Legal
Privacy Policy
Operated by TED Consulting · Effective: April 2026 · Last updated: April 2026
We connect international patients with dental clinics in India. In doing so, we collect sensitive health data. This policy explains exactly what we collect, why, and how we protect it.
1. Who We Are
TED Consulting (operating as DentAItinerary) is the Data Controller and Data Fiduciary for all personal data collected through this platform. We are incorporated in India.
hello@dentaitinerary.ai · Response within 72 hours
Grievance Officer (DPDPA): Jugal Kishore Dubey
We do not sell your data. We do not use it for advertising.
2. What We Collect
Account & Identity Data
Full name, email address, phone number, WhatsApp number, country of residence.
Health DataSpecial Category
Collected during profile setup and case submission:
- Description of dental concern and treatment sought
- Dental and medical history (conditions, medications, allergies)
- X-rays, dental photographs, and medical reports you upload
- Before-treatment and after-treatment photographs
- Treatment sign-off rating and written comment
Health data is collected only with your explicit, separate consent — never bundled into general Terms acceptance.
Booking & Financial Data
Treatment selections, travel dates, tier preference, quotation details, booking records, payment milestones and amounts. Payment card data is processed by Stripe/Razorpay — we do not store card numbers or CVVs.
Trip & Communication Data
Itinerary details, coordinator notes, WhatsApp messages (via Business API), email communications, trip memory photos you voluntarily upload.
Technical Data
IP address, device type, browser, operating system, pages visited, session duration, cookie data.
3. Why We Collect It
| Data | Purpose | Legal Basis |
|---|---|---|
| Account / identity | Account management, communication, platform access | Contract |
| Health data | Clinic matching, case routing, quotation generation | Explicit consent |
| Booking & financial | Booking management, payment processing | Contract |
| Financial records | Accounting, tax compliance | Legal obligation |
| Trip data | Coordinator logistics, calendar sync | Contract |
| Communications | Case management, support | Contract + Legitimate interests |
| Technical / usage | Platform security, fraud prevention | Legitimate interests |
5. International Data Transfers
TED Consulting is incorporated in India. If you are in the UK, EU, or Australia, your data is transferred to India for processing.
UK and EU residents: We rely on Standard Contractual Clauses (SCCs) as the transfer mechanism under UK GDPR / EU GDPR.
Australian residents: We take reasonable steps to ensure overseas recipients handle data in accordance with the Australian Privacy Principles.
6. Data Retention
| Data Category | Retention Period |
|---|---|
| Account and identity data | Duration of account + 3 years after deletion |
| Health records (X-rays, treatment data) | 7 years from last treatment date |
| Financial and payment records | 7 years (statutory requirement) |
| Booking and trip records | 7 years |
| Communications | 3 years after case closure |
| Marketing emails | Until you unsubscribe |
| Technical / log data | 12 months |
After retention periods expire, data is securely deleted or irreversibly anonymized.
7. Your Rights
All Users (DPDPA)
- Access your personal data
- Correct inaccurate data
- Delete your data — via account settings → “Delete My Data” or email hello@dentaitinerary.ai
- Withdraw consent for health data processing at any time
UK and EU Residents (UK GDPR / EU GDPR)
- All of the above, plus: data portability, restriction of processing, right to object
- Lodge a complaint with the ICO (UK) or your national DPA (EU)
Australian Residents
Make a complaint to the Office of the Australian Information Commissioner — oaic.gov.au
California Residents (CCPA)
- Know what data we collect and how it is used
- Delete personal information
- Opt out of sale — we do not sell data
To exercise any right: email hello@dentaitinerary.ai. We respond within 30 days (72 hours for urgent health data requests).
8. Security
- All data encrypted in transit (TLS 1.3) and at rest (AES-256)
- Health records stored in isolated, column-level encrypted storage
- Audit logging on all health data access
- Clinics access only their assigned patients' relevant data
- Patient health data accessible only to DentAItinerary staff on need-to-know basis
In the event of a data breach, we will notify you and the relevant supervisory authority within the timeframes required by applicable law.
9. Health Data — Our Commitments
We will never use your health data for advertising, profiling, or any purpose unrelated to your dental care on this platform.
Health data is shared with clinics only on a need-to-know basis for your treatment.
You can request deletion of all health data at any time. We will comply within 30 days subject to any legal retention obligation.
We will notify you separately and promptly in the event of any security incident affecting your health data.
11. Changes to This Policy
We will notify you by email at least 14 days before any material change takes effect. Continued use of the platform after the effective date constitutes acceptance.
Contact
TED Consulting · operating as DentAItinerary
hello@dentaitinerary.ai
Grievance Officer (DPDPA): Jugal Kishore Dubey
UK Supervisory Authority: Information Commissioner's Office — ico.org.uk
EU Supervisory Authority: edpb.europa.eu
Australia: Office of the Australian Information Commissioner — oaic.gov.au
© 2026 TED Consulting · DentAItinerary