Legal Center

GDPR Privacy Notice (EU/EEA/UK)

This notice supplements our Privacy Policy and applies to individuals in the EU/EEA and the UK under the General Data Protection Regulation (GDPR) and the UK GDPR.

What personal data we process

• Identifiers: name, email, phone, country, account IDs.
• Content you upload: photos/videos (e.g., smile images), prompts, annotations, feedback.
• Generated outputs: AI-generated images/videos and related metadata.
• Technical data: IP address, device/browser info, logs, cookies and similar.
• Billing data (if applicable): transaction IDs, masked card details.

Special categories

Photos may incidentally include biometric or health-related traits (e.g., teeth, gums). We process such content only when you voluntarily upload it and on the basis of your explicit consent to provide the requested AI generation or review functionality.

Purposes & legal bases

• Provide services (account, content upload, AI generation, gallery/CRM) — Art.6(1)(b) Contract.
• Improve safety, prevent abuse/fraud — Art.6(1)(f) Legitimate interests.
• Analytics and product improvement (aggregate/limited) — Art.6(1)(f).
• Marketing with opt-in consent — Art.6(1)(a).
• Processing special-category content in photos — Art.9(2)(a) Explicit consent.

Retention

• Uploaded photos/videos: up to 30 days by default, longer if you save them to your account/CRM.
• Generated outputs: kept while your account stores them or as needed for the service.
• CRM requests: typically 24 months, or per your clinic’s retention rules.
• Logs: 12 months (security/diagnostics).

Sharing & processors

We share data with vetted processors strictly for service delivery, e.g., cloud hosting/CDN, storage, email, analytics, and AI inference providers. We do not sell personal data.

International transfers

Where data leaves the EEA/UK, we use approved safeguards such as the EU Standard Contractual Clauses (SCCs) and UK IDTA/Addendum.

Your rights

• Access, rectification, erasure, restriction, portability, objection, and withdrawal of consent.
• Lodge a complaint with your local supervisory authority.

Model training

We do not use your uploads or outputs to train our AI models unless you explicitly opt in.

Children

Services are not directed to children under 16 in the EEA/UK (or lower age where permitted by local law). Do not upload images of minors without parental/guardian consent.

Privacy Policy

This Privacy Policy explains how we collect, use, and share information when you use our websites, apps, and AI generation tools.

Information we collect

• Information you provide: account data, contact details, uploaded media (photos/videos), prompts, feedback, support requests.
• Automatically collected: device/browser data, IP address, approximate location, usage logs, cookies.
• From third parties: payment processors, single sign-on, anti-fraud tools.

How we use information

• Operate and improve the service, including AI photo/video generation and galleries.
• Communicate with you (support, updates, marketing if you opt in).
• Personalize features and content.
• Ensure security, prevent abuse, and comply with law.

AI media & user content

• You must have the right to upload any media. Do not upload content you do not own or do not have consent to use.
• Outputs may not be 100% accurate or clinically precise. Do not rely on outputs as medical advice.
• We may use automated systems to detect prohibited content (e.g., illegal, abusive, or unsafe material).

Cookies & similar technologies

We use essential cookies for login and session integrity, and optional analytics cookies to understand usage. You can control cookies via your browser or cookie banner settings.

• Essential (required for the site to work)
• Analytics/Performance (aggregate usage metrics)

Data sharing

• Service providers: hosting, storage, email, support, analytics, AI inference.
• Legal: to comply with law, enforce terms, protect rights and safety.
• Business transfers: in mergers, acquisitions, or asset sales, subject to this Policy.

Security

We implement administrative, technical, and physical safeguards appropriate to the risk (e.g., encryption in transit, access controls, logging). No method is 100% secure.

Data retention

We retain personal data only for as long as needed for the purposes described, or as required by law. See the GDPR section for typical timeframes.

Your choices

• Opt in/out of marketing communications.
• Manage cookies via browser and banner controls.
• Delete uploads/outputs from your account.

HIPAA & medical images

Unless we enter into a Business Associate Agreement (BAA) with your clinic, our service is not a HIPAA-covered service. Do not upload Protected Health Information (PHI) unless a BAA is in place.

CCPA/CPRA (California)

We do not “sell” personal information as defined by the CCPA/CPRA. California residents may request access/deletion and limit the use of sensitive personal information.

Changes

We may update this Policy from time to time. We will post the new date at the top and, where appropriate, provide additional notice.

Terms of Use

By using our services, you agree to these Terms. If you do not agree, do not use the services.

1. Service & accounts

• You must be at least 16 (or the minimum age in your jurisdiction) and have legal capacity to agree to these Terms.
• You are responsible for your account and for maintaining the confidentiality of your credentials.

2. User content & licenses

• You retain ownership of content you upload.
• You grant us a worldwide, non-exclusive, royalty-free license to host, process, and display your content solely to provide the services to you (and your organization/clinic if applicable).
• We do not use your content to train models unless you opt in separately.

3. AI outputs

• Outputs may be subject to third-party rights. You are responsible for your use of outputs.
• Outputs are provided “as is” and for illustrative purposes; they are not medical advice.

4. Prohibited uses

• Illegal activities, infringement, harassment, discrimination, or violating privacy/consent.
• Uploading others’ images without consent, or content that is unlawful or harmful.
• Attempting to reverse engineer the service or evade security measures.

5. Intellectual property

We own the service, software, designs, and trademarks. You may not copy or create derivative works except as permitted by law or a written license.

6. Termination

We may suspend or terminate access for violations or risks to the service. You may stop using the service at any time.

7. Disclaimers

THE SERVICE IS PROVIDED “AS IS” WITHOUT WARRANTIES OF ANY KIND. TO THE EXTENT PERMITTED BY LAW, WE DISCLAIM ALL IMPLIED WARRANTIES (MERCHANTABILITY, FITNESS, NON-INFRINGEMENT).

8. Limitation of liability

TO THE MAXIMUM EXTENT PERMITTED BY LAW, WE WILL NOT BE LIABLE FOR INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, EXEMPLARY, OR PUNITIVE DAMAGES, OR ANY LOSS OF PROFITS, DATA, OR GOODWILL.

9. Indemnity

You agree to indemnify and hold us harmless from claims arising out of your content or breach of these Terms.

10. Governing law & disputes

These Terms are governed by the laws of YOUR_GOVERNING_LAW, without regard to conflict-of-law rules. Disputes will be resolved in the courts of YOUR_VENUE unless otherwise required by mandatory law.

11. Changes to the Terms

We may update these Terms by posting a revised version with a new “Last updated” date. If changes are material, we will provide reasonable notice.

Contact

For privacy requests (access, deletion, objection, etc.) or general legal questions, contact us:

• Email (privacy): [email protected]
• Data Protection Officer: [email protected]
• Postal: SMILE DESIGN LLC, BURSA TURKEY

Please do not include sensitive information in email. We may ask you to verify your identity before fulfilling requests.