The Dentospire Trust Pledge

Your clinic's data is YOUR data.

A direct pledge from the Dentospire team to every Indian dentist on the platform. Read it. Print it. Hold us to it.

Verified

DPDP-aligned
DCI-compliant
GST-ready
256-bit encrypted
Trademark filed

We do NOT.

The hard lines. None of these will ever change while Dentospire exists.

01We do NOT sell your patient data to insurance companies.

Ever. No exceptions. No anonymised exception. No "aggregated risk score" exception.

02We do NOT share your clinic data with pharmaceutical companies.

Not your prescriptions, not your treatment plans, not your patient demographics — nothing.

03We do NOT aggregate your data into anonymous datasets to resell.

No "industry benchmarks for sale". No "market intelligence reports". Your data is not our second product.

04We do NOT sell your dentist contact information as leads.

You are not a product. Your phone number, your email, your clinic name — never traded, never rented, never sold.

05We do NOT use your patient data to train models for anyone else.

Your AI learnings stay in your clinic. We do not pool clinic data to fine-tune a shared model that ships to competitors.

06We do NOT share data with our investors.

Because we have NONE — Dentospire is bootstrapped and founder-owned. There is no VC asking us to monetize you. There is no quarterly board pushing for "data revenue".

Why this matters in plain English: every VC-funded SaaS has a board that pushes for new revenue products every quarter. Patient data is the easiest "new product" to monetize. Bootstrapped founders only make money when clinics like yours pay for the software — not from your data. That's the structural reason we can promise this and they often can't.

We do.

The positive commitments. Auditable, in writing, and live in the product today.

01We DO encrypt every byte at rest (AES-256) and in transit (TLS 1.3).

Database, file storage, backups — all encrypted. Field-level AES-256-GCM on PII.

02We DO comply with India's DPDP Act 2023 + UK IDTA cross-border safeguards.

Documented Data Processing Agreement, 72-hour breach SLA, named Grievance Officer.

03We DO publish our full sub-processor list — every vendor that touches your data, named.

Public list at /sub-processors. Updated whenever it changes.

04We DO let you export your full clinic data anytime in standard formats.

CSV, JSON, PDF — one click in the dashboard. No "contact sales to export". No lock-in.

05We DO auto-lock clinical records after 24 hours per regulatory compliance.

Edit-window closes; everything after is an append-only audit entry. Clinical record integrity is non-negotiable.

06We DO log every admin action — your audit trail is yours.

Append-only logs for sensitive actions. Available to you on request for any inspection or audit.

Why we are structurally different.

Trust isn't a marketing line. It comes from how a company is built. Here is the side-by-side.

	Big healthtech aggregators	Dentospire
Funding model	VC-funded — must monetize data to satisfy investors	Bootstrapped, dentist-owned — no investor pressure
Built by	Tech outsiders, no clinical background	A practising dentist who runs a real clinic
Patient data sold to third parties	Allegedly yes	Never. Pledged in writing on this page.
Sub-processors public	No / buried in 40-page T&Cs	Yes — full list at /sub-processors
Data export	Difficult / requires sales contact	One-click CSV / JSON / PDF
Investor data sharing	Implicit — investors see usage + revenue analytics	Impossible — no investors exist

Backed by Indian law — not just our word.

The pledges above aren't marketing copy. They are commitments enforceable under multiple Indian statutes.

Dentospire's data-handling commitments are enforceable against the founder and the company under the following Indian laws:

DPDP Act 2023

Digital Personal Data Protection Act establishes Dentospire as a Data Fiduciary. Failure to implement reasonable security safeguards under §8(5) carries the highest penalty in the Schedule — up to ₹250 crore (§33). Processing patient data without valid consent is separately actionable under §§4–12.
IT Act 2000 §43A

Corporate liability for failure to protect sensitive personal data. Affected parties may claim damages directly from the body corporate, with no upper limit on compensation.
IT Act 2000 §72A

Disclosure of information in breach of lawful contract: imprisonment up to 3 years and fine up to ₹5 lakh.
IPC §§405–406 — Criminal Breach of Trust

Misappropriation of property entrusted to us — including, in suitable cases, patient data — may attract criminal prosecution (defined in §405, punishable under §406: imprisonment up to 3 years and/or fine). Most data-misuse matters in India are litigated under the IT Act / DPDP regime; IPC charges are a supplemental route.
IPC §415 — Cheating

Inducing customers to sign up under false data-handling promises is actionable cheating, punishable under §417 (imprisonment up to 1 year) or §420 (up to 7 years if dishonest inducement to deliver property).
DCI Code of Ethics 2014

Dental Council of India's patient-confidentiality canon binds every practitioner. We honour it for the data dentists trust to us.

Founder and company are personally and legally accountable.

A notarized affidavit on stamp paper backing this pledge is available on request — email dentospire@gmail.com with subject "Affidavit request" and we will send a notarized copy within 7 business days.

Grievance Officer — your direct line to escalate.

Per DPDP Act 2023 §10, every Data Fiduciary in India must publish a named Grievance Officer. Yours:

Role	Grievance Officer · Dentospire™ Team
Email	dentospire@gmail.com (subject line: "DPO request")
Phone	+91 94231 10257
Hours	9 AM – 9 PM IST · 7 days a week
Resolution SLA	72 hours from acknowledgement

File any concern about your data — access, correction, deletion, suspected misuse. We respond in writing.

Suspect a violation? We want to hear it FIRST.

Inviting scrutiny is the only way to keep ourselves honest.

If you ever see something — a vendor we didn't disclose, a leaked record, an aggregated dataset that shouldn't exist, an investor who somehow saw your data — email us before you tell anyone else. We treat every tip as critical:

Acknowledged in writing within 24 hours.
Investigated by the founder personally within 72 hours.
Resolved + reported back to you within 7 days, with the actual root-cause + the corrective action.
If we got it wrong, we say so publicly on this page in the "Last reviewed" log.

No retaliation. No NDAs to silence the report.

Email dentospire@gmail.com with subject "Suspected violation".

Signed and committed by:

The Dentospire™ Team

Founder & Practising Dentist · 26 April 2026

Last reviewed: 26 April 2026. This pledge is reviewed at every quarterly compliance cycle and on every material change to our data handling. The canonical version lives at https://dentospire.com/trust.

Want the full legal stack?

Plain-English pledge above, full contractual detail below.

Read the full Data Processing Agreement → See our sub-processors →

Questions? Call us: +91 94231 10257

Compliance, security & uptime

DPDP Act 2023
UK GDPR (IDTA)
AES-256
24h EMR Lock
8-Provider AI Chain
6-Cloud Backups
DCI Compliant
SHA-256 Tamper Detection

Independent audits on request · DPA · Sub-processors · Trust center