Privacy Policy

Last Updated: 30 April 2026

1. Introduction

This Privacy Policy explains how The Smile Grid (“SmileGrid,” “we,” “us,” or “our”) collects, uses, stores, shares, and protects personal data when you visit our website, submit an inquiry, create or use an account, or otherwise interact with our services.

This Privacy Policy is intended to describe our data handling practices for:

• Website visitors

• Inquiry and demo request submitters

• Customer and prospect contacts

• Platform administrators and tenant users

• Certain categories of data submitted to the platform by customer organizations

This Privacy Policy should be read together with our Terms of Use and any applicable commercial agreement or data processing agreement.

---

2. Scope

This Privacy Policy applies to:

• thesmilegrid.com

• SmileGrid-controlled public pages

• Platform administration interfaces

• Tenant onboarding and account-related interactions

• Related support, inquiry, and operational processes controlled by SmileGrid

Where customer organizations use SmileGrid to upload or manage clinic and patient-related data, SmileGrid may process such data on behalf of those organizations in accordance with applicable agreements and instructions.

---

3. Categories of Personal Data We Collect

Website and Inquiry Data

We may collect:

• Full name

• Work email

• Phone number

• Company or clinic name

• Country or region

• Inquiry type

• Message content

• Demo or contact preferences

Account and User Data

We may collect:

• Name

• Email

• Username or login identifier

• Phone number

• Role

• Tenant or clinic association

• Account status

• Last sign-in information

• Audit and activity records associated with platform use

Technical and Usage Data

We may collect:

• IP address

• Browser type

• Device information

• Request metadata

• Logs

• Activity timestamps

• Security event data

• Pages or modules accessed

Customer-Submitted Operational Data

Customer organizations may submit or manage operational and clinic-related information through SmileGrid, which may include data about staff, appointments, visits, workflows, and patient administration or clinical records.

Where SmileGrid processes such data on behalf of a customer organization, that organization remains responsible for ensuring it has the required legal basis and notices for such processing.

---

4. How We Use Personal Data

We may use personal data for the following purposes:

• To provide, operate, secure, and improve the Services

• To create and manage accounts

• To authenticate users and enforce access controls

• To route users to the correct tenant workspace

• To respond to demo requests, contact requests, or other inquiries

• To manage onboarding, support, and customer communications

• To maintain audit trails, security logs, and operational records

• To troubleshoot, detect, prevent, and investigate fraud, abuse, cyber incidents, and unauthorized access

• To comply with legal, regulatory, contractual, and security obligations

• To enforce our Terms, agreements, and policies

• To analyze service usage and improve product performance and user experience

---

5. Customer-Submitted Clinic and Patient Data

SmileGrid may process clinic-submitted data, including information entered by customer organizations relating to patient administration or clinical operations.

In relation to such data:

• The relevant customer organization generally determines the purpose and means of use within its workspace

• SmileGrid provides the platform and related processing services

• The customer organization is responsible for ensuring that collection, use, and entry of such data into the platform is lawful and appropriately disclosed to relevant individuals where required

• SmileGrid processes such data in accordance with applicable agreements, documented instructions where applicable, and applicable law

SmileGrid does not claim ownership over customer-submitted clinic or patient records.

---

6. Cookies and Similar Technologies

SmileGrid may use cookies, session tokens, local storage, and similar technologies for:

• Authentication

• Session continuity

• Security

• Preferences

• Product functionality

• Analytics and performance monitoring

You may be able to control some cookie settings through your browser. Disabling some cookies may affect functionality.

If we use non-essential cookies or similar tracking technologies, we may provide additional notice or consent mechanisms as required.

---

7. Sharing of Personal Data

We may share personal data only where reasonably necessary, including with:

• Service providers and infrastructure providers supporting hosting, security, storage, analytics, or operational support

• Professional advisers, auditors, insurers, and consultants

• Customer organizations that control the relevant workspace or account relationship

• Legal or regulatory authorities where required by law, legal process, or valid governmental request

• Counterparties in connection with a merger, acquisition, restructuring, financing, or sale of business assets, subject to appropriate safeguards

We do not sell personal data in the ordinary meaning of a public consumer data marketplace.

---

8. International and Cross-Border Processing

SmileGrid may use infrastructure, vendors, or support processes that involve processing or access from locations outside the place where the data was originally collected, subject to applicable law and reasonable safeguards.

Where customer organizations require location-specific handling, this may be addressed through contract and deployment design where available.

---

9. Data Retention

We retain personal data only for as long as reasonably necessary for:

• The purposes described in this Privacy Policy

• Account administration

• Service delivery

• Contractual obligations

• Auditability

• Legal, tax, regulatory, and security requirements

• Dispute resolution and enforcement

Retention periods may vary based on the type of data and context.

Security and operational logs may be retained in accordance with applicable law, security requirements, and incident response obligations.

---

10. Security Safeguards

We use reasonable technical and organizational safeguards designed to protect personal data against unauthorized access, disclosure, alteration, loss, or destruction.

These measures may include:

• Authentication controls

• Role-based access controls

• Tenant and clinic-level access restrictions

• Audit logging

• Secure transmission controls

• Infrastructure and application security measures

• Monitoring and incident response processes

No platform or storage environment is completely immune from risk, and we cannot guarantee absolute security.

SmileGrid applies reasonable safeguards, but no internet-based service can be guaranteed to be completely secure.

---

11. Your Rights and Choices

Subject to applicable law, individuals may have rights in relation to their personal data, which may include rights to:

• Request access to personal data

• Request correction or updating of inaccurate data

• Request deletion or erasure where applicable

• Withdraw consent where processing relies on consent and withdrawal is legally available

• Seek grievance redressal

Where SmileGrid processes data on behalf of a customer organization, requests relating to workspace-controlled data may need to be directed first to the relevant customer organization, since that organization may control the relevant data and processing purpose.

---

12. Children’s Data

SmileGrid is intended for business and operational use by authorized organizations and staff.

To the extent customer organizations enter data relating to minors into the platform, the customer organization is responsible for ensuring lawful collection and use, including parental or guardian authorization where required by applicable law.

SmileGrid does not knowingly collect children’s personal data directly through its public website for independent consumer use.

---

13. Electronic Records and Communications

By using the Services, you agree that we may communicate with you electronically for service-related, legal, security, onboarding, billing, and support purposes.

Electronic records and electronic communications may be used for product operations, acknowledgements, notices, and acceptance workflows where legally valid.

---

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we do, we will revise the effective date and publish the updated version. Where required by law, we will take additional steps to notify users or obtain updated consent.

---

15. Contact and Grievance Redressal

For privacy, grievance, or data protection concerns, please contact:

Privacy / Grievance Contact

[Name / Designation]

The Smile Grid

[Registered Address]

Email: [privacy@thesmilegrid.com]

Phone: [●]

If you are raising a concern about data submitted by a clinic or customer organization through a SmileGrid workspace, we may ask you to contact the relevant clinic or organization directly where they control the relevant data.