Privacy Policy

Last updated: May 2025

Who we are

OrthoPlanner is a B2B remote orthodontic treatment planning service operated by Dr. Fernando Moraleda Gómez and Jorge Gonzalez Villaumbrosia. We provide UK and Ireland dental clinics with specialist-level orthodontic planning delivered through a secure web platform. Our contact address is orthoplanners.mvagmail.com.

Data we collect

We collect only the data necessary to provide our service:

  • Account information — your name and email address when you register.
  • Platform credentials — the username and password for your aligner platform (Invisalign, Spark, etc.), stored encrypted and used solely to access your cases.
  • Case data — patient details (name, age, gender) and clinical notes you submit when creating orthoplanning tasks.
  • Billing information — managed through Stripe. We store only your Stripe customer ID; full card details are never held on our servers.
  • Technical data — standard server logs (IP address, browser type, pages visited) used to operate and secure the platform.

How we use your data

Your data is used exclusively to:

  • Deliver the orthoplanning service — accessing your cases on the aligner platform, preparing treatment plans, and making them available in your portal.
  • Process payments — creating and managing your subscription or credit purchases via Stripe.
  • Send service communications — transactional emails such as task status updates, invoices, and account notifications.
  • Secure the platform — detecting and preventing fraudulent or unauthorised access.
  • Meet legal obligations — retaining records as required by applicable law.

Data sharing

We share data only with the sub-processors listed below, each bound by data processing agreements:

Supabase

Database and authentication infrastructure. All data is stored in EU-based servers (AWS eu-west-1).

Stripe

Payment processing. Stripe handles all card data under PCI-DSS compliance. See stripe.com/privacy for details.

We do not sell, rent, or share your personal data with advertisers or any other third parties.

Data retention

We retain your account data and case history for as long as your account is active and for up to 2 years after closure, unless a longer period is required by law. You may request earlier deletion by contacting us. Platform credentials are deleted immediately upon your request or account closure.

Security

Platform credentials are stored encrypted using AES-256 symmetric encryption. Authentication tokens are short-lived JWTs managed by Supabase Auth. Access to production data is restricted to authorised personnel only. Despite these measures, no internet transmission is 100% secure and we cannot guarantee absolute security.

Your rights

Under UK GDPR and applicable data protection law, you have the right to:

  • Access — request a copy of the personal data we hold about you.
  • Rectification — ask us to correct inaccurate or incomplete data.
  • Erasure — request deletion of your personal data (subject to legal retention requirements).
  • Portability — receive your data in a structured, machine-readable format.
  • Objection — object to processing based on legitimate interests.

To exercise any of these rights, please contact us at orthoplanners.mv@gmail.com. We will respond within 30 days.

Changes to this policy

We may update this policy from time to time. The "last updated" date at the top of this page will reflect any changes. For material changes we will notify registered users by email at least 14 days before they take effect.

Contact

For any privacy-related questions or requests, please contact us at orthoplanners.mv@gmail.com.