+91-8792133960
Monday - Friday: 06:00 PM - 09:00 PM
Jashank Dental Clinic Logo

Jashank Dental

& Implant Center

Privacy Policy

Last updated: April 2026

Privacy Policy

Jashank Dental Clinic & Implant Center

Last Updated: April 2026

Your privacy is of utmost importance to Jashank Dental Clinic & Implant Center (“Clinic”, “we”, “us”, or “our”). This Privacy Policy explains how we collect, use, store, share, and protect your personal and medical information when you use our dental services, visit our website (https://jashankdental.in), communicate with us via WhatsApp, or interact with any of our digital platforms. This policy is compliant with the Digital Personal Data Protection Act, 2023 (DPDP Act), the Information Technology Act, 2000, and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 (SPDI Rules).

By using our services or accessing our Website, you consent to the collection, processing, and use of your data as described in this Privacy Policy.

1. Information We Collect

1.1 Personal Information (Provided by You)

When you book an appointment, register as a patient, submit a contact form, or interact with our services, we may collect the following personal information:

  • Identity Information: Full name, date of birth, approximate age, gender
  • Contact Information: Phone number, email address, residential address, city
  • Government Identification: Aadhaar number (optional, for patient identification purposes)
  • Family/Guardian Information: Guardian name and phone number (for minor patients)
  • Occupational Information: Occupation
  • Communication Preferences: Preferred language (English or Kannada)

1.2 Sensitive Personal Data or Information (SPDI)

In the course of providing dental care, we collect and process the following sensitive medical information as defined under the SPDI Rules:

  • Medical History: Pre-existing medical conditions, past surgical and dental procedures
  • Clinical Records: Dental and medical history, chief complaints, diagnoses, treatment notes, follow-up records
  • Health Data: Blood group, known allergies, current medications
  • Diagnostic Records: X-rays, CBCT scans, intraoral photographs, clinical photographs (before and after treatment)
  • Prescriptions: Prescribed medications, dosage, and instructions
  • Treatment Plans: Proposed procedures, alternatives discussed, consent records

1.3 Financial Information

  • Billing Records: Invoice details, treatment costs, payment amounts
  • Payment Information: Payment mode (cash, UPI, card, net banking), transaction references
  • Outstanding Balances: Pending payment records

Note: We do not store credit/debit card numbers, UPI PINs, or banking credentials. All digital payments are processed at the point of sale and we only record the payment mode and transaction reference.

1.4 Appointment and Visit Data

  • Booking Details: Preferred doctor, selected service, appointment date and time, booking source (website, WhatsApp, phone, walk-in)
  • Visit Records: Visit dates, queue tokens, check-in and completion timestamps
  • Appointment Status: Booking status, cancellation reasons, no-show records
  • Patient Feedback: Ratings and reviews submitted after visits

1.5 Communication Data

  • WhatsApp Messages: Messages exchanged through our WhatsApp Business channel, including text messages, interactive button/list responses, and shared media (images shared during emergency booking flows)
  • Contact Form Submissions: Name, phone, email, and message content submitted via the website contact form
  • WhatsApp Session Data: Conversation state and language preference for ongoing WhatsApp interactions

1.6 Automatically Collected Data

When you visit our Website, we may automatically collect:

  • Device Information: Browser type, operating system, device type
  • Network Information: IP address (logged for security and access control)
  • Usage Data: Pages visited, time spent, referral source
  • Session Information: Authentication tokens and session identifiers (stored as cookies)

2. How We Use Your Information

We use the collected information for the following purposes:

2.1 Healthcare Delivery

  • Providing dental diagnosis, treatment, and care
  • Maintaining comprehensive medical records for continuity of care
  • Generating prescriptions and medical certificates
  • Creating and managing treatment plans
  • Clinical follow-up and post-treatment monitoring

2.2 Appointment Management

  • Scheduling, confirming, and managing appointments
  • Sending appointment reminders and queue position updates via WhatsApp
  • Managing the in-clinic token-based queue system
  • Handling cancellations, rescheduling, and follow-up scheduling

2.3 Communication

  • Sending appointment confirmations, reminders, and status updates via WhatsApp
  • Delivering prescriptions, invoices, and certificates as PDF documents via WhatsApp
  • Responding to queries submitted through the contact form or WhatsApp
  • Sending promotional and informational broadcasts (with your consent, and from which you may opt out)

2.4 Billing and Financial Management

  • Generating itemized invoices and session bills
  • Recording and tracking payments
  • Managing outstanding balances and payment follow-ups
  • Financial reporting and accounting (internal use only)

2.5 Quality Assurance and Improvement

  • Analyzing patient feedback and reviews to improve service quality
  • Monitoring appointment patterns and clinic operations
  • Training and quality assessment for clinical staff

2.6 Legal and Regulatory Compliance

  • Compliance with Dental Council of India (DCI) guidelines
  • Fulfilling obligations under the Consumer Protection Act, 2019
  • Maintaining records as required by Indian medical and legal regulations
  • Responding to lawful requests from courts, tribunals, or government authorities

2.7 Website Administration and Security

  • Ensuring secure access to the Website and admin panel
  • Preventing unauthorized access, fraud, and abuse
  • Maintaining activity logs for audit and security purposes
  • Monitoring system health and performance

3. Cookies and Local Storage

3.1 What We Use

Our Website uses the following cookies and local storage mechanisms:

  • Type Name_Purpose_Duration
  • Cookie access_token Authentication — verifies your identity during an active session 2 hours
  • Cookie refresh_token Authentication — maintains your login session 7 days (or 30 days if “Remember Me” is enabled)
  • Local Storage access_token Backup authentication token Session
  • Local Storage refresh_token Backup refresh token Session
  • Local Storage remember_me Stores your “Remember Me” preference Persistent

3.2 Cookie Policy

  • All authentication cookies are set with the SameSite=Strict attribute to prevent cross-site request forgery
  • Cookies are scoped to the root path (/) of our domain
  • We do not use third-party analytics cookies (no Google Analytics, Facebook Pixel, or similar tracking services)
  • We do not use advertising or targeting cookies
  • We do not use any third-party tracking pixels or beacons

3.3 Managing Cookies

You can manage or delete cookies through your browser settings. However, disabling cookies may affect the functionality of the Website, particularly the admin login functionality. Cookies are automatically cleared upon logout.

4. Information Sharing and Disclosure

4.1 We Do Not Sell Your Data

We do not sell, rent, trade, or lease your personal or medical data to any third-party marketing agencies, data brokers, or advertisers.

4.2 Authorized Sharing

We may share your information with the following parties, strictly on a need-to-know basis:

  • Clinical Staff: Doctors, dental specialists, and clinical assistants involved in your care
  • Administrative Staff: Receptionists and administrative personnel for appointment and billing management
  • Dental Laboratories: External labs processing dental prosthetics, crowns, implants, or orthodontic devices (only the minimum required clinical information is shared)
  • Consulting Specialists: Visiting or referred specialists providing secondary opinions or specialized treatment

4.3 Technology Service Providers

We use the following third-party technology providers to operate our services:

Provider_Service_Data Processed

  • Meta (WhatsApp Cloud API) WhatsApp messaging Phone numbers, message content, shared media
  • Cloudflare Cloud file storage Patient documents, clinical images, prescriptions (encrypted)
  • Hostinger Database hosting All patient and operational data (encrypted in transit)
  • Sentry (optional) Error monitoring Technical error logs (no patient data)

These providers are contractually bound to maintain confidentiality and implement appropriate security measures. They process data on our behalf and do not use your data for their own purposes.

4.4 Legal Disclosure

We may disclose your information when required or permitted by law, including:

  • Compliance with a valid court order, subpoena, or legal process
  • Requests from government or regulatory authorities (Dental Council of India, consumer forums, law enforcement)
  • Protection of the rights, safety, or property of the Clinic, its patients, or the public
  • Investigation of suspected fraud, unauthorized access, or violations of our Terms

4.5 De-identified and Aggregate Data

We may use de-identified, anonymized, or aggregated patient data for internal clinical research, statistical analysis, or quality improvement purposes. Such data cannot be used to identify any individual patient.

5. Data Security

5.1 Security Measures

We implement the following security measures to protect your data:

  • Encryption in Transit: All data transmitted between your browser and our servers is encrypted using HTTPS/TLS protocols
  • Secure Authentication: JWT (JSON Web Token) based authentication with short-lived access tokens and secure refresh mechanisms
  • Password Protection: All user passwords are hashed using bcrypt encryption and are never stored in plain text
  • Access Control: Role-based access control (RBAC) ensures that staff members can only access data relevant to their role (doctor, receptionist, admin, staff)
  • Cloud Security: Patient documents and files are stored with industry-standard encryption, immutable file naming (UUID), and strict access controls
  • Rate Limiting: API endpoints are protected against brute-force attacks through rate limiting
  • Input Validation: All user inputs are validated to prevent injection attacks
  • Content Sanitization: All user-generated content displayed on the Website is sanitized to prevent cross-site scripting (XSS) attacks
  • Activity Logging: All significant actions within the system are logged with timestamps, user identification, and IP addresses for audit purposes
  • SameSite Cookies: Authentication cookies use the SameSite=Strict policy to prevent CSRF attacks

5.2 Incident Response

In the event of a data breach or security incident, we will:

  • Investigate and contain the breach promptly
  • Notify affected individuals as required under the DPDP Act, 2023
  • Report the breach to the Data Protection Board of India as mandated by law
  • Implement corrective measures to prevent recurrence

5.3 Limitations

While we employ industry-standard security measures, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security of your data. You are also responsible for maintaining the confidentiality of any access credentials provided to you.

6. Data Retention

6.1 Retention Periods

  • Data Type_Retention_Period Reason
  • Medical records (visits, prescriptions, diagnoses) Minimum 3 years from last visit, or as required by applicable medical regulations Legal and regulatory compliance; continuity of care
  • Patient personal information Duration of active patient relationship + 3 years Continuity of care and legal compliance
  • Appointment records Indefinite (for clinic records) Operational and historical records
  • Financial records (invoices, payments) Minimum 8 years Tax and financial regulatory compliance
  • WhatsApp messages Operational period Communication continuity and quality assurance
  • Activity and audit logs 28 days (auto-purged) Security and operational monitoring
  • In-app notifications 30 days (auto-purged) Operational relevance
  • Soft-deleted records 28 days before permanent deletion Recovery period for accidental deletions
  • Website session data (cookies) 2 hours to 30 days (depending on type) Authentication functionality

6.2 Deletion

When data is no longer required for its original purpose or upon a valid deletion request, we will:

  • Soft-delete records initially (retaining them for a 28-day recovery period)
  • Permanently purge records after the recovery period
  • Remove associated files from cloud storage
  • Retain only anonymized or aggregated statistical data

7. Your Rights

Under the Digital Personal Data Protection Act, 2023 and applicable Indian laws, you have the following rights:

7.1 Right to Access

You have the right to request access to the personal and medical data we hold about you. You may request copies of your medical records, prescriptions, invoices, and clinical photographs.

7.2 Right to Correction

You have the right to request correction of inaccurate, incomplete, or outdated personal information. Medical records may be amended with appropriate clinical documentation.

7.3 Right to Erasure

You may request deletion of your personal data, subject to the following exceptions:

  • Data required to be retained under legal or regulatory obligations
  • Active financial obligations or outstanding balances
  • Data necessary for ongoing treatment or continuity of care
  • Records required for legal proceedings or dispute resolution

7.4 Right to Withdraw Consent

You may withdraw your consent for data processing at any time by contacting us. However, please note that:

  • Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal
  • Withdrawal may impact our ability to provide ongoing dental care
  • Certain data processing is required by law regardless of consent

7.5 Right to Opt Out of Communications

You may opt out of promotional WhatsApp broadcasts at any time. Transactional communications related to active appointments and treatment will continue as necessary for service delivery.

7.6 Right to Nominate

Under the DPDP Act, you have the right to nominate an individual who may exercise your data rights in the event of your death or incapacity.

7.7 Exercising Your Rights

To exercise any of the above rights, please contact us using the details provided in Section 11. We will respond to your request within 30 days of receipt. We may require identity verification before processing your request.

8. Children’s Privacy

8.1 Minor Patients

We provide dental services to children under the age of 18 years. For minor patients:

  • Consent for data collection and treatment must be provided by a legal parent or guardian
  • The parent/guardian must be present at the Clinic during consultation and treatment
  • Guardian name and contact information are recorded alongside the minor’s patient record
  • Parents/guardians may exercise data rights on behalf of their minor children

8.2 Age Verification

We rely on the information provided by parents/guardians to verify the age of minor patients. We do not knowingly collect personal data from minors without parental consent.

9. Data Transfers

9.1 Storage Location

Your data is primarily stored on servers hosted by Hostinger and Cloudflare, which may have infrastructure across multiple geographic regions. While our primary operations are in India, cloud infrastructure may process or replicate data in data centers outside India.

9.2 Cross-Border Transfers

Any transfer of personal data outside India will be conducted in compliance with the provisions of the DPDP Act, 2023 and applicable government notifications regarding permitted jurisdictions for data transfer.

9.3 WhatsApp Data

Messages sent via WhatsApp are processed through Meta’s global infrastructure and are subject to Meta’s data processing practices. We encourage you to review WhatsApp’s Privacy Policy for details on how Meta handles your data.

10. Changes to This Privacy Policy

10.1 Updates

We reserve the right to update or modify this Privacy Policy at any time. Changes will be effective immediately upon publication on the Website with an updated “Last Updated” date.

10.2 Notification

For significant changes that materially affect how we process your personal data, we will make reasonable efforts to notify you through:

  • A prominent notice on the Website
  • A WhatsApp message to active patients (where appropriate)

10.3 Continued Use

Your continued use of our services after any modifications to this Privacy Policy constitutes your acceptance of the revised policy. We encourage you to review this policy periodically.

11. Grievance Officer

In accordance with the Information Technology Act, 2000 and the DPDP Act, 2023, the details of our Grievance Officer are as follows:

Jashank Dental Clinic & Implant Center

Address: near Rocker point, behind MedPlus, Siddeshwar Park, Barthi colony, Vidya Nagar, Hubballi, Karnataka 580031

Phone: +91-8792133960

Email: jashankdentalclinic@gmail.com

Website: https://jashankdental.in

WhatsApp: +91 63662 68190

We will acknowledge your grievance within 48 hours and endeavor to resolve it within 30 days of receipt.

12. Governing Law

This Privacy Policy is governed by and construed in accordance with the laws of the Republic of India, including:

  • The Digital Personal Data Protection Act, 2023
  • The Information Technology Act, 2000
  • The Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011
  • The Consumer Protection Act, 2019
  • The Dentists Act, 1948

Any disputes arising under this Privacy Policy shall be subject to the exclusive jurisdiction of the competent courts in Hubli, Karnataka, India.