Privacy policy

Privacy Policy for Dossa API and NCM5

Effective Date: October 1st 2025

 

 

Section 1 — Introduction

Dossa Tech LLC (“Company,” “we,” “us,” or “our”) is committed to protecting the privacy and security of all individuals and clinics who use our products, including the Dossa API software and the NCM5 device (collectively, the “Services”).

This Privacy Policy explains:

• what information we collect,
  
  
• how we use and protect it,
  
  
• how long we retain it,
  
  
• your rights regarding your information, and
  
  
• the limited circumstances under which it may be shared.
  
  

By creating an account, using the Dossa API, or operating the NCM5 device, you agree to the practices described in this Privacy Policy. If you do not agree, you must discontinue use of the Services.

Section 2 — Information We Collect

We collect only the information necessary to operate and provide the Services.

2.1 User/Account Information
 When you create an account or subscribe, we may collect:

• Name
  
  
• Email address
  
  
• Clinic information
  
  
• Specialty
  
  
• Payment information (processed securely through Stripe or Apple; we do not store full payment card details)
  
  

2.2 Device and Technical Information
 We may collect limited device and technical data for security, licensing, and performance purposes, such as:

• Device identifiers (e.g., iPad ID)
  
  
• Login credentials and authentication data
  
  
• Usage logs (access times, account actions, error reports)
  
  

2.3 Patient and Scan Data
 When you use the NCM5 device or Dossa API, you may collect or input patient information, which may include Protected Health Information (PHI) such as:

• Scan results and thermographic data
  
  
• Clinical notes or observations entered by the user
  
  
• Historical scan comparisons and related records
  
  

⚠️ The Company does not collect or require patient names or direct identifiers. Patient data remains under the control of the clinic.

2.4 No Sale of Data
 We do not sell, rent, or trade user, clinic, or patient data under any circumstances.

Section 3 — How We Use Information

We use the information we collect solely to provide, maintain, and improve the Services. Specifically:

• To provide and operate the Services (accounts, billing, scan storage, device licensing)
  
  
• To maintain security and prevent unauthorized use
  
  
• To communicate with you (updates, billing, support, policy changes)
  
  
• To comply with legal or regulatory obligations
  
  

We do not share user or patient data with third parties, except:

• where disclosure is required by law, regulation, or court order; or
  
  
• where the Company enters into a formal NDA and contract with a trusted partner (e.g., compliance auditors, service providers) to ensure data remains secure and confidential.
  
  

Section 4 — Data Retention

• Data is retained for as long as your subscription remains active and in good standing.
  
  
• After termination, data may remain accessible for up to 30 days for export.
  
  
• After this period, the Company may either delete the data or retain it securely at its discretion.
  
  
• Backups and logs may be retained for compliance, security, or business continuity.
  
  

Section 5 — Security Practices

• The Company uses industry-standard safeguards to protect data.
  
  
• However, no system is 100% secure, and we cannot guarantee absolute security.
  
  
• You are responsible for securing your devices, login credentials, and network connections.
  
  
• The Company is not responsible for the security of third-party applications or services you connect to the Software.
  
  

Section 6 — User Rights

• You may request access to, or correction of, your personal information.
  
  
• You may request deletion of your data, but the Company may retain copies as needed for legal, security, or business continuity purposes.
  
  
• You may export your data while your subscription is active or within the 30-day post-termination window. After that, data may be permanently deleted.
  
  
• These rights may be limited if fulfilling them would violate another party’s rights, conflict with legal obligations, or compromise the Services’ security.
  
  

Section 7 — Children’s Privacy

• The Services are intended for use only by individuals 18 years or older.
  
  
• We do not knowingly collect or permit accounts for minors.
  
  
• Clinics are responsible for compliance with applicable laws if entering data related to minors.
  
  

Section 8 — Changes to This Privacy Policy

• The Company may update this Privacy Policy at any time.
  
  
• Notice of changes will be provided via in-app notice, email, or posting on our website.
  
  
• Continued use of the Services after changes constitutes acceptance of the revised policy.
  
  

Section 9 — Contact Information

If you have questions, concerns, or requests regarding this Privacy Policy or your data, contact us at:

Dossa Tech LLC
 Email: info@dossatech.com

Contact

Should you have any questions about our privacy practices or this Privacy Policy, or if you would like to exercise any of the rights available to you, please call or email us at alextabick@gmail.com or contact us at 880 Leff St, APT, 16, San Luis Obispo, CA, 93401, US