Last updated May 24, 2025
Privacy Policy
1. About This Policy
This Privacy Policy explains how Ozmi (a product operated by Invang Trade LLP, referred to as "Ozmi", "we", "our", or "us") collects, uses, stores, shares, and protects information when you use our dental clinic management platform available at ozmi.in and app.ozmi.in.
Ozmi is a B2B SaaS product. Our direct customers are dental clinic owners and their authorized staff. Patient data is processed by Ozmi on behalf of these clinics. This policy covers all of these relationships.
By accessing or using Ozmi, you agree to the practices described in this policy. If you do not agree, discontinue use immediately.
2. Information We Collect
2.1 Information You Provide Directly
- Clinic account details: Clinic name, owner name, email address, phone number, clinic address, GST number if provided.
- Staff profiles: Name, email, phone, role, and login credentials.
- Billing information: Subscription plan and payment history. Card details are handled by our payment gateway and are never stored on Ozmi servers.
- Support communications: Any information you share with us via email or the contact form.
2.2 Patient Data Entered by Clinics
Clinic staff enter patient information into Ozmi on behalf of the clinic. This may include:
- Patient name, age, gender, date of birth
- Contact information — phone, email, address
- Medical and dental history, allergies, medications
- Treatment plans, procedures performed, clinical notes
- Appointment records and attendance history
- Billing records, invoices, payment history
- X-rays and clinical documents if uploaded
Ozmi processes this data solely to provide the platform service to the clinic. We do not use patient data for any other purpose.
2.3 Automatically Collected Information
- Usage data: pages visited, features used, timestamps, session duration
- Device and browser data: IP address, browser type, operating system, device type
- Log data: server logs, API request logs, authentication events
2.4 Cookies
- Strictly necessary cookies: Required for authentication and session management. Cannot be disabled.
- Analytics cookies: Used to understand platform usage. May be opted out via browser settings.
- Preference cookies: Remember your settings within the app.
3. How We Use Your Information
- Create and manage clinic accounts and staff profiles
- Provide, operate, and improve the Ozmi platform
- Process subscription payments and send billing communications
- Send transactional notifications such as appointment reminders
- Respond to support requests
- Monitor platform security and prevent unauthorized access
- Analyze usage to improve the product
- Comply with applicable Indian law
We do not sell your data or patient data to any third party. We do not use your data for advertising on third-party platforms.
4. Legal Basis for Processing
We process your information on the following bases under the Digital Personal Data Protection Act, 2023 (DPDP Act) and other applicable Indian law:
- Consent: Where you have explicitly provided consent during registration or when enabling optional features.
- Contractual necessity: Processing required to fulfill our subscription agreement with you.
- Legitimate interests: Security monitoring, fraud prevention, and product analytics, where these do not override your rights.
- Legal obligation: Where applicable law requires retention or disclosure.
5. Data Sharing and Disclosure
We do not sell, rent, or trade your data. We share data only in the following circumstances:
5.1 Service Providers
- Supabase: Database hosting and authentication. All clinic and patient data is stored here. Supabase is SOC 2 compliant.
- Vercel: Application hosting. Static assets only — no personal data cached at the CDN level.
- Payment gateway: Processes subscription payments. Receives only information required to complete the transaction.
- WhatsApp Business API provider: Sends appointment reminders on behalf of the clinic. Receives only the patient's phone number and appointment details required to deliver the message. The current provider is listed in our Data Policy.
All service providers are contractually bound to process data only on our instructions and maintain appropriate security standards.
5.2 Legal Requirements
We may disclose data when required by law, court order, or government authority, or to protect the rights, property, or safety of Ozmi, our users, or the public.
5.3 Business Transfers
In the event of a merger, acquisition, or sale of assets, data may transfer as part of the transaction. We will notify you before your data becomes subject to a materially different privacy policy.
6. Data Storage and Security
- All data in transit is encrypted using TLS 1.2 or higher
- All data at rest is encrypted using AES-256 via Supabase
- Row-Level Security (RLS) is enforced at the database level — clinic data is strictly isolated between tenants
- Role-based access controls limit each staff member to data appropriate to their role
- Authentication events and critical actions are logged for security auditing
No system is completely immune to security risks. If you discover a vulnerability, report it to support@ozmi.in immediately.
7. Data Retention
- Active accounts: Data retained for the duration of the active subscription.
- Post-cancellation: Clinic and patient data retained for 90 days, during which a data export may be requested. After 90 days, data is permanently deleted and database backups are purged within 30 days thereafter.
- Billing records: Retained for 7 years under Indian GST regulations.
- Support communications: Retained for 2 years from last contact.
- Server logs: Retained for 90 days.
8. Your Rights
Clinic owners and staff have the following rights over their personal data:
- Access: Request a copy of personal data we hold about you.
- Correction: Request correction of inaccurate data.
- Deletion: Request deletion subject to our legal retention obligations.
- Portability: Request your data in a machine-readable format.
- Withdrawal of consent: Withdraw consent at any time without affecting the lawfulness of prior processing.
- Grievance redressal: Raise a complaint with our grievance contact.
To exercise these rights, email support@ozmi.in. We will respond within 30 days.
For patient data rights, patients must contact their clinic directly. The clinic is the data controller for patient records.
9. Children's Data
Ozmi is a B2B platform intended for dental clinic professionals. We do not knowingly collect personal data directly from individuals under 18. Patient records for minor patients are entered by clinic staff and are subject to the clinic's own patient consent procedures.
10. Changes to This Policy
We may update this policy from time to time. For material changes, we will notify you via email at least 14 days before the changes take effect. Continued use of Ozmi after the effective date constitutes acceptance.
11. Grievance Officer
In accordance with the Information Technology Act, 2000 and the Digital Personal Data Protection Act, 2023, you may raise privacy-related grievances at:
Grievance Officer, Ozmi
Operated by Invang Trade LLP
Email: support@ozmi.in
Response time: within 30 days
12. Contact
Ozmi
Email: support@ozmi.in
Website: ozmi.in