Who We Are

Data Controller – OraControl LLC (Address)
Data Protection Contact – info@oracontrol.com

What Data We Collect

  • Information you provide directly (e.g., when you create an account, make a booking, or contact support).
  • Automatically through cookies and analytics tools.
  • From third-party integrations you connect (e.g., Stripe, Google Calendar, Zoom, PayPal, Twilio, Mailchimp).

How We Use Data

  • Provide, secure, and improve the OraControl platform.

  • Process bookings and payments via Stripe (USA/EU-Standard Contractual Clauses).

  • Host live chat & onboarding via Tidio (EU data centers).

  • Comply with legal obligations.

  • To provide, operate, and maintain our Services.
  • To communicate with you about your account, updates, or support requests.
  • To improve and personalize your experience.
  • For analytics and business insights.
  • To send marketing communications (with your consent)
  • When you provide your phone number through our booking forms or account setup, we use it to send transactional SMS messages such as one-time verification codes (2FA), appointment confirmations, reminders, and service-related notifications. These messages are user-initiated and required to complete or manage bookings.
  • By submitting your phone number, you consent to receive these SMS messages. You may opt out at any time by replying STOP. Marketing or promotional SMS messages are sent only with separate, explicit consent.

International Transfers

We rely on the European Commission’s Standard Contractual Clauses (SCCs) for all US transfers, supplemented by encryption at rest/in transit and role-based access controls.

How Long We Keep Data

  • Data is retained for the life of the customer relationship + 12 months, unless:

    • law requires longer retention (e.g., tax records = 7 yrs)

    • you request erasure sooner (where legally permitted)

Your GDPR Rights

  • Access / copy your data.

  • Rectification of inaccuracies.

  • Erasure (“right to be forgotten”).

  • Restriction or objection to processing.

  • Portability of machine-readable data.

  • Withdraw consent at any time (marketing).

Cookies & Similar Tech

We use first-party functional cookies and Google Analytics 4 (IP anonymization).
Visit oracontrol.com/cookie-settings to manage consent.

Data Security

  • TLS 1.3 in transit

  • AES-256 at rest (AWS us-east-1 & eu-central-1)

  • Quarterly penetration tests

  • SOC 2 (Type II) certified hosting

Children

OraControl is not directed to children under 16; we do not knowingly process such data.

Complaints

EU residents may lodge complaints with their local supervisory authority or our lead authority: Irish Data Protection Commission.

Changes

We’ll post any changes here and email account holders 14 days before they take effect.

Updates to This Policy

We may update this Privacy Policy from time to time. The latest version will always be posted on our website with the effective date.

Your Privacy, Our Priority

We’re committed to protecting your personal information and keeping your data secure. If you have any questions about how OraControl handles your information, we’d love to hear from you.

Contact Us

Log In

Try for free