Privacy Policy

askadent is a dental triage service operated by ASKADENT PTY LTD (ABN 65 697 885 279) in Australia ("we", "us", "our"). When you use askadent we collect and handle health information about you, which is sensitive information under the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). Where state-level health records legislation imposes a stricter standard (for example the NSW Health Records and Information Privacy Act 2002 or the Vic Health Records Act 2001) we follow that stricter standard.

What we collect

Your photos, your answers on the intake form, and your email address. We also store the dentist's assessment, any follow-up question and reply, an anonymous marker of how you reached us, and a small set of technical records (IP address, browser/device type, access timestamps) needed to operate the service securely and produce the audit log referenced under "Security".

We do not collect: your home address, date of birth, Medicare number, or any other government identifier; your bank or card details (when payment is enabled, that goes directly to a third-party payment provider); or anything about your health beyond what you tell us yourself.

Why we collect it

To produce your assessment and deliver it to you. We do not build advertising profiles of you, show you targeted ads, or use your health information for marketing. If you reached us through an online ad, we send the advertising platform a single one-way signal that a paid case occurred — so we can measure which ads are worth running. This is a measurement signal, not a profile: it carries none of your health information and is described under "Where it lives" below.

Where it lives, and who runs it

We use a small number of service providers to operate askadent. The categories, locations, and what they handle are:

Service Location What it handles
Application servers, scheduled background jobs, database, rate-limit counters Sydney, Australia The website itself, your case record, intake answers, dentist's assessment
Photo object storage Sydney, Australia Your photos, accessed only via short-lived signed links
Transactional email delivery United States The email that contains your assessment link
Server-side error monitoring United States Error reports with personal information removed before they leave our infrastructure
Aggregate web analytics United States Cookieless page-view and visit counts; no persistent identifier, no form/photo/assessment content, per-case links stripped before sending
Payment processing (when enabled) Australia Card transactions; we never see your card number
Advertising conversion measurement United States A one-way confirmation that a paid case occurred (a case reference, the amount, and the ad click identifier) — no health information, no browsing data, no profile

Where a provider is located outside Australia we have taken reasonable steps under APP 8.1(a) to satisfy ourselves that they handle personal information consistently with the APPs. The practical mitigations are: (a) the email we send you contains a link, never the assessment text; (b) personal information is stripped from error reports before they leave our infrastructure; (c) web analytics is cookieless with no persistent identifier and per-case access links are stripped from page addresses before they are sent; (d) each provider has signed a contract with us including confidentiality and security obligations; (e) the advertising conversion signal is sent server-side and contains no health information — only that a paid case occurred, its value, and the ad click identifier.

We will provide the current list of specific organisations on request — email privacy@askadent.com.au.

Who can see it

The reviewing dentist (verified at AHPRA at onboarding); a small named team of administrators who operate the service and action your support and privacy requests; our service providers in the course of providing their service. We do not sell or rent your information, and we do not share it with data brokers, insurers, or for advertising that targets you. The only advertising-related disclosure is the one-way conversion-measurement signal described under "Where it lives": it tells our advertising platform that a paid case occurred so we can measure ad effectiveness, contains no health information, and is not used to profile or retarget you.

Your case is reviewed by a single dentist. While it is waiting in our review queue (before any dentist has claimed it), it is visible to active dentists on the platform so one can pick it up — they can see your photos and intake answers to decide whether to take it on. As soon as a dentist claims the case, it leaves the shared queue and only that dentist can read its contents from then on; other dentists no longer see it. If your reviewer later becomes unavailable (for example, on extended leave or no longer with the service), an administrator may release the case back to the queue so another dentist can pick it up. Administrators retain full visibility for compliance and support purposes; every clinician and administrator access is recorded in our audit log.

How long we keep it

Your case (intake answers, photos, dentist assessment, follow-up Q&A) is kept for 7 years from submission, in line with the NSW Health Records and Information Privacy Act convention, and then permanently deleted by an automated daily process. You can request earlier deletion at any time.

Security

We use industry-standard controls including encryption in transit and at rest, strong (passkey-based) clinician sign-in with idle revocation, per-case unique access links rotated each time we email you, an append-only audit log of every clinician sign-in and case action, rate limiting on every sensitive endpoint, and a kill switch to take the service offline immediately if needed.

Cookies

We use a small number of cookies that are strictly necessary to keep your case bound to your browser through the intake and result-page flow. We do not use advertising or tracking cookies and we do not embed third-party advertising pixels. We do not use session-replay tools or mouse-movement analytics, and we do not track you across other websites. Our advertising conversion measurement is performed entirely server-side and sets no cookie, tag, or tracking pixel in your browser.

We do use a privacy-preserving, cookieless web-analytics tool (Vercel Web Analytics) that counts aggregate page views and visit numbers to help us understand how the service is used and improve it. It does not set cookies, does not store a persistent or cross-site identifier, and does not capture form contents, photos, or the assessment text. The unique per-case access link in /c/... is stripped before any page address is sent to the analytics tool, so the analytics provider never receives a usable case link. There is no cookie banner because there are no non-essential cookies to opt into.

Your rights

You can request access to the personal information we hold about you (APP 12), correction of anything that is wrong (APP 13), and deletion of your case before the 7-year retention period expires. Use the form on your case page (preferred — it carries your case reference) or email privacy@askadent.com.au. We acknowledge within 7 days, respond substantively within 30 days, and never charge.

Data breaches and complaints

Under the Notifiable Data Breaches scheme (Part IIIC of the Privacy Act) we will notify you and the Office of the Australian Information Commissioner if an eligible data breach is likely to result in serious harm to you. If you believe your information has been mishandled, contact us at privacy@askadent.com.au first. If you are not satisfied with our response, you can complain to the OAIC on 1300 363 992 or at https://www.oaic.gov.au.

Contact