Security
Patient data deserves serious protection.
Dentilier is built for healthcare data from the ground up — encryption, role-based access, database-level isolation, and full audit logging. Here's how it works.
Encryption everywhere
All data is encrypted in transit (TLS 1.2+) and at rest (AES-256). Backups inherit the same protection.
Role-based access control
Owners, dentists, assistants, and front-desk staff each see only what their role allows. Permissions are auditable.
Row-level security
Database-level isolation ensures one clinic can never read another clinic's data — even if application code is compromised.
Full audit logging
Every record access and change is logged with user, timestamp, and IP. Trace any action back to a specific person.
Infrastructure
Hosted on Supabase (built on AWS). Region: Asia (Singapore) by default. Daily backups with point-in-time recovery.
Breach notification
If there is a data breach affecting patient data, we notify affected clinics and relevant authorities within 72 hours of becoming aware.
Compliance posture
Dentilier Technology is committed to compliance with Malaysia's Personal Data Protection Act 2010 (PDPA) and the relevant obligations under the Medical Act 1971 and Private Healthcare Facilities and Services Act 1998.
- PDPA-aligned by design.Roles, consent capture, retention, and breach notification reflect PDPA requirements. We are not yet ISO 27001 or SOC 2 certified — that is on our roadmap.
- LHDN MyInvois ready.Our e-invoicing integration is built to LHDN's MyInvois specification. Not the same as "LHDN-certified" — there is no such certification.
- 7-year retention.Patient records are retained as required by Malaysian medical records law — 7 years from last treatment for adults, until age 25 for minors.
For full detail on data handling, see our Privacy Policy.