Processing purpose
DentalAI processes clinic and patient data to provide contracted software services, support, security monitoring, auditability, and compliance workflows.
Processing is tenant-scoped and bound to the clinic context used by the application.
Security measures
The application is designed around RLS-backed tenant isolation, sensitive-field encryption, append-only audit logs, least-privilege roles, and signed webhook handling.
Production readiness still depends on the deployment, credential, vendor, and signoff checks shown in the readiness audit.
Subprocessors
External providers are used through provider abstractions for hosting, email, SMS, billing, identity, PMS connectivity, object storage, and AI inference.
Provider use is limited to the configured region and service policy for the deployment environment.