Privacy Policy

This Privacy Policy describes how 3yadtk ("Company," "we," "us") collects, uses, shares, and protects personal information when you use the 3yadtk platform, websites, applications, and services ("Service").

By using the Service, you agree to the terms of this Privacy Policy.

2.1 User-provided information: Name, email address, phone number, onboarding data (clinic name, country, specialty), and payment information (processed by Stripe, not stored by us).

2.2 Patient data: Collected by the subscribing clinic (the data controller) and controlled by the clinic/doctor. We act as data processor under our Data Processing Agreement (DPA).

2.3 Usage data: IP addresses, browser type, pages visited, time on site, referral source — collected via cookies and server logs.

2.4 Device data: Device type, operating system, device identifiers for PWA support.

• Providing, operating, and improving the Service
• Managing your subscription and billing
• Responding to support requests
• Sending essential service notifications
• Complying with legal and regulatory requirements
• Preventing fraud and ensuring platform security

We will never use patient data for marketing purposes at any time.

Saudi Arabia (PDPL Compliance): Patient data for Saudi clinics is stored exclusively on AWS Bahrain (me-south-1), within Saudi borders, in compliance with the Personal Data Protection Law (PDPL).

UAE (FDPL Compliance): Patient data for UAE clinics is stored exclusively on AWS UAE (me-central-1), in compliance with the Federal Data Protection Law.

Other MENA countries: Data is stored on Railway (EU) with international data protection standards applied.

We work with trusted service providers to operate the platform:

• Stripe: Payment processing (no access to patient data)
• Unifonic: WhatsApp & SMS (processes only recipient number and message text)
• Resend: Transactional email
• Cloudflare R2: File storage (encrypted at rest)
• Sentry: Error tracking (no patient data included)

We never sell your data to third parties.

Under PDPL, UAE FDPL, GDPR, and applicable local laws, you have the right to:

• Access your personal data
• Correct inaccurate data
• Request data deletion (subject to legal retention requirements)
• Object to data processing
• Export your data in a machine-readable format (data portability)

To exercise any of these rights, contact us at: privacy@3yadtk.com

We retain account data for the duration of an active subscription plus up to 90 days after cancellation. Patient data retention is controlled by the subscribing clinic. Dental patient records in UAE clinics are retained for 25 years per NABIDH requirements.

We use TLS 1.3 encryption for data in transit and AES-256 for data at rest. Access is controlled via multi-factor authentication and least-privilege policies. All patient data access events are logged to an immutable audit trail.

We use essential cookies for session management and authentication. Analytics cookies are optional — you can refuse them via the site banner. We do not use third-party advertising cookies.

In the event of a data breach affecting your personal data, we will notify you within 72 hours of discovery, in compliance with PDPL, UAE FDPL, and applicable local regulations.

For subscribing clinics: we will notify the appropriate supervisory authority (Saudi National Cybersecurity Authority, UAE TDRA, or equivalent) within the legally required timeline for each jurisdiction.

3yadtk has appointed a Data Protection Officer to oversee compliance with data protection regulations across all MENA markets we serve.