B-Ceph Privacy Policy
HIPAA Compliance
B-Ceph is designed to be HIPAA-compliant.
1. Introduction
B-Ceph ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our cephalometric analysis software and services.
Please read this policy carefully. By accessing or using our Service, you acknowledge that you have read, understood, and agree to be bound by all the terms of this Privacy Policy.
2. Information we collect
2.1 Information you provide
We collect information you provide directly to us, including:
| Data category | Examples | Purpose |
|---|---|---|
| Account information | Name, email, phone, credentials | Account creation and management |
| Professional information | License numbers, practice details | Service verification |
| Patient data (PHI) | Medical records, images, analysis data | Service delivery |
| Payment information | Billing details, transaction history | Payment processing |
2.2 Information collected automatically
When you use our Service, we automatically collect:
- Usage data: Feature usage, session duration, error logs
- Device information: IP address, browser type, operating system
- Technical data: Performance metrics, crash reports
- Location data: Approximate location (country/region level)
2.3 Information from third parties
We may receive information about you from third parties, such as:
- Payment processors (Stripe, PayPal)
- Analytics providers (Google Analytics)
- Business partners and resellers
- Publicly available sources
3. How we use your information
We use the collected information for the following purposes:
- Service delivery
- To provide, maintain, and improve our cephalometric analysis services.
- Authentication
- To verify your identity and manage your account.
- Communication
- To send service updates, security alerts, and support messages.
- Payment processing
- To process transactions and send invoices.
- Compliance
- To meet legal obligations and regulatory requirements.
- Security
- To protect against fraud, abuse, and security risks.
- Analytics
- To understand usage patterns and improve our Service.
5. Data security
We implement industry-standard security measures to protect your data:
- Encryption: All data is encrypted in transit (TLS 1.2+) and at rest (AES-256)
- Access controls: Strict role-based access controls and authentication
- Network security: Firewalls, intrusion detection, and DDoS protection
- Physical security: Secure data centers with 24/7 monitoring
- Audit logging: Comprehensive logging of all access and changes
- Regular testing: Security audits, penetration testing, vulnerability scans
6. Data retention
We retain your information only as long as necessary:
| Data type | Retention period | Notes |
|---|---|---|
| Account data | While account is active + 90 days | You may request deletion |
| Patient data (PHI) | As required by HIPAA (min. 6 years) | We act as data processor |
| Financial records | 7 years for tax purposes | Legal requirement |
| Backup data | 30–90 days after deletion | For disaster recovery |
You may request deletion of your data at any time by contacting us. We will comply with your request unless we are required to retain the data for legal or legitimate business purposes.
7. Your rights and choices
Depending on your location, you may have the following rights regarding your personal information:
- Access and portability
- Request a copy of your data in a machine-readable format.
- Correction
- Request correction of inaccurate or incomplete data.
- Deletion
- Request deletion of your personal data.
- Restriction
- Request restriction of processing in certain circumstances.
- Objection
- Object to processing based on legitimate interests.
- Withdraw consent
- Withdraw consent at any time where processing is based on consent.
- Opt-out
- Opt-out of marketing communications and certain data uses.
To exercise these rights, contact us at support@b-ceph.com. We will respond to your request within 30 days.
8. Children's privacy
Our Service is not intended for children under 18. We do not knowingly collect personal information from children under 18.
If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately. We will take steps to remove such information from our servers.
9. Changes to this policy
We may update this Privacy Policy from time to time. We will notify you of any material changes by:
- Posting the new Privacy Policy on this page with an updated "Last updated" date
- Sending an email notification to registered users
- Displaying a prominent notice within the Service
Your continued use of the Service after any changes constitutes acceptance of the updated Privacy Policy.