For B2B Customers (Clinics/Hospitals using SmileAiXl)
SmileAiXl acts as a Data Processor. We process patient data solely on behalf of the Client (Data Controller) to provide Hospital Management and Diagnostic services.
The Client retains full ownership of all patient records. SmileAiXl processes this data only as instructed by the Client.
We differentiate ourselves from standard cloud providers through our architecture:
We guarantee that Protected Health Information (PHI) used for AI diagnostics (X-ray analysis, Clinical Intelligence) is processed locally on the Client's instance or via secure, private tunnels.
We strictly do not use the Client's patient data to train our foundational AI models for other customers without explicit, anonymized consent.
SmileAiXl agrees to implement appropriate technical measures, including:
AES-256 encryption for data at rest and TLS 1.3 for data in transit.
Enforcing Passkey-based (FIDO2) authentication to prevent unauthorized access.
Maintaining immutable logs of who accessed which patient record and when.
We use the following infrastructure providers (Sub-processors) to deliver the service:
| Service Type | Provider | Purpose | Data Protection |
|---|---|---|---|
| Hosting | AWS Mumbai Region / DigitalOcean Bangalore | Encrypted Storage | AES-256 Encryption |
| Communication | WhatsApp Business API (Meta), SMS Gateway | Patient Notifications | End-to-End Encryption |
| IoT | MQTT Broker | Smart Chair Data | Secure Channel (TLS) |
In the unlikely event of a data breach, SmileAiXl will notify the Client within 24 hours of becoming aware of the incident.
We will provide a detailed report including:
SmileAiXl will assist the Client in fulfilling data subject requests, including:
Upon termination of this agreement, SmileAiXl will:
For DPA-related questions or data protection concerns: