Built carefully, with patient data in mind.

Plandentic is a dental treatment planning platform - and dental practices entrust us with sensitive information. We take that seriously. This page describes the principles guiding how we build, and the practical measures that protect data in our care today.

Our principles

Before specific tools or controls, four principles shape every decision we make:

• Privacy by design

  Security and privacy are product decisions, not afterthoughts. Every feature is reviewed against the question: "what is the minimum data we need to deliver this?"

• Minimal data collection

  We collect only the data that is strictly necessary to provide our dental treatment planning services. No cross-site tracking, no third-party data brokers, no fingerprinting.

• Encryption in transit

  All traffic to and from Plandentic is encrypted using industry-standard TLS. Sensitive data never travels over an unprotected connection.

• Least privilege access

  Internal access to systems and data is restricted on a need-to-know basis. Production credentials are scoped narrowly and rotated when team membership changes.

Protecting your data

Inside the product, we apply layered safeguards:

• Encrypted transport: all client-server traffic uses TLS. We do not accept unencrypted connections.
• Hardened infrastructure: production runs on managed infrastructure with restricted network access and platform-level patching.
• Authentication: account access requires strong credentials. Sessions are time-bound and tied to the originating device context.
• Access controls: roles and permissions inside the product limit what each user can see and do, so a clinician's account isn't a back door to admin functions.
• Audit trail: sensitive actions are logged so we can investigate if anything looks unusual.

Infrastructure

Plandentic runs on managed cloud infrastructure with EU-region hosting. The provider handles physical security, network isolation, and platform patching at the layers we don't operate ourselves. On top of that we apply our own configuration hardening, monitoring, and access controls.

Backups are taken on a regular schedule and stored separately from primary storage so we can recover quickly from operational issues.

Security assessments

We carry out continuous security code reviews, and do annual penetration testing to ensure the integrity of our platform.

If something goes wrong

No system is immune to incidents. If an event affects data we hold for you, we will:

• Investigate, contain, and resolve the issue with priority over feature work.
• Notify affected customers directly, with the facts as we understand them.
• Provide an honest post-incident write-up describing what happened, what we changed, and how we'll prevent a repeat.

Where we're going

Plandentic is a young company. The mechanisms above are real - but third-party-audited certifications take time, paperwork, and scale. As we grow, we plan to formalize our security posture with the certifications customers and procurement teams expect from a dental SaaS. We will publish each milestone here when it lands, rather than make claims we can't back up today.

If your organization needs specific assurances or documentation before adopting Plandentic, please reach out and we'll work with you directly.

Questions or disclosure

Found something that looks like a vulnerability? Have a procurement question? We want to hear from you:

Email: info@plandentic.com

Postal Address:
Plandentic d.o.o.
Trg Hrvatskih Branitelja 25/1
43000 Bjelovar
Croatia