Privacy Policy
Last updated: 2026-07-10
This Privacy Policy explains how AutoArch ("AutoArch," "we," "us") collects, uses, shares, and protects information when you use the AutoArch service (the "Service"). It should be read together with our Terms of Service. AutoArch provides software to a dental or orthodontic practice ("you"); with respect to patient information you upload, you are the party that determines why and how it is processed, and we process it only to provide the Service to you.
1. Information We Collect
- Account information — your practice name, email address, and a securely hashed password. We never store your password in readable form.
- Content you upload ("Customer Content") — intraoral scan files, and any patient name or label you choose to attach to a case, plus the model files generated from them.
- Usage and diagnostic records — account events (such as sign-ins, uploads, and processing outcomes) used to operate and secure the Service, and standard server logs.
- Billing information — handled by our payment processor (Stripe). We receive your subscription status and a customer reference, but not your full card number.
2. How We Use Information
We use information to: provide and operate the Service (including processing your scans into finished models); manage your account and subscription; secure the Service and prevent abuse; respond to your support requests; and comply with legal obligations. We do not sell your information, and we do not use your Customer Content or patient data to train our models or for advertising.
3. Retention and Deletion of Patient Data
Automatic deletion is central to how we protect patient information. Each finished case is retained only for the retention period configured in your account settings, after which its files and patient label are permanently and automatically purged from the Service. You can change your retention period at any time in Settings, and you can delete any case or your entire account on demand. Account records (such as your email and billing status) are kept for as long as your account is active and as needed for legitimate business and legal purposes.
4. How We Share Information
We share information only with service providers who process it on our behalf to run the Service, under obligations of confidentiality and only for that purpose:
- Payment processing — Stripe, for subscriptions and billing.
- Hosting — our cloud hosting provider, where the application and data reside.
- Network security and delivery — our CDN/security provider (Cloudflare), which routes and protects web traffic.
- Email delivery — our transactional email provider, for account and password-reset messages.
We may also disclose information if required by law, to protect our rights or the safety of others, or in connection with a business transfer, subject to this Policy.
5. Security
We protect information with measures including encryption of traffic in transit (HTTPS), strict per-practice data isolation, hashed passwords, access controls, automatic deletion of case files, and routine backups of account records. No method of transmission or storage is perfectly secure, and we cannot guarantee absolute security, but we work to protect your information and to promptly address issues.
6. Your Responsibilities and Choices
You control what you upload. We encourage you to include only the minimum patient-identifying information necessary, and to obtain any patient consents required by the laws that apply to your practice. You can access and update your account details, adjust your retention period, and delete cases or your account through the Service. To make other privacy requests, contact us at [email protected].
7. Cookies
We use only the cookies necessary to operate the Service — a secure session cookie to keep you signed in and a companion token used to protect against cross-site request forgery. We do not use advertising or third-party tracking cookies.
8. Children
The Service is intended for use by dental and orthodontic professionals, not by children, and we do not knowingly collect personal information directly from children. Scans you process may relate to patients who are minors; you are responsible for obtaining any consents required for that patient information.
9. International Users
The Service is operated and hosted in the United States. If you access it from elsewhere, you understand that your information will be processed in the United States.
10. Changes to This Policy
We may update this Policy from time to time. We will revise the "Last updated" date above and, for material changes, provide additional notice where appropriate.
11. Contact
Questions or privacy requests? Contact us at [email protected].