Privacy Policy — OrthoPhoto
Effective Date: January 15, 2025
Last Updated: April 28, 2026
This Privacy Policy describes how OrthoPhoto ("the App", "we", "us", or "our") handles information when you download, install, and use the OrthoPhoto mobile application. OrthoPhoto is designed for dental professionals and students to create standardized clinical photographs and documentation.
1. Core Privacy Principle
OrthoPhoto does not collect or transmit any personal data, photographs, patient information, or clinical data to the developer or to any third party.
All photography, patient information, and documentation you create in the App is stored exclusively on your device and never transmitted to us. No information generated, entered, captured, or processed by the App leaves your device unless you explicitly choose to export files using your device's own native sharing features.
2. Data We Do Not Collect
To avoid any ambiguity, OrthoPhoto does not collect, transmit, or process:
- Images, photographs, or media files
- Patient names, dates of birth, or any clinical records
- Device identifiers (advertising ID, device ID)
- IP address or network information
- Usage analytics or behavioral data
- Location data
- Contact lists
- Biometric data of any kind
Biometric Data — Extended Clarification
The App does not collect, store, process, or analyze biometric information, including but not limited to facial recognition data, facial landmarks, facial geometry, biometric identifiers or templates, or any identifiers derived from facial images. The App does not perform facial recognition, facial analysis, or biometric profiling of any kind.
3. Local-Only Data Processing
Any information you choose to enter into the App (such as patient name or date of birth) and any images you capture are:
- Stored locally on your device only
- Processed locally on your device only
- Fully controlled by you at all times
We do not have access to this information, and it is never transmitted to us or to any third party by the App.
4. No Accounts, No Cloud, No Servers
- The App does not require user accounts
- The App does not offer cloud storage or syncing
- The App does not connect to external servers or databases
- The App does not sync data across devices
All records remain solely on the device unless you manually export them.
5. Third-Party Services — In-App Purchases (RevenueCat & Apple)
OrthoPhoto offers an optional paid subscription ("OrthoPhoto Premium Annual") processed through Apple's App Store. To manage subscription entitlements, the App uses RevenueCat, a third-party subscription management service.
RevenueCat may collect limited technical data necessary to validate your subscription, including:
- An anonymized device identifier (Apple Vendor ID — not linked to you personally)
- Your subscription status and purchase history within this App
- App version and operating system version
RevenueCat does not receive any patient data, photographs, clinical notes, or any information you enter into the App. This data is used solely to determine whether your device has an active premium subscription.
RevenueCat Privacy Policy: https://www.revenuecat.com/privacy/
Apple processes all payment transactions through Apple's App Store. The App never receives, sees, or stores your payment card information. Apple's handling of purchase data is governed by Apple's Privacy Policy: https://www.apple.com/privacy/
6. Exports and Sharing
OrthoPhoto allows you to export files (PDFs or JPEG images) using your device's native sharing tools. Any export or sharing action is:
- Initiated solely by you
- Governed by the privacy policies of the destination application or service you choose to share with
We are not responsible for how third-party apps, services, or platforms handle data once you export it from the App.
7. GDPR (European Users)
Because OrthoPhoto does not collect or transmit personal data (other than the anonymized subscription identifier processed by RevenueCat as described in Section 5), the developer does not act as a data controller for clinical or personal data under the GDPR. Any clinical data handled within the App remains under the sole control and responsibility of the user as data controller.
For subscription-related data processed by RevenueCat, the legal basis is contract performance (Art. 6(1)(b) GDPR) — necessary to validate your subscription entitlement.
8. HIPAA and Medical Data
OrthoPhoto is a clinical photography and documentation tool. Because no clinical data is transmitted or stored by us, we do not receive, store, or manage Protected Health Information (PHI) under HIPAA. Responsibility for compliance with medical data regulations rests entirely with the user and their organization's device security practices.
9. Children's Privacy
OrthoPhoto is intended exclusively for licensed dental and orthodontic professionals and dental students. The App is not directed to children. We do not knowingly collect any personal information from children under the age of 13 (or under 16 where required by applicable law, such as in the European Union). If you believe a child has provided personal information, please contact us so we can take appropriate action.
10. Data Security
We design the App using best practices for local security and privacy. Since no clinical data is transmitted to or stored by us, the security of your clinical records depends on:
- Your device's operating system security
- Your use of passcodes, biometric locks, and encryption
- Your device backup and sharing practices
11. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect legal, regulatory, or functional changes (such as the addition of new third-party services). Any updates will be posted at this URL with an updated effective date. Continued use of the App after changes constitutes acceptance of the revised policy.
12. Contact
For questions about this Privacy Policy or OrthoPhoto's privacy practices: Email us
13. Summary
- Your clinical data stays on your device — we never see it
- We do not collect, track, or analyze any patient data
- The only third-party data exchange is an anonymized device ID used to validate your premium subscription (RevenueCat)
- Payment is handled entirely by Apple — we never see your payment information
Privacy is not a feature of OrthoPhoto — it is the foundation of its design.