Back to Home
Privacy Policy for DRSAS
Effective Date: October 23, 2025
Last Updated: October 23, 2025
1. Introduction
Welcome to DRSAS (Dental Records System and Assessment Solution), a
product of Smart Records for Information Technology & Software ("we,"
"us," "our," or "SRITS"). DRSAS is designed to transform how dental
professionals and educational institutions manage clinical records
through our integrated system.
This Privacy Policy explains how we collect, use, disclose, and
safeguard your information when you use our DRSAS mobile application and
related services. We are committed to protecting your privacy and
ensuring the security of your personal and health information.
Company Information:
By using DRSAS, you agree to the collection and use of information in
accordance with this Privacy Policy. If you do not agree with our
policies and practices, please do not use our application.
2. Information We Collect
2.1 Personal Information
We collect information that identifies, relates to, or could reasonably
be linked to you, including:
-
Account Information: Name, email address, phone
number, professional credentials, institution name, and login
credentials
-
Profile Information: Professional title,
specialization, department, institution affiliation
-
Communication Data: Messages, feedback, and
correspondence with us
2.2 Health and Clinical Information
DRSAS is specifically designed for dental practice and educational
purposes. We collect and process:
-
Patient Clinical Records: Dental charts, treatment
plans, diagnoses, clinical notes, and assessments (for dental clinics)
-
Student Clinical Records: Educational case
documentation, clinical assessments, and training records (for dental
schools)
-
Clinical Images: Dental radiographs, intraoral and
extraoral photographs
-
Treatment Documentation: Procedure records, progress
notes, and clinical observations
2.3 Usage and Technical Information
We automatically collect certain information when you use DRSAS:
-
Device Information: Device type, operating system,
unique device identifiers
-
Usage Data: Features accessed, time spent in app,
interaction patterns
-
Log Data: IP address, app version, crash reports,
system activity
-
Performance Data: App performance metrics and error
logs
2.4 Location Information
With your permission, we may collect:
-
Precise Location: GPS location for institution
verification or location-based services
-
Approximate Location: General location derived from
IP address
3. How We Use Your Information
3.1 Service Delivery
- Provide and maintain the DRSAS application
- Enable clinical record creation, management, and retrieval
- Facilitate educational documentation and assessment
- Support workflow management and scheduling
- Enable collaboration between dental professionals and students
3.2 Service Improvement
- Analyze usage patterns to improve features
- Develop new functionalities and services
- Enhance user experience and interface design
- Optimize application performance
3.3 Communication
- Send service-related notifications and updates
- Provide technical support and respond to inquiries
- Send important announcements about the service
- Communicate about your account or subscription
3.4 Security and Compliance
- Detect, prevent, and address security incidents
- Protect against fraudulent or illegal activity
- Comply with legal obligations and regulations
- Maintain data integrity and system security
3.5 Research and Analytics
- Conduct aggregated and anonymized research
- Generate usage statistics and trends
- Improve clinical workflow efficiency
4. Legal Basis for Processing (for applicable jurisdictions)
We process your personal information based on:
-
Consent: You have given explicit consent for specific
processing activities
-
Contract Performance: Processing is necessary to
provide services you've requested
-
Legal Obligations: We must process data to comply
with applicable laws
-
Legitimate Interests: Processing is necessary for our
legitimate business interests, provided these don't override your
rights
5. How We Share Your Information
We do not sell your personal information. We may share your information
in the following circumstances:
5.1 With Your Consent
We share information when you explicitly authorize us to do so.
5.2 Within Your Institution
-
Clinical and educational records may be shared with authorized
personnel within your dental practice or educational institution
-
Supervisors, instructors, and authorized administrators may access
relevant records
5.3 Service Providers
We may share information with third-party vendors who provide:
- Cloud hosting and storage services
- Analytics and performance monitoring
- Customer support services
- Payment processing (if applicable)
All service providers are contractually bound to maintain
confidentiality and security.
5.4 Legal Requirements
We may disclose information when required by law, including:
- Compliance with legal processes (court orders, subpoenas)
- Enforcement of our terms and conditions
- Protection of our rights, property, or safety
- Investigation of fraud or security issues
5.5 Business Transfers
In the event of a merger, acquisition, or sale of assets, user
information may be transferred, subject to the same privacy protections.
6. Data Security
We implement comprehensive security measures to protect your
information:
6.1 Technical Safeguards
-
Encryption: Data encrypted in transit (TLS/SSL) and
at rest (AES-256 or equivalent)
-
Access Controls: Role-based access control and
multi-factor authentication
-
Secure Infrastructure: Use of secure, reliable cloud
hosting services
-
Regular Updates: Security patches and system updates
6.2 Organizational Safeguards
-
Staff Training: Regular security and privacy training
for personnel
-
Access Limitations: Strict need-to-know basis for
data access
-
Incident Response: Established procedures for
security breach response
-
Regular Audits: Periodic security assessments and
audits
6.3 Health Information Protection
We take special measures to protect health information in accordance
with applicable healthcare privacy regulations.
Note: While we strive to protect your information, no
method of transmission or storage is 100% secure. We cannot guarantee
absolute security.
7. Data Retention
We retain your information for as long as necessary to:
- Provide our services to you
-
Comply with legal obligations (including healthcare record retention
requirements)
- Resolve disputes and enforce agreements
- Support business operations and analytics
Specific Retention Periods:
-
Account Information: Duration of account plus 3 years
after closure
-
Clinical Records: As required by applicable
healthcare regulations (typically 7-10 years)
-
Usage Data: Aggregated data retained indefinitely;
identifiable data for 2 years
-
Backup Data: Maintained for disaster recovery
purposes (30-90 days)
When data is no longer needed, we securely delete or anonymize it.
8. Your Rights and Choices
Depending on your location, you may have the following rights:
8.1 Access and Portability
- Request access to your personal information
- Receive a copy of your data in a portable format
8.2 Correction and Updates
- Request correction of inaccurate information
- Update your account information directly in the app
8.3 Account Deactivation and Data Deletion
Important: Healthcare
Record Retention Requirements
Due to healthcare regulatory requirements, immediate deletion of
all data may not be possible. However, you can request account
deactivation.
How to Request Account Deactivation:
-
Email Request: Send a request to
support@srits.website
with the subject line "Account Deactivation Request"
-
Written Request: Contact us using the information
in Section 14
What Happens When You Deactivate Your Account:
-
Immediate Deactivation: Your account will be
immediately deactivated and you will no longer have access to the
system
-
Access Termination: You will not be able to log in
or use DRSAS services
-
Personal Information: Non-clinical personal
information (email, phone, profile data) will be removed from active
systems within 30 days where permissible
-
Institutional Access: Your institution will be
notified of the deactivation
Healthcare Record Retention:
-
Legal Requirements: Clinical records, including
dental charts, treatment records, radiographs, and patient health
information must be retained as required by applicable healthcare
laws and regulations
-
Retention Period: Healthcare records are typically
retained for 7-10 years from the last date of service, or longer as
required by local regulations
-
Educational Records: Student clinical records may
be retained according to institutional policies and accreditation
requirements
-
Secure Storage: Retained records remain securely
stored and protected but are marked as belonging to a deactivated
account
-
Limited Access: After deactivation, only authorized
personnel (e.g., compliance officers, legal counsel) can access
retained records for legal or regulatory purposes
What Gets Deleted vs. Retained:
-
Deleted: Login credentials, profile pictures,
personal preferences, non-clinical communications, marketing
preferences
-
Retained: Clinical records, patient treatment data,
dental charts, radiographs, assessment records, audit logs, billing
records (as required by law)
Processing Time:
- Account deactivation: Immediate (within 24 hours)
- Personal data deletion: Within 30 days for non-clinical data
-
Healthcare record retention: As required by applicable laws
(typically 7-10 years)
Post-Retention Period:
Once the legal retention period expires, all healthcare records will
be securely deleted or permanently anonymized in accordance with data
protection regulations.
Request Status: You will receive confirmation of your
account deactivation and an explanation of what data has been deleted
and what must be retained for legal compliance.
8.4 Restriction and Objection
- Request restriction of processing in certain circumstances
- Object to processing based on legitimate interests
8.5 Consent Withdrawal
- Withdraw consent for processing activities at any time
- Note: Withdrawal doesn't affect prior lawful processing
8.6 Data Portability
- Receive your data in a structured, machine-readable format
- Request transfer to another service provider where feasible
8.7 Complaint Rights
- File a complaint with relevant data protection authorities
- Contact us first to resolve concerns
To Exercise Your Rights: Email us at
support@srits.website. For
account deactivation, follow the specific instructions in Section 8.3
above.
9. Children's Privacy
DRSAS is not intended for use by individuals under the age of 18, except
for:
- Dental students enrolled in accredited educational programs
- With appropriate institutional oversight and consent
We do not knowingly collect personal information from children under 13.
If we discover such collection, we will delete the information promptly.
10. International Data Transfers
If you access DRSAS from outside Jordan, your information may be
transferred to, stored in, and processed in Jordan or other countries
where our service providers operate.
We ensure appropriate safeguards are in place for international
transfers, including:
- Standard contractual clauses
- Adequacy decisions by relevant authorities
- Your explicit consent where required
11. Third-Party Services and Links
DRSAS may contain links to third-party websites or integrate with
third-party services. This Privacy Policy does not apply to those third
parties. We encourage you to review their privacy policies.
We are not responsible for the privacy practices of third parties.
12. Beta Testing Program
If you participate in our beta testing program:
- Additional data collection may occur for testing purposes
- Beta features may have different privacy practices
- We will inform you of any special data handling
- You may opt out of beta testing at any time
13. Changes to This Privacy Policy
We may update this Privacy Policy periodically to reflect:
- Changes in our practices
- Legal, regulatory, or operational requirements
- New features or services
Notice of Changes:
- Material changes will be posted prominently in the app
- We will notify you via email for significant changes
- Continued use after changes constitutes acceptance
- Review the "Last Updated" date at the top of this policy
14. Contact Information
For questions, concerns, or requests regarding this Privacy Policy or
your personal information:
15. Data Protection Officer
For data protection matters (if applicable in your jurisdiction):
Data Protection Officer: Available upon request
Email: support@srits.website
16. Jurisdiction-Specific Provisions
16.1 For Users in the European Union/EEA
If you are located in the EU/EEA, you have additional rights under the
General Data Protection Regulation (GDPR), including:
- Right to lodge a complaint with a supervisory authority
- Right to data portability
- Right to object to automated decision-making
Our legal basis for processing your personal data includes consent,
contractual necessity, legal obligations, and legitimate interests.
16.2 For Users in Jordan
We comply with all applicable Jordanian laws regarding data protection
and healthcare information privacy.
16.3 For Users in Other Jurisdictions
We respect and comply with applicable local data protection laws in your
jurisdiction.
17. Healthcare Privacy Considerations
As a healthcare-related application, DRSAS is designed with special
consideration for:
- Healthcare information privacy regulations
- Professional confidentiality requirements
- Institutional compliance needs
- Patient/student privacy protection
We implement appropriate safeguards to meet healthcare industry
standards and best practices.
Acknowledgment
By using DRSAS, you acknowledge that you have read, understood, and
agree to be bound by this Privacy Policy.
For Healthcare Professionals: You acknowledge your
responsibility to comply with applicable healthcare privacy laws and
regulations when using DRSAS.
For Educational Institutions: You acknowledge your
responsibility to ensure appropriate consent and privacy protections
for student information.
This Privacy Policy is effective as of the date stated above and applies
to all users of DRSAS.