Request account & data deletion

Your Dentvora account and authentication credentials (email, password hash, phone number, name, role).

Personal profile data you provided — including profile photo, contact details, and notification preferences.

Clinic configuration data you created — branch details, working hours, services, pricing inputs, and clinic settings (where you are the sole owner of that clinic record).

Connected third-party integration tokens — Meta (Facebook, Instagram, WhatsApp Business), Google Business Profile, and OpenAI/Gemini access tokens are revoked and deleted.

Marketing content you generated — captions, AI prompts, draft posts, and uploaded creative assets.

Usage telemetry tied to your user account — feature interaction logs, IP-derived approximate location, and device identifiers.

Billing and tax records — retained for up to 7 years to meet Indian tax, GST, and statutory record-keeping requirements (Companies Act 2013, Income Tax Act 1961, CGST Act 2017).

Audit trails for grievances and security incidents — retained for the period required by the DPDP Act 2023 and the IT (Intermediary Guidelines) Rules 2021.

Aggregated, de-identified analytics — used only to understand product performance; cannot be linked back to you.

Patient Data submitted by your Clinic — if your Clinic uses Dentvora to manage patient records and you are an employee/staff user, the Clinic remains the Data Fiduciary for those records. Patient data is not deleted just because your individual staff account is deleted; the Clinic owner must request patient-data deletion separately (see section 5).

Backups — deleted data may persist in encrypted backups for a short rotation period before being overwritten in the normal backup lifecycle.

We acknowledge every deletion request within 24 hours by email or WhatsApp.

Once we verify the request comes from the account owner, we delete or anonymize the in-scope data within 30 days.

Backups containing the deleted data are overwritten within the normal backup-rotation cycle (typically within an additional 30–60 days).

We will email you a confirmation when the deletion is complete.

To protect your data, we will verify that the request comes from the account owner before deleting anything.

Verification is usually done by replying from the registered email address or registered phone number.

If you no longer have access to that email/phone, please share enough information (clinic name, last login date, recent invoice number) to help us confirm ownership through alternative means.

If you are a Clinic owner and want to delete patient records your clinic submitted to Dentvora (patient profiles, appointment history, tooth charts, treatment plans, prescriptions, X-rays, before/after photos), please mention this explicitly in your request.

We will permanently delete all patient records associated with your Clinic, subject to the retention windows above (billing/tax/audit trails).

Note: under the DPDP Act 2023, the Clinic is the Data Fiduciary for its patients' personal data. If a patient of your clinic asks you to delete their records, you (the Clinic) decide and instruct us — we then carry out the deletion on your instruction.

To delete data obtained specifically from Facebook, Instagram, or WhatsApp integrations, email [email protected] with the subject line "Meta Data Deletion Request".

We will revoke Dentvora's access tokens and delete the user data associated with your Meta integrations in compliance with Meta Platform policies.

You can also disconnect Dentvora directly from your Meta account at https://www.facebook.com/settings → Apps and Websites — this revokes our access tokens immediately.

You have the right to request erasure of your personal data, subject to our lawful retention obligations.

You have the right to withdraw consent for any processing that relies on consent — withdrawal does not affect the lawfulness of processing before withdrawal.

You have the right to register a grievance with our Grievance Officer ([email protected], +91 70421 39045) and to escalate to the Data Protection Board of India if a grievance is not resolved within 15 days.

See our Privacy Policy section 11 for the full list of Data Principal rights.