GDPR notice

The CrocoDent operator is the controller for personal data it decides to collect and use for the platform. The current support and data-rights contact is support@crocodent.org. Some providers, such as payment, authentication, hosting, CAPTCHA, and AI providers, may process data under their own terms or as service providers to CrocoDent.

The main categories are patient survey answers and derived match categories, appointment preferences, student profile details, university verification details, contact preferences, account information, billing status, CAPTCHA signals, device and log data, support communications, and student study-tool inputs. Patient symptom clues may be health-related data where GDPR special-category rules apply.

CrocoDent processes personal data to provide patient matching, student account management, contact reveal, billing, fraud prevention, platform security, study tools, support, and legal compliance. Typical lawful bases include contract performance for student accounts and paid features, consent or explicit consent for patient survey matching where health-related clues are processed, legitimate interests for security and abuse prevention, and legal obligations for required billing or compliance records.

Personal data may be shared with infrastructure, authentication, database, private storage, payment, security, CAPTCHA, AI, email, analytics, or support providers when needed to operate CrocoDent. Current examples include Supabase, Stripe, Google reCAPTCHA, OpenAI, email providers, and hosting providers. Student contact details are shared with patients only after the reveal flow.

Some providers may process data outside your country. Where GDPR applies, appropriate transfer safeguards, such as adequacy decisions or standard contractual clauses, may be used when required.

CrocoDent keeps personal data only for the period needed for the relevant purpose. Patient match results saved in the browser expire after 7 days. Memory Map generation records and files expire after about 24 hours. Student profile records are kept while the account exists and are removed when the student deletes the account, subject to billing, legal, security, and dispute-retention needs.

Where the rules apply, you may be able to:

• Be informed about how personal data is processed.
• Access personal data held about you.
• Ask for inaccurate or incomplete personal data to be corrected.
• Ask for personal data to be erased in certain circumstances.
• Ask for processing to be restricted in certain circumstances.
• Receive certain personal data in a portable format.
• Object to certain processing, including direct marketing.
• Ask for human review where solely automated decisions have legal or similarly significant effects.

You may also have the right to withdraw consent where processing is based on consent and to complain to a data protection authority.

CrocoDent may rank or filter student profiles based on survey answers, availability, subscription status, and student profile settings. These suggestions do not diagnose patients, create a treatment plan, or make a decision with legal or similarly significant effect.

To exercise a data protection right, contact CrocoDent through support@crocodent.org or the official support channel provided by the platform. CrocoDent may need to verify your identity before acting on a request. You may also complain to your local data protection authority.