ClineraClinera

Privacy Policy

Last updated: 10 July 2026

This Privacy Policy explains how Clinera (“Clinera”, “we”, “us”) collects, uses, stores and protects information when a dental clinic (the “Clinic”) uses our practice-management platform. Each Clinic is the controller of its patients’ data; Clinera acts as the processor that operates the platform on the Clinic’s behalf.

1. Information we collect

To run a dental practice, the platform stores data the Clinic enters or generates, including: • Patient records — names, phone numbers, gender, date of birth, and clinical findings (charting, diagnoses, treatments, lab work, appointment history). • Financial records — invoices, payments, discounts, commissions and related amounts. • Staff accounts — names, phone numbers, optional recovery email, role and activity. • Technical data — log and device information needed to operate and secure the service.

2. How we use information

We use this information only to provide the service: to schedule and record appointments, maintain patient and clinical records, process billing and commissions, send appointment and recall messages the Clinic configures, secure accounts, and provide support. We do not sell personal data, and we do not use patient clinical data for advertising.

3. Where data is stored

Data is hosted on Supabase’s managed infrastructure in the European Union (EU) region, with encryption in transit and at rest. Some processing may occur in other regions solely to operate the service, always under appropriate safeguards.

4. Access and tenant isolation

Each Clinic’s data is isolated from every other Clinic. Access is scoped by clinic and enforced at the database level (row-level security), so one clinic can never read another clinic’s records. Within a Clinic, access is limited by role. A small number of authorized Clinera staff may access data only when needed to operate, support or secure the service.

5. Data retention

We retain a Clinic’s data for as long as its account is active and as needed to provide the service or meet legal and record-keeping obligations (medical and financial records are often subject to statutory retention periods). On request after account closure, data is deleted or anonymised except where the law requires it to be kept.

6. Patient rights

Patients may request access to, correction of, or deletion of their personal data. Because the Clinic controls its patient records, such requests should be directed to the Clinic, which can fulfil them using the platform. Clinera assists the Clinic in responding to these requests.

7. Security

We apply administrative and technical safeguards including encryption, authentication, role-based access control, rate limiting and audit logging. No system is perfectly secure, but we work to protect data against unauthorised access, loss or misuse and to notify the Clinic of incidents that affect its data.

8. The Clinic’s responsibilities

The Clinic is responsible for obtaining any patient consent required to record and process patient data, for keeping the data accurate, and for using it lawfully. Staff must keep their credentials confidential.

9. Contact

For privacy questions, contact your Clinic or Clinera support. Contact details are shown on the sign-in screen and in your account.