Hosted in India
Your clinic's data is hosted in India (Mumbai region) and encrypted at rest, with TLS in transit. It doesn't leave the country to run the product.
Built for India
Your patients' data stays in India.
DentBeacon is designed around India's Digital Personal Data Protection (DPDP) rules from the ground up — not retrofitted from a tool built for somewhere else. This page is how we handle data today; it's a description of the build, not legal advice.
Role-based access
Least-privilege, row-level access controls mean each team member sees only what their role needs. The front desk, the dentist, and the owner don't all see the same thing.
Private by design
The waiting-room display shows token numbers only — never names or phone numbers. Privacy is built into the product's smallest decisions.
Audit logs
Sensitive actions are written to append-only audit logs and retained, so unauthorized access can be detected and reviewed.
Your data is portable
Your data is yours. It's exportable at any time — doing portability well is a deliberate part of the design, not an afterthought.
Offline-first, still secure
The app keeps working through power cuts and dropped connections, syncing securely on reconnect — without loosening access controls.
Who's responsible for what
Your clinic owns the data. We process it for you.
Under DPDP, your clinic is the Data Fiduciary — you decide why and how patient data is used, and you carry the primary responsibility. DentBeacon is your Data Processor: we process data on your behalf, under contract. Our job is to make your compliance easier, with a Data Processing Agreement that sets out security, breach-reporting, and deletion duties. We don't claim certifications we don't hold, and we'll never overstate where the law currently stands.
Security & data questions
Where is my patients' data stored?
In India — the Mumbai region — encrypted at rest, with encryption in transit. It isn't moved out of the country to run the product.
Is DentBeacon DPDP compliant?
DentBeacon is designed to be DPDP-aligned: encryption, role-based access, audit logging, consent handling, and data export are built in. Under DPDP your clinic is the Data Fiduciary and DentBeacon is the Data Processor; we provide a Data Processing Agreement to support your compliance. We describe what the build does and don't claim certifications we don't hold.
Who in my team can see patient data?
Access is role-based and least-privilege. Each role — front desk, dentist, owner — sees only what it needs. The public waiting-room display shows token numbers only, never names or phone numbers.
Can I export or delete my data?
Yes. Your data is yours and is exportable at any time, and deletion is supported. Portability is a deliberate design goal, not an afterthought.
What happens if there's a data breach?
We maintain breach detection off our audit logs and a defined process to notify your clinic quickly, so you can meet your own obligations as the Data Fiduciary. The specifics are set out in the Data Processing Agreement.
Questions about data?
Talk it through with the founder.
No sales team — just a straight conversation about how your clinic's data is handled.