Privacy Policy

CYBERDENTAL GROUP LLC ("CyberDental," "we," "our," or "us") operates the secure card authorization platform at card.cyberdental.co. This Privacy Policy explains how we collect, use, disclose, retain, and safeguard information when cardholders and dental practices use our payment authorization services.

Information We Collect

Information You Provide

When you submit a card authorization through our platform, we collect:

• Payment Card Information: Card number, cardholder name, expiration date, and CVV (encrypted immediately upon entry using RSA-4096 + AES-256-GCM encryption)
• Billing Information: Name, street address, city, state, and ZIP code
• Authorization Details: Authorization date, practice name, digital signature, reference code, and submission metadata

Information Collected Automatically

When you access our platform, we automatically collect:

• Device Information: Browser type, operating system, and device identifiers
• Usage Data: IP address, access times, pages viewed, error events, and security logs
• Session Data: Authentication tokens, session identifiers, and access activity for authorized practice users

How We Use Your Information

We use the information we collect to:

• Process and store card authorizations securely for dental practices
• Enable authorized dental practice personnel to process payments
• Send administrative communications and notifications
• Maintain security and prevent fraud
• Comply with legal obligations and PCI DSS requirements
• Improve our services and user experience

We process information only as needed to provide the Service, support authorized dental practices, protect the platform, comply with applicable law, and enforce our Terms of Service.

Data Security

We implement industry-leading security measures to protect your information:

• End-to-End Encryption: Card data is encrypted client-side before transmission using RSA-4096 public key encryption combined with AES-256-GCM symmetric encryption
• Zero Plaintext Storage: We never store unencrypted card data. All sensitive information is encrypted at rest
• PCI DSS Compliance: Our platform is designed to meet Payment Card Industry Data Security Standards
• Access Controls: Only authorized personnel can decrypt card data, with all access logged and audited
• Secure Infrastructure: We use enterprise-grade cloud infrastructure with encrypted data transmission

Data Sharing and Disclosure

We do not sell your personal information. We may share your information with:

• Dental Practices: The dental practice you authorized to charge your card
• Service Providers: Third-party vendors who assist in operating our platform (subject to confidentiality agreements)
• Legal Requirements: When required by law, subpoena, or to protect our legal rights

Third-Party Services

Our platform uses the following third-party services:

• Supabase: Database and authentication infrastructure - Privacy Policy
• Resend: Email notification services - Privacy Policy
• Cloudflare: Hosting and deployment - Privacy Policy

We require service providers to process information only for authorized business purposes and to protect it with appropriate safeguards.

Cookies and Tracking

We use essential cookies to:

• Maintain admin user sessions
• Ensure security (CSRF protection)
• Remember your preferences

We do not use advertising cookies or sell personal information collected through the card authorization forms.

Data Retention

We retain your information as follows:

• Card Authorizations: Stored encrypted for the period required by the dental practice relationship, applicable law, and operational needs
• Audit Logs: Retained as needed for security, compliance, fraud prevention, and dispute resolution
• Session Data: Deleted upon logout or after 8 hours of inactivity

When information is no longer needed, we delete it, de-identify it, or retain it only as required by law or legitimate compliance obligations.

Your Rights

Depending on your location, you may have the right to:

• Access your personal data
• Correct inaccurate data
• Request deletion of your data
• Object to processing
• Data portability
• Withdraw consent

For California Residents (CCPA)

California residents have additional rights under the California Consumer Privacy Act, including the right to know what personal information is collected and the right to opt-out of the sale of personal information. We do not sell personal information.

For EU/EEA Residents (GDPR)

If you are in the European Union or European Economic Area, you have rights under GDPR including access, rectification, erasure, restriction, portability, and objection. Contact us to exercise these rights.

We will verify requests before taking action and may need to coordinate with the relevant dental practice when we process information on its behalf.

Children's Privacy

Our services are not intended for individuals under 18 years of age. We do not knowingly collect personal information from children.

Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of significant changes by posting the new policy on this page and updating the "Last Updated" date. Your continued use of our services after changes constitutes acceptance of the updated policy.

Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights, contact us at: