Privacy Policy

Last updated: April 24, 2026

This Privacy Policy describes how ZoniteAI, the company behind Orelis (the “Service”), collects, uses, and discloses information when dental practices and their staff use Orelis. This is a placeholder draft pending review by counsel and will be replaced before general availability.

1. Information we collect

We collect information you provide when you create a practice account (name, email, role, practice details), clinical and operational data your team enters into the Service (patient records, encounters, odontogram findings, appointments, invoices, payments), and technical data automatically generated when you use the Service (logs, request identifiers, device and browser metadata).

2. How we use information

We use information to operate the Service, deliver clinical and business workflows you configure, generate AI-assisted summaries and reports you request, secure your account, prevent fraud and abuse, and meet our legal obligations. We do not sell personal information.

3. Protected health information (PHI)

Where you upload PHI in the United States, we treat that data under a Business Associate Agreement (BAA). Production deployments use encryption in transit and at rest, role-based access controls, tenant isolation, and audit logs. A BAA must be executed before PHI is introduced into the production Service.

4. AI processing

Some features (transcription, encounter summaries, patient reports) send a minimal slice of practice data to large-language-model providers we contract with under data processing terms. We do not allow these providers to train their models on your data. You can disable AI features at any time from the practice settings.

5. Sharing

We share information with infrastructure subprocessors (cloud hosting, email, error monitoring, payment processing) under contractual safeguards, with regulators or law enforcement when legally required, and at your direction (for example, when you export data or invite a collaborator).

6. Retention

We retain practice data while your subscription is active and for a reasonable archival window after termination so you can export it. You may request earlier deletion subject to legal and clinical record-retention requirements that apply to your jurisdiction.

7. Your choices

Account owners can update or correct practice and user records inside the Service, export their data, and request account deletion. Patients with rights under HIPAA, GDPR, or similar laws should contact the practice that uses Orelis as their data controller; we will support practices in honoring those requests.

8. Contact

Questions about this policy can be sent to privacy@orelis.app. We will respond within a reasonable timeframe and in any case as required by law.