Privacy Policy

The controller of your personal data is:

We collect and process the following categories of data:

A. Patient Data

• Name, phone number, email address
• Medical history and treatment records
• Appointment scheduling data
• Communication preferences (SMS, email, push notifications)

B. Social Media Content Data

• Video recordings uploaded for social media publishing
• AI-generated transcriptions and translations of video content
• AI-generated metadata (titles, descriptions, hashtags)
• Video processing status and analytics

C. Website Usage Data

• Browser type, IP address, device information
• Pages visited and interactions
• Cookies and similar tracking technologies

We operate social media accounts on various platforms to share educational dental content, clinic updates, and patient stories (with explicit consent). Our video processing pipeline includes:

Video Processing Pipeline

• Upload: Videos are uploaded to our secure cloud storage (Supabase, hosted in EU)
• Transcription: Audio is transcribed using OpenAI Whisper API for caption generation
• AI Analysis: Content is analyzed by OpenAI GPT-4o to generate appropriate titles, descriptions, and hashtags
• Captioning: Professional captions are added using Captions/Mirage API
• Publishing: Processed videos are published to social media platforms after manual review

Platforms We Publish To

• TikTok — via TikTok Content Posting API
• YouTube — via YouTube Data API
• Instagram — via Meta Graph API
• Facebook — via Meta Graph API

Important: Patient-identifying content is never published without explicit, written consent. All educational and promotional content features only clinic staff who have consented to appear in social media materials.

We use the TikTok Content Posting API to publish educational dental content to our clinic's TikTok account. Specifically:

Data We Access via TikTok API

• Video upload capability (Content Posting API)
• Publishing status and video metadata
• We do not access any TikTok user data, follower information, or analytics via the API

How We Use TikTok API

• To publish pre-approved, captioned dental educational videos
• All content undergoes manual review before publishing
• Videos contain only dental health tips, clinic information, and consenting staff members
• We do not collect, store, or process any TikTok end-user data

Data Retention for TikTok

• Video files are stored on our servers (Supabase, EU) during processing
• After successful publishing, raw video files may be retained for backup purposes
• TikTok API access tokens are stored securely as encrypted environment variables
• No TikTok user data is stored on our systems

We use the following third-party services to process data:

• OpenAI (Whisper & GPT-4o) — for speech-to-text transcription and content analysis. Data is processed per OpenAI's Privacy Policy. API data is not used for model training.
• Captions / Mirage — for adding professional captions to videos. Videos are processed and returned; not stored permanently by the service.
• Supabase — for database and file storage (EU region). Compliant with GDPR.
• Vercel — for website hosting and serverless functions. Processes requests in EU/US regions.
• SMSAPI.pl — for sending SMS notifications to patients (Polish company, GDPR compliant).
• Resend — for transactional email delivery.
• Stripe — for payment processing (PCI DSS compliant).

We process personal data under the following legal bases (GDPR Article 6):

• Consent (Art. 6(1)(a)) — for marketing communications, social media content featuring patients, push notifications
• Contract Performance (Art. 6(1)(b)) — for appointment booking, treatment records, payment processing
• Legal Obligation (Art. 6(1)(c)) — for medical record keeping as required by Polish healthcare law
• Legitimate Interest (Art. 6(1)(f)) — for clinic promotion via social media (educational content), website analytics, service improvement

We implement appropriate technical and organizational measures to protect your data:

• All data transmissions are encrypted using TLS/SSL (HTTPS)
• Database access is restricted with row-level security policies
• API keys and credentials are stored as encrypted environment variables
• Admin and employee access is protected with role-based access control (RBAC)
• Patient data access is logged for GDPR audit compliance
• Regular security reviews and dependency updates

Under the General Data Protection Regulation (GDPR), you have the right to:

• Access — request a copy of your personal data
• Rectification — correct inaccurate personal data
• Erasure — request deletion of your personal data ("right to be forgotten")
• Restriction — request restriction of processing
• Portability — receive your data in a machine-readable format
• Objection — object to processing based on legitimate interest
• Withdraw Consent — withdraw previously given consent at any time

To exercise any of these rights, contact us at kontakt@mikrostomart.pl. We will respond within 30 days as required by GDPR.

• Medical Records: Retained for 20 years as required by Polish healthcare law (Ustawa o prawach pacjenta)
• Appointment Data: Retained for 3 years after the last visit
• Marketing Communications: Until consent is withdrawn
• Video Content: Retained on our servers during processing; published content remains on respective social media platforms until manually removed
• Website Logs: Retained for 90 days
• Account Data: Until account deletion is requested

Our website uses cookies for:

• Essential cookies — required for website functionality (session, authentication)
• Preference cookies — remembering language selection and user preferences
• Analytics cookies — understanding website usage patterns

You can manage cookie preferences in your browser settings.

If you believe your data protection rights have been violated, you have the right to lodge a complaint with the Polish Data Protection Authority:

For any questions about this Privacy Policy or our data practices, please contact:

• Email: kontakt@mikrostomart.pl
• Phone: +48 77 453 92 50
• Address: ul. Ozimska 25/4, 45-057 Opole, Poland

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last updated" date. We encourage you to review this page periodically.