Back to Home
Privacy Policy for DRSAS
Effective Date: October 23, 2025
Last Updated: October 23, 2025
1. Introduction
Welcome to DRSAS (Dental Records System and Assessment Solution), a product of Smart Records for Information Technology & Software ("we," "us," "our," or "SRITS"). DRSAS is designed to transform how dental professionals and educational institutions manage clinical records through our integrated system.
This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our DRSAS mobile application and related services. We are committed to protecting your privacy and ensuring the security of your personal and health information.
Company Information:
By using DRSAS, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with our policies and practices, please do not use our application.
2. Information We Collect
2.1 Personal Information
We collect information that identifies, relates to, or could reasonably be linked to you, including:
- Account Information: Name, email address, phone number, professional credentials, institution name, and login credentials
- Profile Information: Professional title, specialization, department, institution affiliation
- Communication Data: Messages, feedback, and correspondence with us
2.2 Health and Clinical Information
DRSAS is specifically designed for dental practice and educational purposes. We collect and process:
- Patient Clinical Records: Dental charts, treatment plans, diagnoses, clinical notes, and assessments (for dental clinics)
- Student Clinical Records: Educational case documentation, clinical assessments, and training records (for dental schools)
- Clinical Images: Dental radiographs, intraoral and extraoral photographs
- Treatment Documentation: Procedure records, progress notes, and clinical observations
2.3 Usage and Technical Information
We automatically collect certain information when you use DRSAS:
- Device Information: Device type, operating system, unique device identifiers
- Usage Data: Features accessed, time spent in app, interaction patterns
- Log Data: IP address, app version, crash reports, system activity
- Performance Data: App performance metrics and error logs
2.4 Location Information
With your permission, we may collect:
- Precise Location: GPS location for institution verification or location-based services
- Approximate Location: General location derived from IP address
3. How We Use Your Information
3.1 Service Delivery
- Provide and maintain the DRSAS application
- Enable clinical record creation, management, and retrieval
- Facilitate educational documentation and assessment
- Support workflow management and scheduling
- Enable collaboration between dental professionals and students
3.2 Service Improvement
- Analyze usage patterns to improve features
- Develop new functionalities and services
- Enhance user experience and interface design
- Optimize application performance
3.3 Communication
- Send service-related notifications and updates
- Provide technical support and respond to inquiries
- Send important announcements about the service
- Communicate about your account or subscription
3.4 Security and Compliance
- Detect, prevent, and address security incidents
- Protect against fraudulent or illegal activity
- Comply with legal obligations and regulations
- Maintain data integrity and system security
3.5 Research and Analytics
- Conduct aggregated and anonymized research
- Generate usage statistics and trends
- Improve clinical workflow efficiency
4. Legal Basis for Processing (for applicable jurisdictions)
We process your personal information based on:
- Consent: You have given explicit consent for specific processing activities
- Contract Performance: Processing is necessary to provide services you've requested
- Legal Obligations: We must process data to comply with applicable laws
- Legitimate Interests: Processing is necessary for our legitimate business interests, provided these don't override your rights
5. How We Share Your Information
We do not sell your personal information. We may share your information in the following circumstances:
5.1 With Your Consent
We share information when you explicitly authorize us to do so.
5.2 Within Your Institution
- Clinical and educational records may be shared with authorized personnel within your dental practice or educational institution
- Supervisors, instructors, and authorized administrators may access relevant records
5.3 Service Providers
We may share information with third-party vendors who provide:
- Cloud hosting and storage services
- Analytics and performance monitoring
- Customer support services
- Payment processing (if applicable)
All service providers are contractually bound to maintain confidentiality and security.
5.4 Legal Requirements
We may disclose information when required by law, including:
- Compliance with legal processes (court orders, subpoenas)
- Enforcement of our terms and conditions
- Protection of our rights, property, or safety
- Investigation of fraud or security issues
5.5 Business Transfers
In the event of a merger, acquisition, or sale of assets, user information may be transferred, subject to the same privacy protections.
6. Data Security
We implement comprehensive security measures to protect your information:
6.1 Technical Safeguards
- Encryption: Data encrypted in transit (TLS/SSL) and at rest (AES-256 or equivalent)
- Access Controls: Role-based access control and multi-factor authentication
- Secure Infrastructure: Use of secure, reliable cloud hosting services
- Regular Updates: Security patches and system updates
6.2 Organizational Safeguards
- Staff Training: Regular security and privacy training for personnel
- Access Limitations: Strict need-to-know basis for data access
- Incident Response: Established procedures for security breach response
- Regular Audits: Periodic security assessments and audits
6.3 Health Information Protection
We take special measures to protect health information in accordance with applicable healthcare privacy regulations.
Note: While we strive to protect your information, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.
7. Data Retention
We retain your information for as long as necessary to:
- Provide our services to you
- Comply with legal obligations (including healthcare record retention requirements)
- Resolve disputes and enforce agreements
- Support business operations and analytics
Specific Retention Periods:
- Account Information: Duration of account plus 3 years after closure
- Clinical Records: As required by applicable healthcare regulations (typically 7-10 years)
- Usage Data: Aggregated data retained indefinitely; identifiable data for 2 years
- Backup Data: Maintained for disaster recovery purposes (30-90 days)
When data is no longer needed, we securely delete or anonymize it.
8. Your Rights and Choices
Depending on your location, you may have the following rights:
8.1 Access and Portability
- Request access to your personal information
- Receive a copy of your data in a portable format
8.2 Correction and Updates
- Request correction of inaccurate information
- Update your account information directly in the app
8.3 Account Deactivation and Data Deletion
Important: Healthcare Record Retention Requirements
Due to healthcare regulatory requirements, immediate deletion of all data may not be possible. However, you can request account deactivation.
How to Request Account Deactivation:
- Email Request: Send a request to support@srits.website with the subject line "Account Deactivation Request"
- Written Request: Contact us using the information in Section 14
What Happens When You Deactivate Your Account:
- Immediate Deactivation: Your account will be immediately deactivated and you will no longer have access to the system
- Access Termination: You will not be able to log in or use DRSAS services
- Personal Information: Non-clinical personal information (email, phone, profile data) will be removed from active systems within 30 days where permissible
- Institutional Access: Your institution will be notified of the deactivation
Healthcare Record Retention:
- Legal Requirements: Clinical records, including dental charts, treatment records, radiographs, and patient health information must be retained as required by applicable healthcare laws and regulations
- Retention Period: Healthcare records are typically retained for 7-10 years from the last date of service, or longer as required by local regulations
- Educational Records: Student clinical records may be retained according to institutional policies and accreditation requirements
- Secure Storage: Retained records remain securely stored and protected but are marked as belonging to a deactivated account
- Limited Access: After deactivation, only authorized personnel (e.g., compliance officers, legal counsel) can access retained records for legal or regulatory purposes
What Gets Deleted vs. Retained:
- Deleted: Login credentials, profile pictures, personal preferences, non-clinical communications, marketing preferences
- Retained: Clinical records, patient treatment data, dental charts, radiographs, assessment records, audit logs, billing records (as required by law)
Processing Time:
- Account deactivation: Immediate (within 24 hours)
- Personal data deletion: Within 30 days for non-clinical data
- Healthcare record retention: As required by applicable laws (typically 7-10 years)
Post-Retention Period:
Once the legal retention period expires, all healthcare records will be securely deleted or permanently anonymized in accordance with data protection regulations.
Request Status: You will receive confirmation of your account deactivation and an explanation of what data has been deleted and what must be retained for legal compliance.
8.4 Restriction and Objection
- Request restriction of processing in certain circumstances
- Object to processing based on legitimate interests
8.5 Consent Withdrawal
- Withdraw consent for processing activities at any time
- Note: Withdrawal doesn't affect prior lawful processing
8.6 Data Portability
- Receive your data in a structured, machine-readable format
- Request transfer to another service provider where feasible
8.7 Complaint Rights
- File a complaint with relevant data protection authorities
- Contact us first to resolve concerns
To Exercise Your Rights: Email us at support@srits.website. For account deactivation, follow the specific instructions in Section 8.3 above.
9. Children's Privacy
DRSAS is not intended for use by individuals under the age of 18, except for:
- Dental students enrolled in accredited educational programs
- With appropriate institutional oversight and consent
We do not knowingly collect personal information from children under 13. If we discover such collection, we will delete the information promptly.
10. International Data Transfers
If you access DRSAS from outside Jordan, your information may be transferred to, stored in, and processed in Jordan or other countries where our service providers operate.
We ensure appropriate safeguards are in place for international transfers, including:
- Standard contractual clauses
- Adequacy decisions by relevant authorities
- Your explicit consent where required
11. Third-Party Services and Links
DRSAS may contain links to third-party websites or integrate with third-party services. This Privacy Policy does not apply to those third parties. We encourage you to review their privacy policies.
We are not responsible for the privacy practices of third parties.
12. Beta Testing Program
If you participate in our beta testing program:
- Additional data collection may occur for testing purposes
- Beta features may have different privacy practices
- We will inform you of any special data handling
- You may opt out of beta testing at any time
13. Changes to This Privacy Policy
We may update this Privacy Policy periodically to reflect:
- Changes in our practices
- Legal, regulatory, or operational requirements
- New features or services
Notice of Changes:
- Material changes will be posted prominently in the app
- We will notify you via email for significant changes
- Continued use after changes constitutes acceptance
- Review the "Last Updated" date at the top of this policy
14. Contact Information
For questions, concerns, or requests regarding this Privacy Policy or your personal information:
15. Data Protection Officer
For data protection matters (if applicable in your jurisdiction):
Data Protection Officer: Available upon request
Email: support@srits.website
16. Jurisdiction-Specific Provisions
16.1 For Users in the European Union/EEA
If you are located in the EU/EEA, you have additional rights under the General Data Protection Regulation (GDPR), including:
- Right to lodge a complaint with a supervisory authority
- Right to data portability
- Right to object to automated decision-making
Our legal basis for processing your personal data includes consent, contractual necessity, legal obligations, and legitimate interests.
16.2 For Users in Jordan
We comply with all applicable Jordanian laws regarding data protection and healthcare information privacy.
16.3 For Users in Other Jurisdictions
We respect and comply with applicable local data protection laws in your jurisdiction.
17. Healthcare Privacy Considerations
As a healthcare-related application, DRSAS is designed with special consideration for:
- Healthcare information privacy regulations
- Professional confidentiality requirements
- Institutional compliance needs
- Patient/student privacy protection
We implement appropriate safeguards to meet healthcare industry standards and best practices.
Acknowledgment
By using DRSAS, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy.
For Healthcare Professionals: You acknowledge your responsibility to comply with applicable healthcare privacy laws and regulations when using DRSAS.
For Educational Institutions: You acknowledge your responsibility to ensure appropriate consent and privacy protections for student information.
This Privacy Policy is effective as of the date stated above and applies to all users of DRSAS.
