Privacy Policy

How we collect, use, and protect your data

B-Ceph Privacy Policy

Last Updated: January 1, 2026

Effective Date: January 1, 2026

HIPAA Compliance

B-Ceph is designed to be HIPAA-compliant.

1. Introduction

B-Ceph ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our cephalometric analysis software and services.

Please read this policy carefully. By accessing or using our Service, you acknowledge that you have read, understood, and agree to be bound by all the terms of this Privacy Policy.

2. Information We Collect

2.1 Information You Provide

We collect information you provide directly to us, including:

Data Category Examples Purpose
Account Information Name, email, phone, credentials Account creation and management
Professional Information License numbers, practice details Service verification
Patient Data (PHI) Medical records, images, analysis data Service delivery
Payment Information Billing details, transaction history Payment processing

2.2 Information Collected Automatically

When you use our Service, we automatically collect:

  • Usage Data: Feature usage, session duration, error logs
  • Device Information: IP address, browser type, operating system
  • Technical Data: Performance metrics, crash reports
  • Location Data: Approximate location (country/region level)

2.3 Information from Third Parties

We may receive information about you from third parties, such as:

  • Payment processors (Stripe, PayPal)
  • Analytics providers (Google Analytics)
  • Business partners and resellers
  • Publicly available sources

3. How We Use Your Information

We use the collected information for the following purposes:

Service Delivery
To provide, maintain, and improve our cephalometric analysis services
Authentication
To verify your identity and manage your account
Communication
To send service updates, security alerts, and support messages
Payment Processing
To process transactions and send invoices
Compliance
To meet legal obligations and regulatory requirements
Security
To protect against fraud, abuse, and security risks
Analytics
To understand usage patterns and improve our Service

Patient Data (PHI): We process patient data only as a "Business Associate" under HIPAA. We do not use PHI for marketing or analytics purposes.

4. How We Share Your Information

We do not sell your personal information. We may share information in the following circumstances:

Recipient Information Shared Purpose
Service Providers Limited data needed for service Hosting, payment processing, support
Legal Authorities As required by law Legal compliance, court orders
Business Transfers User data relevant to transfer Merger, acquisition, sale
With Your Consent As specified in consent At your direction

All third-party service providers are contractually obligated to protect your data and use it only for the purposes we specify.

5. Data Security

We implement industry-standard security measures to protect your data:

  • Encryption: All data is encrypted in transit (TLS 1.2+) and at rest (AES-256)
  • Access Controls: Strict role-based access controls and authentication
  • Network Security: Firewalls, intrusion detection, and DDoS protection
  • Physical Security: Secure data centers with 24/7 monitoring
  • Audit Logging: Comprehensive logging of all access and changes
  • Regular Testing: Security audits, penetration testing, vulnerability scans

Important: While we implement robust security measures, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

6. Data Retention

We retain your information only as long as necessary:

Data Type Retention Period Notes
Account Data While account is active + 90 days You may request deletion
Patient Data (PHI) As required by HIPAA (min. 6 years) We act as data processor
Financial Records 7 years for tax purposes Legal requirement
Backup Data 30-90 days after deletion For disaster recovery

You may request deletion of your data at any time by contacting us. We will comply with your request unless we are required to retain the data for legal or legitimate business purposes.

7. Your Rights and Choices

Depending on your location, you may have the following rights regarding your personal information:

Access and Portability
Request a copy of your data in a machine-readable format
Correction
Request correction of inaccurate or incomplete data
Deletion
Request deletion of your personal data
Restriction
Request restriction of processing in certain circumstances
Objection
Object to processing based on legitimate interests
Withdraw Consent
Withdraw consent at any time where processing is based on consent
Opt-Out
Opt-out of marketing communications and certain data uses

To exercise these rights, please contact us using the information in Section 11. We will respond to your request within 30 days.

8. Children's Privacy

Our Service is not intended for children under 18. We do not knowingly collect personal information from children under 18.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately. We will take steps to remove such information from our servers.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

  • Posting the new Privacy Policy on this page with an updated "Last Updated" date
  • Sending an email notification to registered users
  • Displaying a prominent notice within the Service

Your continued use of the Service after any changes constitutes acceptance of the updated Privacy Policy.