Privacy Policy
Effective May 17, 2026
DentalVault Inc. (“Humenis,” “we,” “us”) provides an encrypted file-transfer service for licensed Canadian dental professionals. This policy explains what personal information we collect, how we use it, how long we keep it, and the rights you have under the Personal Information Protection and Electronic Documents Act (PIPEDA) and Quebec's Act respecting the protection of personal information in the private sector (Law 25).
1. Our role and our customers' role
When a dentist uses Humenis to send a patient file, that dentist is the data controller for the patient's personal health information. Humenis is the data processor acting on the dentist's instructions to transmit and temporarily store the file. Responsibility for obtaining the patient's consent to share their information rests with the dentist; our platform records that consent declaration but does not collect it directly from the patient.
2. Information we collect
Account information (sender)
- Email address
- Optional display name
- Argon2id hash of your password — never the password itself
- Account creation date, email verification status, plan tier
Transfer metadata
- Recipient email address
- Patient name (treated as personal health information)
- Original filename, file size, declared content type
- Consent confirmation (a boolean flag and timestamp recording that the sender attested patient consent was obtained)
- S3 object key and KMS key identifier (storage pointers)
- Token expiry, upload completion, download completion times
File contents
The encrypted file payload itself, while it exists on our servers, may contain personal health information (X-rays, CBCT scans, PDFs, etc.). It is encrypted at rest with AWS Key Management Service (SSE-KMS, AES-256-GCM) using a customer-managed key, and is deleted automatically the moment the recipient successfully downloads it — or within 24 hours of upload as a failsafe, whichever comes first.
Audit logs
- Event type (upload, download code requested, code verified, download, deletion)
- Transfer ID, actor user ID
- IP address and user-agent string of the actor
- Timestamps
Audit logs do not contain file contents. They may contain a recipient email address and a transfer's associated patient name (the latter only via the linked transfer row).
Billing information
If you upgrade to Humenis Starter, payment data (card details, billing address, transaction history) is collected directly by Stripe Inc. and is governed by Stripe's privacy policy. We receive only a customer identifier, subscription status, and billing period information.
3. Why we collect it (purposes)
- To deliver the transfer service you requested
- To authenticate you and protect your account
- To send transactional emails (verification, notifications, password reset, download confirmations)
- To meet PIPEDA and Law 25 audit-trail obligations (7-year retention)
- To detect and respond to abuse, fraud, and security incidents
- To bill you for paid plans (via Stripe)
We do not sell personal information. We do not use file contents or patient names to train machine-learning models. We do not display advertising.
4. How long we keep it
| Data | Retention |
|---|---|
| File contents (encrypted) | Deleted on successful download, or within 24 hours of upload — whichever is first |
| Transfer metadata | Retained as part of the audit trail (7 years) |
| Audit logs | 7 years (PIPEDA accountability principle) |
| Account information | Until you delete your account; deletion within 30 days of request |
| Short-lived auth tokens (verification, reset, OTP) | Minutes to days, per the token type; auto-expire |
| Billing records | As required by tax and accounting law (typically 6 years in Canada) |
5. Where it lives (data residency)
All file contents, transfer metadata, account information, and audit logs are stored in Amazon Web Services' ca-central-1 region (Montreal, Quebec, Canada). Backups, if any, remain in Canada. We do not transfer personal information outside Canada for primary storage.
Two sub-processors operate outside Canada:
- Stripe processes payments and may transit data to the United States.
- Resend sends transactional email and may transit data to the United States. Email content is limited to the names of senders/recipients, file sizes, 2FA codes, and links — never file contents.
6. Your rights
Under PIPEDA and Law 25 you may:
- Request a copy of the personal information we hold about you
- Request corrections to inaccurate or incomplete information
- Request deletion of your account and associated data (subject to retention obligations on audit logs)
- Withdraw consent to processing (with the effect of terminating service)
- Request portability of your account information
- File a complaint with the Office of the Privacy Commissioner of Canada or, if you reside in Quebec, the Commission d'accès à l'information.
Patients whose health information was transmitted via Humenis should direct access requests to the dental clinic that sent the file — that clinic is the legal custodian of the record.
7. Security
See our Security page for technical detail. In short: AES-256-GCM at rest via AWS KMS, TLS 1.3 in transit, two-factor authentication on every recipient download, IP and user-agent logging on every access, and least-privilege IAM on every backend role.
8. Breaches
In the event of a confidentiality incident involving personal information, we will notify affected individuals and the applicable supervisory authority (OPC under PIPEDA, CAI under Law 25) within the timelines required by law — currently as soon as feasible after determining a real risk of significant harm.
9. Changes
We will post any material change to this policy on this page and notify active account holders by email at least 14 days before it takes effect.
10. Contact
DentalVault Inc. Privacy Officer privacy@dentalvault.ca
For complaints, you may also contact the OPC or CAI directly using the links in section 6.