privacy Policy describes Plandentic's commitment to protecting your personal data and respecting your privacy. This policy applies to our customers (including those on free trials), website visitors, and anyone who interacts with our services (hereinafter referred to as "you", "your" and "yours").

Our Privacy-First Approach

At Plandentic, privacy is not an afterthought—it's a core principle. We have designed our services with privacy at the forefront, collecting only the minimum data necessary to provide you with excellent service. Here's what this means in practice:

  • No tracking cookies: We do not use third-party tracking cookies or invasive analytics that follow you around the web.
  • Privacy-friendly analytics: When we implement analytics, we use privacy-respecting tools (Plausible Analytics) that don't collect personal data or use cookies.
  • No data selling: We will never sell your personal data to third parties. Ever.
  • Minimal data collection: We only collect data that is strictly necessary to provide our dental treatment planning services.
  • Your data, your control: You have full control over your data and can request access, correction, or deletion at any time.
  • Transparent practices: We are open about what data we collect, why we collect it, and how we use it.

Introduction

The following statements describe who we are, which types of personal data we collect when you use our services, visit our website, or communicate with Plandentic, what happens with this personal data, and how you can exercise your rights. All collection, processing, and use of personal data ("processing") by Plandentic is exclusively for the purposes of providing and optimizing the Plandentic services ("services"), monitoring the function and performance of our website, supporting our business operations, complying with legal and regulatory obligations, and providing customer service.

For the purposes of this policy and data protection laws, namely the General Data Protection Regulation (GDPR) (EU) 2016/679 ("GDPR"), we are the data controller, meaning we determine the purpose and means of processing of your personal data. If you have questions about our processing of personal data, you will find our contact information in the section below.

Controller

The controller according to Art. 4 Nr. 7 of the GDPR is:
Plandentic d.o.o.
Trg Hrvatskih Branitelja 25/1
43000 Bjelovar
Croatia

Company Registration Number (OIB): 50193006578
VAT ID: HR50193006578

Data Protection Officer

For questions related to data protection, you can contact us via email: info@plandentic.com

Or by post:
Plandentic d.o.o.
Attn: Data Protection
Trg Hrvatskih Branitelja 25/1
43000 Bjelovar
Croatia

Definitions

When we refer to "personal data," we mean all particulars related to an identified or identifiable natural person ("data subject").

When we refer to Plandentic, "we" or "us", we mean Plandentic d.o.o., the company providing the Plandentic dental treatment planning platform.

When we refer to "our website" and/or "Plandentic website," we mean plandentic.com (including all subdomains).

When we refer to "Plandentic application," we mean Plandentic's dental treatment planning software and services.

Data Protection Principles

The GDPR sets out the principles which must be complied with by any party handling personal data. Plandentic will comply with these principles, as detailed in Article 5 of the GDPR:

  • Processed lawfully, fairly, and in a transparent manner in relation to the data subject;
  • Collected for specified, explicit, and legitimate purposes and not further processed in a manner that is incompatible with those purposes;
  • Adequate, relevant, and limited to what is necessary in relation to the purposes for which it is processed;
  • Accurate and where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that is inaccurate is erased or rectified without delay;
  • Kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data is processed;
  • Processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organizational measures;
  • The controller is responsible for and must be able to demonstrate compliance with the data protection principles.

In order to process personal data, a lawful ground must exist. The permitted grounds for processing are enumerated in Article 6 of the GDPR:

  • Consent (Article 6, Paragraph 1(a)): The freely given consent of the data subject to process their data for a specific purpose.
  • Contract Performance (Article 6, Paragraph 1(b)): Processing necessary for the performance of a contract or to take steps at the request of the data subject before entering into a contract.
  • Legal Obligation (Article 6, Paragraph 1(c)): Processing necessary to comply with a legal obligation.
  • Vital Interests (Article 6, Paragraph 1(d)): Processing necessary to protect vital interests of the data subject or another person.
  • Legitimate Interests (Article 6, Paragraph 1(f)): Processing necessary for the purposes of legitimate interests pursued by the controller or a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject.

What Personal Data We Collect

We practice data minimization. Unless expressly stated, the provision of your personal data is not required or obligatory. The personal data that we collect about you falls into the categories set out below. We have designed our services with privacy-by-design principles and collect only the minimum data necessary to provide our dental treatment planning services—nothing more.

We do not:

  • Track your browsing behavior across websites
  • Collect data from social media or third-party data brokers
  • Use fingerprinting or other invasive tracking technologies
  • Collect any data we don't strictly need to serve you
Category of Personal Data What This Can Include Legal Basis
Contact Data Name, email address, phone number, company name, job title Contract Performance, Legitimate Interests
Account Data Username, email address, company name, subscription details, account preferences Contract Performance
Billing Data Billing address, payment history, invoice details Contract Performance, Legal Obligation
Communications Data If you correspond with us by email or through our platform, we may retain the content of such messages and our responses Legitimate Interests, Contract Performance
Device and Service Data Internet protocol (IP) address, browser type and version, time zone setting, operating system, date and time of access Legitimate Interests
Usage Data Pages viewed, features used, navigation paths, time spent on pages Legitimate Interests
Clinical Data (Application Users Only) Treatment plans, patient information (anonymized or pseudonymized as configured by the dental practice) Contract Performance

How We Use Your Personal Data

We collect and process personal data in the following situations for the purposes listed:

Website Visitors

When you visit our website, our server temporarily saves details of your access in its logs. These logs contain the following personal data, which are kept until their automatic deletion in accordance with our data retention policy:

  • Device and Service Data
  • Usage Data

The purpose of recording this personal data is to make it possible to serve the website to you, to secure our servers, and for the technical administration of our infrastructure as well as the optimization of our services.

Contact Forms and Inquiries

When you contact us through our website or by email, we collect:

  • Contact Data
  • Communications Data

The purpose of processing this data is to respond to your inquiries, provide customer support, and communicate with you about our services.

Account Registration and Service Usage

When you register for and use the Plandentic application, you provide the following data:

  • Contact Data
  • Account Data
  • Billing Data
  • Communications Data
  • Device and Service Data
  • Usage Data
  • Clinical Data (as you input it)

The purpose of processing this data is to provide, maintain, and optimize our services, communicate with you, process payments, monitor and analyze trends and usage, prevent misuse, and provide customer support.

Marketing Communications

With your consent or where we have a legitimate interest, we may use your contact information to send you product updates, industry news, or other communications about services that may be of interest to you. You can opt out of marketing communications at any time using the unsubscribe mechanism provided in each communication.

Cookies and Analytics

Our Cookie-Free Approach

We respect your privacy by not using tracking cookies. Unlike most websites, Plandentic does not use:

  • Third-party tracking cookies
  • Advertising cookies
  • Social media cookies
  • Analytics cookies that collect personal data

Essential Cookies Only

Our website only uses strictly necessary cookies required for the basic functioning of the site, such as:

  • Session cookies to keep you logged in
  • Security cookies to protect against fraud

These essential cookies do not track you across websites and are automatically deleted when you close your browser or after a short period.

Privacy-Friendly Analytics

Note: We currently do not use any analytics. When we implement website analytics, we will use Plausible Analytics, a privacy-first, GDPR-compliant tool that does not use cookies or collect personal data.

Your Browser Settings

You can control and delete cookies through your browser settings at any time. However, please note that blocking essential cookies may impact the functionality of certain features on our website.

Securing Your Data

To secure your data, we have put in place technical, organizational, and personnel procedural measures to safeguard personal data against loss, theft, and unauthorized access, use, or modification. These measures meet the requirements of the GDPR.

Your data is saved on secure servers with restricted access. All data transmission to and from our services is encrypted using industry-standard TLS/SSL protocols. We regularly review and update our security measures to ensure ongoing protection of your personal data.

Data Retention

Unless you specifically ask us to delete your personal data, Plandentic keeps and processes personal data for as long as it is necessary to provide you with services and comply with our legal obligations. However, even if you request deletion, we may be required to retain your data for as long as necessary to:

  1. Comply with our legal or regulatory compliance needs (e.g., maintaining records of transactions);
  2. Exercise, establish, or defend legal claims; and/or
  3. Protect against fraudulent or abusive activity on our service.

When the purpose of the processing has been fulfilled, your personal data will be deleted or anonymized, unless we are legally required to retain it. Typical retention periods are:

  • Active accounts: For the duration of your subscription plus 1 year
  • Closed accounts: 1 year after account closure
  • Website logs: 1 year
  • Billing records: 11 years (as required by Croatian tax and accounting laws)
  • Marketing data: Until you unsubscribe or 1 year of inactivity

How We Share Your Data

We do not sell your personal data. We may share your personal data with the following categories of recipients:

  • Service Providers: We use trusted third-party service providers to help us operate our business and provide our services (e.g., hosting providers, payment processors, email service providers). These providers are contractually obligated to protect your data and use it only for the purposes we specify.
  • Legal Requirements: We may disclose your personal data if required to do so by law or in response to valid requests by public authorities.
  • Business Transfers: In the event of a merger, acquisition, or sale of assets, your personal data may be transferred to the acquiring entity.

Third-Party Service Providers

We use the following categories of third-party service providers:

  • Hosting and Infrastructure: DigitalOcean
  • Payment Processing: Stripe (for future payment processing)

International Data Transfers

Your personal data may be processed in countries outside of the European Economic Area (EEA). When we transfer personal data outside of the EEA, we ensure appropriate safeguards are in place, such as:

  • Standard Contractual Clauses approved by the European Commission;
  • Adequacy decisions by the European Commission recognizing certain countries as providing adequate data protection;
  • Other legally approved transfer mechanisms.

Your Rights

You have the following rights concerning your personal data:

  • Right to Access: You have the right to obtain confirmation as to whether personal data concerning you is being processed and to access that data.
  • Right to Rectification: You have the right to obtain the correction of inaccurate personal data.
  • Right to Erasure ("Right to be Forgotten"): You have the right to obtain the deletion of your personal data under certain circumstances.
  • Right to Restriction of Processing: You have the right to restrict the processing of your personal data under certain circumstances.
  • Right to Data Portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format.
  • Right to Object: You have the right to object to the processing of your personal data based on legitimate interests or for direct marketing purposes.
  • Right to Withdraw Consent: Where processing is based on consent, you have the right to withdraw that consent at any time.
  • Right to Lodge a Complaint: You have the right to lodge a complaint with a supervisory authority, particularly in the EU member state of your residence, place of work, or place of the alleged infringement.

How to Exercise Your Rights

To exercise any of these rights, please contact us at info@plandentic.com or write to us at the postal address provided in the "Data Protection Officer" section above.

We may need to verify your identity before responding to your request. We will respond to your request within one month of receipt, though this period may be extended by two additional months where necessary, taking into account the complexity and number of requests.

Children's Privacy

Our services are not directed to individuals under the age of 16. We do not knowingly collect personal data from children. If you become aware that a child has provided us with personal data, please contact us, and we will take steps to delete such information.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last Updated" date below.

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your personal data.

Contact Us

If you have any questions about this Privacy Policy or our data protection practices, please contact us:

Email: info@plandentic.com

Postal Address:
Plandentic d.o.o.
Attn: Data Protection
Trg Hrvatskih Branitelja 25/1
43000 Bjelovar
Croatia

Last Updated: October 25th, 2025

Have any questions for us?