GDPR Compliant HIPAA Compliant Zero Data Storage

Privacy Policy

Last updated: June 24, 2026

Our Privacy Commitment — At a Glance

  • TopDental Institute is an informational platform. We connect dental professionals with educational resources, courses, mentors, and services.
  • We do NOT store, collect, or process any personal data on our own servers. We have no user accounts, no databases of personal information, and no tracking profiles.
  • We do NOT sell, share, or transfer your data to any third party.
  • Third-party services (e.g., analytics, embedded content) may have their own privacy practices — we disclose these below.
  • We are fully compliant with the EU General Data Protection Regulation (GDPR) and the US Health Insurance Portability and Accountability Act (HIPAA).

1. Nature of This Platform

TopDental Institute ("TopDental", "we", "us", or "our") operates exclusively as an informational and educational platform for the global dental community. Our website provides:

  • Educational content about dental courses, programs, and careers
  • Buyer's guides for dental equipment and products (editorial content only)
  • Information about dental colleges, mentors, and industry awards
  • Marketing services for dental practices (delivered by third-party providers)

We are not a data controller or data processor as defined by the GDPR. We do not create user accounts, require registration, store personal data, or maintain databases of user information. Our website is a publicly accessible informational resource.

2. Information We Do NOT Collect

To be completely transparent, we do NOT collect or store:

× Names or personal identifiers
× Email addresses or phone numbers
× Dental licenses or credentials
× Payment or billing information
× Location data or IP addresses
× Health or medical records (PHI)
× Browsing history or user profiles
× Cookie-based tracking profiles

3. Minimal Technical Data (Automatically Handled)

Like all websites, our hosting infrastructure (Vercel Inc.) and CDN may temporarily process certain technical data for security and performance purposes. This data is ephemeral and automatically purged:

  • Request headers (IP address, user agent) — retained for a maximum of 24 hours by our hosting provider for DDoS protection and abuse prevention
  • Access logs — automatically rotated and deleted within 24 hours

This data is processed under legitimate interest (GDPR Article 6(1)(f)) for network security. We do not access, analyze, or retain this data. Our hosting provider (Vercel) acts as an independent data controller for this ephemeral data. See Vercel's Privacy Policy.

4. Contact Form & Email Inquiries

When you use our contact form or send us an email:

  • Your message is delivered via standard email to rockson68@hotmail.com
  • The email and its contents are stored only in our email inbox (managed by Microsoft/Outlook)
  • No data is stored on our website or any website database
  • We may retain email correspondence for business records, as is standard practice
  • You may request deletion of your email correspondence at any time by emailing us

This processing is based on legitimate interest (GDPR Article 6(1)(f)) for responding to inquiries. If you provide health-related information in your correspondence, it is handled with HIPAA-level care and will not be disclosed.

5. Third-Party Services

Our website may use the following third-party services. Each has their own privacy practices:

Vercel Inc.

Website hosting & CDN

Privacy Policy →

Ephemeral request logs (24h retention)

Clerk

Authentication (if enabled)

Privacy Policy →

Only if user authentication features are activated

Supabase

Backend services (if enabled)

Privacy Policy →

Only if database features are activated

Microsoft Outlook

Email communication

Privacy Policy →

Email correspondence storage

We do not use advertising trackers, social media pixels, or third-party analytics that build user profiles.

6. GDPR Compliance (EU/EEA Users)

For individuals in the European Union, European Economic Area, or the United Kingdom:

Data Controller

TopDental Institute is not a data controller. We do not collect, store, or process personal data through this website. There is no personal data to access, rectify, erase, or port.

Legal Basis for Processing

To the extent any minimal technical data is processed by our hosting provider, it is under legitimate interest (Article 6(1)(f) GDPR) for network security and contractual necessity (Article 6(1)(b) GDPR) for hosting services.

Your Rights

Under GDPR, you have the right to access, rectification, erasure, restriction, data portability, and objection. Since we do not hold your personal data, these rights are inherently satisfied — there is nothing to access, correct, or delete. If you believe your data has been collected in error, contact us immediately and we will investigate.

Supervisory Authority

If you have concerns, you may lodge a complaint with your local Data Protection Authority (DPA). In India, the relevant authority is the Ministry of Electronics and Information Technology.

7. HIPAA Compliance

The Health Insurance Portability and Accountability Act (HIPAA) protects individually identifiable health information (Protected Health Information or PHI).

We do not create, receive, maintain, or transmit PHI. TopDental Institute is an informational platform for dental professionals. We do not provide healthcare services, handle patient records, or process any protected health information.

No Business Associate Agreement (BAA) is required because no PHI flows through our systems. Our platform does not meet the definition of a "covered entity" or "business associate" under HIPAA.

Editorial content disclaimer: Our buyer's guides, equipment reviews, and educational content are for informational purposes only and do not constitute medical advice, diagnosis, or treatment recommendations.

8. Cookies & Local Storage

Our website uses minimal, strictly necessary cookies only:

  • Session cookies: Temporary cookies that expire when you close your browser. Used for basic site functionality.
  • Theme preference: Stored in your browser's localStorage to remember your light/dark mode preference.

We do NOT use:

  • Third-party tracking cookies
  • Advertising or marketing cookies
  • Social media tracking pixels
  • Cross-site analytics profiling

Because we only use strictly necessary cookies, cookie consent is not required under the EU ePrivacy Directive (Article 5(3)). You can clear cookies and local storage at any time through your browser settings. See our Cookie Policy for details.

9. Children's Privacy

Our content is intended for dental professionals, students, and individuals aged 18 and above. We do not knowingly direct any content to children under 13 (or under 16 in the EU). Since we do not collect personal data from anyone, this includes children. If you believe a child has provided personal data through our contact form, please contact us for immediate removal.

10. International Data Transfers

Since we do not collect or store personal data, there are no international data transfers from our platform. Our website is hosted on servers operated by Vercel Inc. (United States). Any ephemeral technical data (request logs) is processed in accordance with Vercel's data handling practices. Email correspondence may be processed by Microsoft's global infrastructure with appropriate Standard Contractual Clauses (SCCs).

11. Data Security Measures

Even though we do not store personal data, we implement robust security measures to protect our platform:

HTTPS Everywhere

All traffic encrypted with TLS 1.3 via HSTS preloading

Content Security Policy

Strict CSP headers prevent XSS, injection, and data exfiltration

No User Data at Risk

Since we store no data, there is nothing to breach or leak

Subresource Integrity

All external scripts verified with cryptographic hashes

Zero Third-Party Trackers

No analytics, pixels, or beacons that could leak data

Regular Security Audits

Headers, dependencies, and configurations reviewed regularly

12. Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices, technology, legal requirements, or other factors. The "Last Updated" date at the top indicates when this policy was last revised. Material changes will be communicated via a prominent notice on our website. We encourage you to review this policy periodically.

13. Contact Our Privacy Team

For privacy-related questions, data requests, or concerns about GDPR/HIPAA compliance:

Dr. Rockson Samuel — Data Protection Officer

TopDental Institute

Indira Dental Clinic, 3rd Floor, 54 Katpadi Main Rd

Gandhi Nagar, Vellore, Tamil Nadu 632006, India

Email: rockson68@hotmail.com

Phone: +91 70106 50063

We respond to all privacy inquiries within 30 days, in compliance with GDPR Article 12 timelines.