سياسة الخصوصية Privacy Policy

NABD is an integrated digital platform for dentists and dental students, offering professional, educational, and community services in a single app. NABD is operated by MIRCADO LLC ("we", "us", "the provider").

In this document, "user" or "you" refers to any person who uses the NABD app or related services.

This policy applies to:

• The NABD mobile application (iOS and Android).
• The website nabd.world and its subdomains.
• Backend services we operate in connection with the app.

It does not apply to third-party services you may reach through our app; each has its own privacy policy.

We collect only the data needed to operate and improve the service. Main categories:

a. Account and identity

• Name, phone number, email, profile photo.
• Professional verification data (syndicate membership number, specialty, images of your union card or professional ID captured via NFC or optical reading during onboarding).
• One-time codes (OTP) sent over SMS.

b. Biometric data (optional)

To verify identity, we may compare your live selfie against the photo on your membership card. Images are processed for verification only and we do not retain biometric templates within our systems.

c. Device and diagnostic data

• Device ID, operating system and version, device model.
• IP address and connection information (country, ISP).
• Crash logs and diagnostics.

d. Usage and analytics

• Features you use and screens you visit in the app.
• Session timestamps, duration, interaction events.

e. Payment data

All payments are processed by licensed payment gateways. We do not store card data or payment secrets on our servers. We receive only the transaction ID and status.

f. User-generated content

• Posts, comments, and community contributions.
• Photos and files you upload voluntarily.
• Conversations with the AI assistant.

g. Clinic data (if you use the feature)

If you use the clinic-management tools, you may enter data about your clinic, appointments, or limited patient information. You are the controller of this data; our role is limited to providing secure infrastructure for storage.

h. Location

We may request location permission for specific features. You can deny permission and the rest of the app will continue to work.

i. Push notifications

We use push tokens to deliver service notifications. You can disable them at any time in your system settings.

• Create and maintain your account and verify your professional identity.
• Deliver core services inside the app.
• Process payments through secure payment gateways.
• Power the AI assistant to answer your questions.
• Send operational notifications and messages related to your account.
• Detect fraud and abuse and protect the integrity of the system.
• Analyze performance to improve the experience (on aggregated, de-identified data whenever feasible).
• Comply with legal obligations.

• Performance of contract: to provide the services you request.
• Legitimate interests: to secure and improve the service and prevent fraud.
• Consent: for access to camera, location, notifications, or biometric data — which you may withdraw at any time.
• Legal obligation: where required by applicable law.

We share the minimum data necessary with trusted service providers that operate the platform. Each provider is bound by a data-protection agreement limited strictly to the declared purpose.

We may disclose data in response to binding legal requests (judicial or regulatory), and will endeavor to notify you where legally permitted.

• Account data: for the life of your active account and a reasonable period afterwards for legal compliance.
• Verification data (ID/biometric images): deleted shortly after verification succeeds or fails.
• Financial transaction records: retained per accounting compliance requirements (up to 7 years).
• Crash logs and analytics: retained for limited periods, then aggregated or deleted.
• User-generated content: retained until you delete it or the account is removed.

We apply technical and organizational measures to protect your data:

• TLS encryption for all external communications.
• Encryption of sensitive data at rest.
• Principle-of-least-privilege access for administrators.
• Certificate pinning in the app to defend against man-in-the-middle attacks.
• Periodic security reviews and monitoring for suspicious activity.

You have the right to:

• Access the data we hold about you.
• Correct inaccurate data.
• Delete your data ("right to be forgotten"), within legal limits.
• Port your data in a machine-readable format.
• Withdraw consent at any time.
• Restrict or object to processing.
• File a complaint with a competent supervisory authority.

To exercise any of these rights, contact privacy@nabd.world. You can also delete your account from inside the app via Settings → Account → Delete account.

NABD is designed for dental professionals and students (typically 18+). We do not knowingly collect data from children under 13. If we learn of such data, we will delete it promptly. If you are a parent or guardian and believe your child has provided us with information, please contact us.

Your data may be processed in data centers located in other countries, depending on where our cloud providers operate. We ensure appropriate legal safeguards for cross-border transfers, including contractual commitments with providers.

We may update this policy from time to time. For material changes, we will notify you through the app or by email before the changes take effect. The most recent update date is listed at the top of this page.

For any privacy question or to exercise your rights: