Terms and conditions

Service Provider

The Oralsnap Service is operated by Vladyslav Pereverzyev, based in Italy. All official communications take place through the dedicated Service contacts indicated below.

For Italian legal obligations, the Owner's complete personal and fiscal data are publicly available at the Bolzano Chamber of Commerce Business Register and can be requested via email at info@oralsnap.com.

Oralsnap Trademark

The name "Oralsnap", the logo, the visual identity and all distinctive elements of the Service are exclusively owned by Vladyslav Pereverzyev and currently under registration as a commercial trademark. Any unauthorized use of the name, logo or graphic elements referable to Oralsnap - including imitations, similar trademarks or misleading domains — is expressly prohibited and prosecutable by law.

Infrastructure and server localization

Service data is hosted on cloud infrastructures located in the European Union:

• Primary servers: Germany (GDPR-compliant data centers).
• Security backup: France (GDPR-compliant data centers).

This choice ensures that most of the managed data remains within the European Economic Area. For more technical details on security measures, encryption, access controls and architecture, consult the Security & Data Protection Overview.

Definitions and nature of the Service

In this document:

• "Service": the Oralsnap mobile application (iOS and Android), access via browser through public links, and all related functionalities.
• "User": anyone using the Service as described in Section 03.
• "Professional User": dentist, dental technician, dental hygienist, clinic or laboratory.
• "Patient": natural person whose clinical data is the subject of the Professional User's work, or recipient of shared content.
• "NFC Tag": physical Near Field Communication label associable with an object.
• "Public link": URL generated by the app that allows viewing of a patient folder, online tag or object, accessible via browser without login.

Types of users

Oralsnap is intended for four distinct categories of users, each with different responsibilities and functionalities:

Professional Users (Profiles 01–03) must be of legal age (18+) and duly authorized in their country of practice. Patients can access shared content without registration, only via a public link provided by their professional.

Acceptance and right of deletion

Installation, registration or use of the Service constitutes full and unconditional acceptance of these Terms.

Access by Patients to a public link shared by a professional constitutes acceptance of only the applicable sections (in particular Sec. 11 and 32). A Patient who does not wish to view the content may simply close the browser.

Browser access and public links

In addition to the mobile applications (iOS and Android), the Service is also accessible via web browser through public links generated by the app. Public links may contain:

• Patient folder — a collection of clinical images, notes and objects associated with a case.
• Online tag — the page of an NFC tag with information about the associated object.
• Single object — the page of a specific product, prosthetic or material.

Content visibility rules

App content is private by default. It becomes visible via browser only in the following cases:

1. Active sharing: the Professional User explicitly decides to share content with another user or with a patient, generating a link.
2. Content made public: the Professional User explicitly marks the folder, tag or object as "public".

The Professional User can at any time revoke a public link from the app settings, making the content immediately no longer accessible via browser.

Territorial scope and applicable laws

Oralsnap is distributed internationally via Apple App Store, Google Play and web browser. The User acknowledges that, in their country of practice, sector-specific health, privacy and data protection regulations may apply that are not covered by this document and for which the User is solely responsible.

Oralsnap is NOT a medical device

Oralsnap is an operational tool for NFC technology in the dental sector. Images, cases and objects managed via the Service have exclusively organizational and operational value, never diagnostic.

• No Service function provides diagnostic support, automated clinical decisions, or medical artificial intelligence algorithms.
• Intraoral camera filters are a photographic aid, not a diagnostic tool.
• The presence of clinical images in the app does not constitute an official health record.
• The patient's clinical record must be maintained on certified management systems.

Patient data — prohibition on identifiers

To identify patients in the app, the Professional User must use internal codes, aliases, initials or sequential numbers whose link to real identity remains exclusively at the practice or laboratory.

Practical examples

• Correct: "Patient #1284 — upper arch impression"
• Correct: "Case M.R. — prosthetic rehabilitation"
• Incorrect: "Mario Rossi born 04/12/1968"
• Incorrect: photographs showing the patient's full face, documents, health cards

Consent form — sole responsibility of the professional

Before uploading any image, clinical data or material referable to a patient into the application, the Professional User must mandatorily collect the patient's written informed consent at their practice or laboratory, via specific consent form.

The consent form must, at minimum:

1. Inform the patient that clinical images and anonymous data will be stored on a third-party application (Oralsnap).
2. Specify the purposes of processing (case management, sharing with the laboratory, professional archive).
3. Indicate retention periods and patient rights (access, rectification, deletion, portability).
4. Include information on non-EU transfers (see Section 13).
5. Specify possible sharing of content via public links (see Section 05).
6. Be dated, signed in original and kept by the practice for the period required by regulations.

Consent form template — trilingual downloadable

As a free operational aid, Oralsnap makes available to its Professional Users an indicative consent form template in PDF format, structured according to GDPR requirements. The document is available in three languages within the same file: English, Italian and German.

Minor patients

In the case of minor patients (under 18 or the age of majority provided by the applicable country), the consent form must be signed by both parents or by the minor's legal guardian.

For minors under 14 (EU) or 13 (some countries), additional protections apply under Art. 8 GDPR. The Professional User must ensure that the minor's photographic and clinical documentation never includes direct identifying elements (full face, name, school).

The Service is not accessible as a Professional User to minors under 18.

Patients as recipients of public links

When a Patient accesses a public link generated by the Professional User:

• Becomes a view-only User.
• Accesses via browser without registration.
• Cannot modify, delete or add content.
• Is subject to minimum privacy and applicable law clauses.
• Can request link revocation from the professional at any time.

The Professional User is responsible for the decision to share such links and for having obtained patient consent for sharing. Oralsnap generates the link technically, but does not control or assume responsibility for the content published by the professional.

GDPR roles and Data Processing Agreement

Pursuant to the GDPR:

• The Professional User is the Data Controller.
• Oralsnap is the Data Processor for technical operations.

Upon written request, Oralsnap makes available a Data Processing Agreement (DPA) compliant with Art. 28 GDPR. DPA request: info@oralsnap.com.

Non-EU data transfers

Some accessory technology providers (Firebase Authentication, RevenueCat, Meta/Google social login, Apple/Google distribution) may involve the transfer of personal data outside the European Union, mainly to the United States.

Such transfers take place on the basis of:

• Standard Contractual Clauses (SCC) approved by the European Commission with Decision (EU) 2021/914.
• EU-US Data Privacy Framework, where the provider is certified.
• Supplementary guarantees pursuant to the Schrems II judgment (CJEU C-311/18).

The choice not to enter identifying data (Section 08) is the main additional mitigating measure for this residual risk.

Subprocessors — third-party providers

To offer you a reliable, secure and continuously available Service, Oralsnap relies on a limited number of qualified technology providers. Each processes only the data strictly necessary for the purpose for which it was selected, pursuant to Art. 28 GDPR.

14.1 — List of active providers

Transfers to providers located outside the EU are regulated by the guarantees described in Section 13. Most clinical data remains in the European Union (see Section 01).

14.2 — Changes to the list of providers

Oralsnap may replace or add providers for reasons of security, cost, service quality or operational continuity. In such cases:

• The updated list will be published on this page with at least 30 days notice.
• The User will be informed via email and in-app notification.
• A User who does not accept the new provider can withdraw from the subscription without penalty within 30 days of notification, using the "Delete Account" function (Section 16).

14.3 — Contractual guarantees

Each provider is bound by contractual obligations of confidentiality, security and GDPR compliance. The respective privacy policies can be consulted directly on the providers' websites. To obtain a copy of Oralsnap's Data Processing Agreement (DPA) compliant with Art. 28 GDPR, simply write to info@oralsnap.com.

For technical details on adopted security measures (encryption, access controls, authentication, credential management), consult the Security & Data Protection Overview.

Login with social services (Facebook and Google)

Oralsnap allows registration and access via Facebook Login and Google Sign-In. When the User chooses one of these services:

• The data shared is the minimum necessary (email, public name, unique identifier).
• Oralsnap does not receive the User's password.
• The third-party provider's terms and privacy notice also apply.
• The User can revoke authorization at any time from the social account settings.

Any service disruptions, blocks or policy changes by Meta or Google that prevent access are not attributable to Oralsnap.

Download your data and Delete account

Within the application, in the Profile section, two essential functions for controlling your data are available at all times:

Knowing what data we have on you

If the User wants to know exactly what data Oralsnap retains on their account, the fastest and most transparent way is to download the backup via the "Download my data" function. The file contains everything the Service has stored and allows for direct and complete verification, without the need for formal requests.

When we recommend deleting the account

If the User does not agree with even one section of these Terms, with Oralsnap's policies, with the third-party providers used, or with any aspect of the Service, we recommend using the "Delete Account" function.

What happens after deletion

• Operational data (images, profile data, tags, objects) is deleted immediately.
• Any active public links are deactivated within minutes.
• Security backups are rotated and data not recoverable within 30 days.
• Billing data managed by App Store, Google Play and RevenueCat may be retained for legal tax obligations (10 years).
• Anonymized technical logs may be kept for security purposes for up to 12 months.

Retention and portability

• Active account data: for the entire duration of the subscription.
• Data after subscription expiration: 90 days of archiving, then deletion (see Section 24).
• Security backups: daily encrypted backups kept up to 30 additional days after account expiration.
• Access and audit logs: 12 months.
• Billing data: 10 years for fiscal obligations.

User responsibility

The User assumes full responsibility for:

• Safeguarding their access credentials.
• Maintaining confidentiality of the link between internal code and real patient identity.
• Collecting and retaining patient signed consent forms.
• Updating the application to the latest available version.
• Using devices protected with screen lock, biometrics or PIN.
• Promptly reporting unauthorized access or device loss.
• Verifying compliance of their use with the regulations of the country in which they operate.
• Being professionally authorized to practice their dental activity.
• Using the app with a sense of responsibility, especially when generating public links and sharing content.

Practice account and collaborators

The current version of the Service provides for one account per device. When the account is registered to a practice or laboratory:

• The practice/laboratory owner is the main User and contractual responsible party.
• Any employees or collaborators using the device act under the owner's responsibility.
• The owner must ensure that each collaborator knows and respects these Terms.

Subscription plans

Oralsnap is offered with a freemium model articulated in four plans, billed via App Store or Google Play with technical management via RevenueCat.

Monthly cycles are also available (Basic €14, Pro €25, Enterprise €45). Prices do not include any applicable local taxes.

Price changes over time

• Notice of at least 30 days via email and in-app notification.
• The new price applies from the next renewal cycle.
• The User can cancel the subscription without penalty.
• Promotional or launch prices are not guaranteed as permanent.

Right of withdrawal (EU consumers)

Pursuant to Directive 2011/83/EU and the Italian Consumer Code (Legislative Decree 206/2005), consumers residing in the EU have the right to withdraw within 14 days of purchase, without reason.

However, pursuant to art. 16(m), the right of withdrawal lapses when execution of the digital Service begins with the User's express consent. Refund requests are managed via Apple App Store and Google Play.

Automatic renewal and cancellation

All paid subscriptions involve automatic renewal. Management of renewal, cancellation and refund occurs via the purchase platform, with tracking via RevenueCat.

In case of failed payment, the system makes up to 3 charge attempts. After the grace period, the account is downgraded to the FREE plan.

Data lifecycle at expiration

1. Days 0–7 — Full access. Renewal notification via email and in-app.
2. Days 7–30 — Read-only mode. Cannot create new items or write to NFC tags.
3. Days 30–90 — Archived data. Renewal automatically restores them.
4. From day 90 — Permanent deletion. No recovery possible.

It is the User's sole responsibility to export their data before expiration, via the "Download my data" function (see Section 16).

Single device restriction

Each Oralsnap account can be used on one active device at a time. Access from a new device automatically disconnects the previous one. Each device change generates a security email notification.

Browser access via public links is not subject to this restriction, as it does not require authentication.

NFC tags — exclusively extra-oral use

Commercial NFC tags are electronic devices containing silicon chips, metal antennas and adhesives that are not certified as medical devices, are not biocompatible and are not sterile. Intra-oral use would entail serious risks for the patient:

• Accidental choking or ingestion.
• Allergic or toxic reactions to non-biocompatible materials.
• Interference with other medical devices (e.g. pacemakers).
• Lesions of oral mucous membranes.
• Bacterial contamination.

Permitted use (extra-oral)

• Labeling of plaster or 3D printed models stored in the laboratory.
• Identification of trays, boxes and cases containing prosthetic cases.
• Tracking of finished prosthetics during transport between practice and laboratory.
• Identification of stored impressions, articulators, instruments.
• Laboratory materials and products inventory.

Prohibited use

• Insertion of the tag inside removable prosthetics that go in the mouth.
• Application on orthodontic appliances, bites, aligners intended for intra-oral use.
• Any positioning that brings the tag into contact with saliva, mucous membranes or oral tissues, even temporarily.
• Use in patients with pacemakers without preliminary medical evaluation.

The User who violates this Section assumes full civil and criminal responsibility for any damage to the patient, releasing Oralsnap and its representatives from any compensation claim.

Tags can be rewritten, deleted, damaged by intense magnetic fields, high temperatures, chemicals or wear. Double security archiving is recommended for the most important cases.

Security and service availability

27.1 — Technical security measures

Oralsnap adopts technical and organizational security measures reasonably appropriate to the state of the art:

• Encryption in transit via HTTPS/TLS.
• Authentication managed by Firebase Authentication.
• Biometric support (Face ID, Touch ID, fingerprint).
• Daily database backups.
• API rate limiting.
• Monitoring of access attempts and blocking after 5 consecutive errors.
• Audit log of administrative actions.

27.2 — Service availability SLA

Oralsnap aims to guarantee an annual availability of 99.5%, excluding scheduled maintenance windows and force majeure events. Failure to meet this does not entitle automatic refunds, but may be subject to credit upon motivated request.

27.3 — Vulnerability reporting (responsible disclosure)

Any security vulnerabilities should be reported to info@oralsnap.com. Oralsnap will not take legal action against those who report in good faith and without causing damage or exfiltrating data.

Residual risks and cyber attacks

28.1 — Fundamental premise

28.2 — Types of risk (illustrative list)

By way of example and not exhaustively, the following events outside Oralsnap's control could occur:

• Hacker attacks: brute force, SQL injection, DDoS, ransomware, zero-day exploits.
• Data breach of third-party providers: Firebase, RevenueCat, Brevo, Meta, Google, Apple.
• Phishing or social engineering against the User or their collaborators.
• Loss or theft of the User's device.
• Interception on unprotected public Wi-Fi networks.
• Physical tampering with NFC tags (rewriting, replacement, cloning).
• Software bugs not known at the time of development.
• Data center incidents (fires, floods, extensive blackouts).
• Internal violations at third-party providers.
• Forced requests by Italian or foreign government authorities.
• Sudden blocks or policy changes by Apple, Google, Meta or Firebase.

28.3 — Importance of pseudonymization

Precisely in consideration of these residual risks, the fundamental indication of Section 08 is essential and non-negotiable: never enter direct patient identifying data into the application. Even in case of security breach, pseudonymized data (codes, aliases, clinical images without references) would not be traceable to the patient's real identity, significantly reducing the breach impact.

28.4 — Security incident management

In case of a security incident involving personal data, Oralsnap undertakes to:

1. Notify affected Users within 72 hours of discovery (Art. 33 GDPR).
2. Communicate with competent authorities (Italian Data Protection Authority).
3. Provide operational guidance to mitigate the effects of the incident.
4. Maintain maximum transparency throughout the management process.

Suspension, ban and termination of the relationship

29.1 — Cases of suspension or termination

Oralsnap reserves the right to temporarily suspend or permanently terminate the User's account in the following cases:

• Violation of Sections 08 (identifying data), 09 (failure to obtain consent) or 26 (intra-oral use of NFC tags).
• Sharing credentials with third parties.
• Using the Service for illegal activities, fraud, counterfeiting or violation of others' rights.
• Attempts at unauthorized access, reverse engineering, attacks on the Service or bypassing subscription limits.
• Recurring non-payment.
• Repeated non-compliance with other clauses of these Terms.
• Death of the Professional User, upon formal communication from heirs.
• Measures by competent authorities (Italian or foreign).

29.2 — Suspension procedure

For violations of lesser severity, Oralsnap will first send a warning notice via email to the registered address, indicating the violation and the deadline for regularizing the situation (usually 7 days).

For serious violations — in particular those relating to Section 26 (intra-oral use of NFC tags) or systematic entry of identifying data (Sec. 08) — suspension can be immediate and definitive, without notice.

29.3 — Effects of suspension

Suspension involves:

• Immediate blocking of access to the app and User's data.
• Deactivation of all any active public links.
• Possibility to export data within 30 days of suspension, upon motivated request.
• No refund of subscription fees already paid.
• Any legal action in case of damage to third parties or the Service.

29.4 — Voluntary account closure

The User can voluntarily close their account at any time via the "Delete Account" function in the app (see Section 16). Voluntary closure involves immediate and definitive data deletion, subject to legal retention obligations.

Beta and experimental features

Oralsnap may release functionalities in beta or experimental version, offered "as is", without warranty of operation or continuity.

• The User accepts possible bugs, malfunctions, data loss or interruptions.
• No right to refunds or credits.
• Beta functions can be withdrawn at any time without notice.
• Do not use beta functions for critical or irrecoverable data.

App Store, Google Play, warranties and indemnity

31.1 — Service provided "as is" (AS IS — NO WARRANTY)

In particular, Oralsnap does not warrant:

• The suitability of the Service for a particular purpose or for the specific needs of the User.
• The absence of errors, bugs, vulnerabilities or software malfunctions.
• The uninterrupted continuity or absence of Service interruptions.
• Compatibility with all devices, operating systems, mobile versions or hardware/software configurations of the User.
• The correct operation of NFC technology with all types of tags on the market.
• Compliance with sector-specific regulations of countries in which the User operates, other than those indicated in Section 06.
• Perfect cross-platform synchronization between devices and app versions.

The User accepts that the Service is an operational tool and that, in case of critical or particularly important needs, independent verifications and backups are recommended.

31.2 — Territorial restrictions and export control

The User also undertakes not to use the Service for purposes prohibited by US or Italian regulations on the export of technologies, goods or software, and not to make the Service available to subjects who are in such countries or lists.

This declaration is required because Oralsnap is distributed via Apple App Store and Google Play, subject to US law on export, and uses technology providers (Firebase, RevenueCat, Apple, Google, Meta) subject to the same regulations.

31.3 — Apple Clause (iOS users)

When the User acquires the Service via Apple App Store:

• These Terms constitute an exclusive agreement between the User and Oralsnap. Apple Inc. is not a party to this agreement.
• Apple has no obligation to provide maintenance or support on the app.
• Apple is not responsible for any claims relating to the app, including claims for product liability, regulatory compliance or intellectual property infringement.
• Apple and its subsidiaries are third party beneficiaries of these Terms.

31.4 — Google Clause (Android users)

Use via Google Play is also subject to the Google Play Terms of Service. In case of conflict, Google's Terms prevail for distribution and payment.

31.5 — Indemnity (hold harmless)

The User agrees to indemnify, defend and hold harmless Oralsnap (Vladyslav Pereverzyev) and its collaborators from any claim, demand, legal action, damage, loss, cost or expense (including reasonable legal expenses) arising from:

• Violation by the User of these Terms.
• Failure to collect consent from the patient (Section 09).
• Entry of identifying data in violation of Section 08.
• Intra-oral use of NFC tags in violation of Section 26.
• Generation or improper sharing of public links (Section 05).
• Violation of third party rights (privacy, image, intellectual property).
• Use of the Service for illegal or non-professional purposes.
• Claims from patients of the Professional User.
• Violation of export control restrictions (Section 31.2).

31.6 — Oralsnap's limitation of liability

To the maximum extent permitted by applicable law, Oralsnap will not be responsible for:

• Data loss caused by User error, device malfunction, suspension or cancellation of subscription.
• Indirect, consequential damages, loss of profit, loss of clients, reputational damage.
• Clinical, diagnostic or therapeutic decisions made on the basis of data stored in the app.
• Malfunctions, blocks, policy changes or data breaches of subprocessors (Firebase, RevenueCat, Brevo, Meta, Google, Apple).
• Consequences of non-acceptance of the Service by Apple App Store or Google Play.
• Force majeure events.

31.7 — Maximum liability cap

In any case, except for cases of willful misconduct or gross negligence provided by non-derogable regulations, the overall maximum liability of Oralsnap towards the User is limited to:

• Paying users: the amount actually paid by the User for the Service in the 12 months preceding the harmful event.
• FREE users: maximum amount equal to 50 euros.

These limits do not apply in cases in which non-derogable law does not allow their exclusion, in particular for personal damage or conduct constituting a crime.

31.8 — Force majeure

Oralsnap is exempt from any liability for non-fulfillment or delays arising from force majeure events, including by way of example: pandemics, acts of war, terrorism, state attacks or large-scale cyber attacks, natural disasters, network blackouts on a national or continental scale, prolonged interruptions of App Store, Google Play, Firebase, RevenueCat, Brevo or other critical subprocessors, measures by Italian or foreign public authorities imposing Service suspension.

Changes, applicable law and contacts

Changes to terms

Oralsnap reserves the right to modify these Terms at any time. Substantial changes will be communicated with at least 30 days notice via email and in-app notification.

Applicable law

These Terms are governed by Italian law. For consumer users residing in the EU, the non-derogable protections provided by the law of the country of habitual residence remain valid.

Competent court

For any dispute arising from the interpretation or execution of this agreement, the parties will attempt an amicable composition. In case of failure to reach an agreement:

• For EU consumers: court of the consumer's place of residence.
• For professionals and other Users: Court of Bolzano (BZ), Italy.

EU resident Users can also use the European Commission ODR platform for online dispute resolution.

Severability clause

If any clause is declared null, invalid or unenforceable, the nullity will not extend to the remaining clauses.

Contacts

For any request — technical support, privacy, GDPR, DPA, security, billing, withdrawal or complaints — Oralsnap's official contact is: