Trust & Security

Where your patients' data lives, and who can touch it.

This page is a plain description of how Dentrecall is actually built, not a marketing checklist. It covers where data is stored, how accounts are protected, what we log, and what we deliberately don't do.

Canada
Data residency (Montreal)
MFA
Mandatory for owners & managers
Read-only
PMS integration, always
How it's built

Six things worth checking before you trust us with patient data.

Every claim below is something we can show you, not just tell you.

location_on

Data residency

  • check_circlePatient data is stored in Canada — our Postgres database runs in Supabase's ca-central-1 (Montreal) region.
  • check_circleApplication logic runs from a Montreal-region Vercel deployment (yul1), so processing happens close to where the data lives.
  • check_circleMarketing pages are served from a global CDN edge network; no patient data ever passes through that layer.
lock

Encryption

  • check_circleAll traffic to and from Dentrecall runs over TLS 1.2+, with HSTS enforced on the live domain.
  • check_circleData at rest is encrypted using Supabase's managed Postgres encryption.
  • check_circleNo patient payment card data ever touches our servers — checkout runs entirely on Stripe's hosted infrastructure.
verified_user

Multi-factor authentication

  • check_circleTOTP-based MFA with one-time backup codes, mandatory for owner, manager, and super-admin accounts.
  • check_circleStaff MFA is configurable per clinic — an owner can require it for every login.
  • check_circleStep-up (AAL2) verification is enforced at the API layer, not just the login screen, before sensitive actions.
hub

Access control & isolation

  • check_circleEvery database query is scoped to a clinic_id — one clinic can never see another clinic's patients or messages.
  • check_circleRole-based access across owner, manager, staff, and super-admin, with the smallest role able to do the least.
  • check_circleThree failed login attempts locks an account; security-relevant actions (invites, role changes, plan changes) are written to an audit log.
mail_lock

Data minimization

  • check_circleApplication logs reference patients by internal ID only — names, phone numbers, and emails are never written to logs.
  • check_circleSMS consent is tracked per patient, and a patient's own "STOP" reply is honoured immediately, with no further messages sent.
  • check_circleWe collect the fields needed to run recall and reminders — not a broader patient record.
sync_alt

Read-only PMS integration

  • check_circleDentrecall reads appointment and availability data from a clinic's practice management system — it never writes back to it.
  • check_circleOnline booking requests are held for a staff member to confirm and enter into the PMS themselves.
  • check_circleThis is a deliberate architecture decision, not a current limitation — we do not want write access to your PMS.
Regulatory posture

Built around Canadian privacy and health-information law.

Dentrecall is designed for the regulations that already apply to dental clinics in Canada. We do not currently claim HIPAA compliance or a SOC 2 certification of our own — expanding US healthcare compliance is a planned future phase, not a claim we make today.

gavel

PIPEDA

Canada's federal privacy law. Dentrecall acts as a data processor for the clinics that use it, with consent tracking, access/correction workflows, and breach-notification procedures built into how the platform handles patient data.

mail_lock

CASL

Canada's Anti-Spam Legislation. Every automated SMS and email respects patient-level consent, and an opt-out ("STOP") reply is processed immediately and permanently — no manual step required.

verified_user

PHIPA

Ontario's health-privacy law. Dentrecall operates as an Electronic Service Provider under PHIPA — not a Health Information Network Provider — meaning we never share or pool data across clinics. Each clinic's data stays fully separate.

Just as important

What we deliberately don't do.

We do not sell patient data, or use it for advertising.

We do not write appointment or treatment data back to a clinic's practice management system.

We do not store payment card numbers — Stripe handles checkout on hosted, PCI-compliant infrastructure.

We do not use patient data to train third-party AI models.

Sub-processors

Who else touches clinic data, and why.

Each provider below is bound by a signed data processing agreement and is used solely to deliver a specific part of the Service.

SupabaseDatabase & authenticationCanada (Montreal)
VercelApplication hostingCanada (Montreal) for app logic
TwilioSMS delivery (SOC 2 Type II certified)United States
ResendEmail delivery (SOC 2 compliant)United States
OpenAIAI-assisted message draftingUnited States
StripePayment processing (billing only, no patient data)United States / Canada
Found something?

Report a security concern.

If you believe you've found a security vulnerability in Dentrecall, tell us — we take these reports seriously and will respond directly.

For privacy requests specifically, see our Privacy Policy. For the contractual terms covering clinic accounts, see our Clinic Services Agreement.