← Back to Dentilier

Privacy Policy

Effective date: 18 May 2026

1. Who We Are & Our Role

Dentilier Technology (SSM Reg. No. 202603126518 / JM1044284-V) provides the Dentilier dental clinic operating system to licensed dental clinics in Malaysia. We are committed to protecting personal data in accordance with the Personal Data Protection Act 2010 (PDPA) of Malaysia.

In this policy, "we", "our", or "Dentilier" refers to Dentilier Technology — the company that builds and operates the software.

Under PDPA 2010, roles are split as follows:

  • The dental clinic using Dentilier is the data controller of its patient records. The clinic decides what data is collected from patients, how it is used in the course of care, and who within the clinic may access it.
  • Dentilier Technology is the data processor. We host and process patient records strictly on behalf of and on instruction from the clinic. We do not use patient data for our own purposes.

If you are a patient: please direct PDPA-related requests (access, correction, withdrawal of consent, copy of your data) to your clinic in the first instance — they are the party that holds your record and is best placed to act on it. Dentilier Technology will support the clinic in responding to your request. You may also contact us directly using the details in Section 10 if your clinic is unable to assist.

2. What Personal Data We Collect

We collect and process the following categories of personal data:

  • Identity data: Full name, IC number, date of birth, gender
  • Contact data: Phone number, email address
  • Health data (sensitive): Medical history, diagnoses, medications, procedures, allergies, clinical notes, X-rays and attachments
  • Financial data: Invoice records, payment method, payment history
  • Emergency contact: Name, relationship, phone number of a nominated contact

3. How We Use Your Data

Your personal data is used solely for the following purposes:

  • Providing and managing dental care and treatment
  • Scheduling and managing appointments
  • Generating invoices and processing payments
  • Maintaining accurate medical records as required by law
  • Contacting you or your emergency contact when necessary
  • Complying with legal and regulatory obligations

4. Legal Basis for Processing

We process your personal data on the following legal bases under PDPA 2010:

  • Consent: You provide explicit consent at the time of registration
  • Contractual necessity: To fulfil the dental services you request
  • Legal obligation: To comply with Malaysian medical records law (7-year retention)

5. Data Retention

In accordance with the Medical Act 1971 and MOH guidelines, patient medical records are retained for a minimum of:

  • 7 years from the date of last treatment for adult patients
  • Until the patient reaches age 25 for patients who were minors at time of treatment

After the retention period, records are permanently deleted unless otherwise required by law.

6. Data Security

We implement the following security measures to protect your data:

  • Encryption in transit (TLS 1.2+) and at rest (AES-256)
  • Role-based access control — only authorised clinic staff can access records
  • Row-level security ensuring each clinic can only access their own patients' data
  • Full audit logging of all data access and modifications

7. Sharing of Data

We do not sell, trade, or rent your personal data to third parties. Data may only be shared:

  • With your written consent
  • With referring healthcare providers for continuity of care
  • As required by Malaysian law or a court order
  • With Supabase (our cloud infrastructure provider) under strict data processing agreements

8. Your Rights Under PDPA 2010

You have the right to:

  • Access your personal data held by the clinic
  • Correct any inaccurate or incomplete data
  • Withdraw consent at any time (subject to legal retention obligations)
  • Request a copy of your data in a portable format

To exercise any of these rights, please contact the clinic directly or email us at privacy@dentilier.com. We will respond within 21 days as required by PDPA.

9. Data Breach Notification

In the event of a data breach affecting your personal data, we will notify affected individuals and the relevant authorities within 72 hours of becoming aware of the breach, in line with best practices and applicable Malaysian law.

10. Contact Us

For any privacy-related queries, requests, or complaints regarding the Dentilier platform, please contact:

Dentilier Technology

SSM Reg. No. 202603126518 (JM1044284-V)

P-1-3A Maskiara Residences TTDI, 60000 Kuala Lumpur, Malaysia

Email: privacy@dentilier.com

Patients: please contact your clinic first for record access, correction, or copy requests. Your clinic is the data controller of your record and is best placed to act on your request.