This Policy describes what data the ONOICRM web and mobile apps (iOS and Android) process, why, who it is shared with, how it is stored, and how you can request its deletion. By using the ONOICRM apps you agree to this Policy.
1. Who we are and our role
ONOICRM is a software platform for dental clinics (a web app, mobile apps and a REST API).
The app is intended for clinic staff (director, administrator, doctor), not for patients. For patient data, the clinic is the controller and ONOICRM acts as a processor on the clinic's instructions. For staff account data, ONOICRM is the controller.
2. What data we process
Clinic data: name, address, plan, billing details.
Staff data: full name, position and role, e-mail (login), phone, profile photo.
Patient data (entered by clinic staff as part of their work):
- Identity: full name, date of birth, taxpayer ID, passport data, home address, workplace, phone.
- Medical: treatment plan and its status, diagnoses and tooth problems (dental chart), photos and document scans (including X-rays), comments and notes.
- Financial: payments (amount, method, date), debt and balance, clinic price list.
Technical data: push notification token (FCM), request logs, IP address, device data and crash diagnostics.
We do not use advertising identifiers, do not perform cross-app tracking, and do not sell data to third parties.
3. Mobile app specifics
- Camera and photos — to capture and upload documents and images to the patient record, and for profile photos. Access is requested only when used.
- Biometrics (Face ID / fingerprint) — for convenient sign-in. Biometric data is processed by the device operating system and is not sent to our servers; biometrics only unlock a session token stored on the device.
- On-device storage: for offline use the app caches patient records (up to 30 days) and schedule entries (up to 7 days) in a local database; authorization tokens are kept in the OS secure storage (Keychain / Keystore). Local data is cleared on sign-out or account deletion.
- Push notifications and reminders: the app receives push notifications and shows local appointment reminders; reminder text may include a patient name and appointment time and may appear on the lock screen.
4. Who we share data with (processors)
To run the service we use a limited set of providers. Only what is necessary for a specific function is shared with them:
- ONOICRM servers — processing and storage of all app data; transmitted over a secure connection (TLS).
- Google Firebase Cloud Messaging and Apple Push Notification service — push notification delivery (the device token is shared).
- Sentry — app crash diagnostics. A crash report may include a screenshot and therefore potentially contain data shown at the moment of the crash.
- Google Fonts — loading of display fonts; the provider may learn the device IP address in the process.
- WhatsApp (Meta) — when a staff member sends a patient an appointment reminder, the patient's name, appointment date and time and phone number are shared with the patient via WhatsApp.
5. How we use data
Only to provide the service: scheduling and patient records, treatment plans, payment accounting, sending notifications and reminders, diagnosing and fixing failures, security and support. The legal basis is performance of the contract with the clinic and legitimate interests in operating the service; for medical data — the instructions of the clinic as controller.
6. Storage and security
Data is stored in a secure PostgreSQL database with regular backups. Data in transit is encrypted with TLS 1.2+; the mobile app uses certificate pinning (TLS pinning). Tokens on the device are kept in the OS secure storage. Only authorized clinic staff can access data within their roles.
7. Retention periods
Clinic and patient data is kept while the clinic account is active and is deleted on request (see section 9). The on-device offline cache is kept for a limited time (patient records — up to 30 days, schedule entries — up to 7 days) and is cleared automatically, as well as on sign-out or account deletion. Some data may be kept longer where required by law (for example, accounting).
8. International transfers
Using the providers listed in section 4 (Google, Apple, Sentry, Meta) may mean that some data is processed on those companies' infrastructure outside the country where the main service is hosted.
9. Your rights and data deletion
You can request access, correction, export or deletion of data. To delete a staff account, fill in the account deletion request form — deletion is completed within 7 business days; you can also do it in the app: Profile → Delete account.
Requests regarding clinic or patient data should be sent to hello@onoicrm.com. Patient data is deleted in coordination with the clinic as controller.
10. Children
The app is a work tool for clinic staff and is not intended for use by children. We do not collect data from children as users of the app.
11. Changes to this policy
We may update this Policy. The current version is always available at onoicrm.com/privacy; the last updated date is shown at the top of the page.
12. Contacts
Privacy questions and data requests — hello@onoicrm.com.