Legal

Privacy Policy

Last updated: June 2026

Tahsin.ai is committed to protecting the privacy of the dental clinics we serve and the patients they interact with. This policy explains exactly what data we collect, how we use it, and your rights under UAE law.

1. What We Collect

When a patient contacts your clinic through Tahsin.ai — on WhatsApp, Instagram Direct Messages, or Facebook Messenger — we collect only the information needed to handle that booking or enquiry. This includes: • Name and the messaging identifier used to reach you (WhatsApp phone number, Instagram handle, or Facebook profile name) • Appointment request details (preferred date, time, service type) • Enquiry messages (e.g. "how much does a cleaning cost?") We do not collect medical history, diagnoses, treatment records, prescriptions, insurance information, or any clinical health data. Tahsin.ai is a booking and enquiry tool — not a health records system. We also collect clinic account information provided during onboarding (clinic name, connected channel accounts, services, operating hours, pricing).

2. Lawful Basis for Processing

We process personal data under the following lawful bases in accordance with UAE Federal Decree-Law No. 45 of 2021 on Personal Data Protection (PDPL): • Contractual necessity — processing is required to fulfil the booking or enquiry requested by the patient or clinic • Legitimate interest — to operate, maintain, and improve the Tahsin.ai service on behalf of the clinic We do not process personal data for marketing purposes without explicit consent.

3. How We Use Your Information

We use collected information solely to operate the Tahsin.ai service on behalf of your clinic: • To respond to patient enquiries and process appointment bookings • To generate booking summaries and daily reports for clinic owners • To configure and maintain your clinic's AI knowledge base • To provide technical support and account management We do not sell, rent, or share your clinic's data or patient contact information with any third parties for marketing purposes.

4. Data Storage & Security

All data is encrypted in transit (TLS 1.2+) and at rest (AES-256). We use enterprise-grade cloud infrastructure with SOC 2 compliant providers. Patient booking and enquiry data is stored for the duration of your clinic's active subscription. We do not retain individual patient conversation records beyond what is required to provide the reporting service agreed with your clinic.

5. Sub-Processors

To deliver the service, we use the following sub-processors who may process personal data on our behalf: • Meta Platforms Ireland Ltd. (WhatsApp Business API, Instagram Graph API, and Messenger Platform API) — message delivery and reception across all three channels • Cloud infrastructure provider — hosting, storage, and compute • Billing provider — subscription management (does not receive patient data) All sub-processors are bound by data processing agreements and are required to maintain appropriate security standards.

6. Data Retention

Booking and enquiry data is retained for the duration of your subscription plus 30 days after termination, after which it is permanently deleted. Clinic configuration data (knowledge base, settings) is deleted within 30 days of account closure upon request. You may request deletion of specific data at any time by contacting us.

7. Your Rights

As a Tahsin.ai clinic, you have the right to: • Access all data we hold about your clinic and its bookings • Request correction of inaccurate information • Request deletion of your data • Export your data in a standard format • Withdraw consent at any time by cancelling your subscription To exercise any of these rights, contact us at team@tahsinai.com or on WhatsApp at +971 54 371 9842.

8. Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to individuals, we will: • Notify the UAE Data Office within 72 hours of becoming aware of the breach • Notify affected clinic owners without undue delay • Provide details of the nature of the breach, data affected, and steps taken to address it We maintain an internal incident response process and conduct regular security reviews to minimise breach risk.

9. Children's Data

Tahsin.ai is intended for use by dental clinics to handle adult patient enquiries and bookings. Clinics must not use the service to process personal data of patients under the age of 18 without appropriate parental or guardian consent, as required by applicable law.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will notify clinic owners via WhatsApp at least 14 days before changes take effect. Continued use of Tahsin.ai after notification constitutes acceptance of the updated policy.

12. Tahsin.ai Clinic Dashboard App (Mobile)

The Tahsin.ai mobile app ("the App") is available on Android via Google Play. The App is used exclusively by clinic staff and owners — not by patients. DATA COLLECTED BY THE APP: • Email address and password — for clinic staff login • Biometric authentication data — processed entirely on your device by the operating system; we never receive or store biometric data on our servers • Device push notification token (FCM) — used to deliver new patient message alerts to your device; stored on our servers and associated with your account • Crash reports and app performance data — collected via Sentry and used solely to fix bugs; automatically redacted of patient PII before transmission • App usage breadcrumbs — tab navigation events stored locally in Sentry for debugging; not shared with third parties DATA NOT COLLECTED BY THE APP: • Precise location • Contacts or call logs • Photos, camera, or microphone (unless you send a voice note via chat) • Device identifiers beyond FCM token ACCOUNT AND DATA DELETION: You may request deletion of your clinic account and all associated data by emailing team@tahsinai.com. Your account and all data will be removed within 30 days. THIRD-PARTY SDKS USED IN THE APP: • Sentry (sentry.io) — crash reporting; data stored in EU; see sentry.io/privacy • Supabase (supabase.com) — database and authentication; see supabase.com/privacy • Google Firebase / FCM — push notifications; see policies.google.com/privacy • Expo (expo.dev) — OTA updates delivery; see expo.dev/privacy BIOMETRIC DATA: The App offers optional biometric lock (fingerprint / Face ID). This authentication is handled entirely by your device's OS (Android Biometric API / iOS Face ID). Tahsin.ai does not access, store, or transmit any biometric data.

13. Contact

For any privacy-related questions or requests: Email: team@tahsinai.com WhatsApp: +971 54 371 9842 Tahsin.ai is operated from Abu Dhabi, United Arab Emirates.