Privacy policy

Effective date: 31 July 2025

This Privacy Policy explains how AMV Consulting LLC (doing business as SmileInspector, “we“, “us“, “our“) collects, uses, shares, and safeguards your personal information when you visit https://smileinspector.io and any related marketing sub‑domains (collectively, the “Website“). It does not cover the SmileInspector SDK, APIs, or paid cloud services, which are subject to separate agreements.

1  Who we are

Controller  AMV Consulting LLC
19125 North Creek Parkway, Suite 120, Bothell, WA 98011, USA
✉  support@smileinspector.io

2  What information we collect & why

CategoryExamplesPurposeLawful basis (EEA/UK)Retention
Form dataName, company, email, phone (optional), messageRespond to enquiries, schedule demosContract or Legitimate Interest24 mo after last contact
Newsletter opt‑inEmail, marketing prefsSend updates & offersConsentUntil unsubscribe
Usage & deviceIP, browser, OS, pages, referrer, crash logsAnalytics & site securityLegitimate Interest (essential); Consent (analytics)13 mo (analytics), 12 mo (logs)
Advertising IDs_fbp, _gcl_au, IDE, bcookie, tdShow/measure adsConsent90 days – 13 mo
Session replayFullStory fs_uid, fs_lua (masked)UX debuggingConsent13 mo
Security cookiesspa-auth‑*, csrf-state*Protect forms & loginLegitimate InterestSession / ≤10 min

We do not knowingly collect sensitive data or data from children (see § 11).

3  How we use data

  • Provide & secure the Website

  • Respond to enquiries and support requests

  • Send marketing emails if you opted‑in

  • Analyse usage to improve UX

  • Detect and prevent fraud/security incidents

4  Cookies & consent

We use cookies, pixels, and local‑storage.  Our Cookie Policy lists each cookie and its lifetime.  On first visit you’ll see a banner with Accept all / Reject all / Manage buttons.  You can change choices anytime via the footer link.

5  Sharing & transfers

We share data only with trusted processors (Google Analytics 4, Mixpanel, FullStory, Microsoft Clarity, Meta, LinkedIn, Google Ads, UnrulyX, HubSpot) under GDPR‑compliant contracts.  International transfers rely on the EU‑US Data Privacy Framework or Standard Contractual Clauses.

6  Your rights

Depending on your region you may access, correct, delete, restrict, port, or object to processing.  Email us at support@smileinspector.io; we’ll reply within 30 days.  U.S. state‑specific rights (CPRA, VCDPA, etc.) appear in the “U.S. State Privacy Addendum”.

7  Security

TLS 1.3 encryption, AES‑256 at rest, least‑privilege IAM, regular penetration tests, continuous monitoring.

8  Retention summary

  • Leads / forms → 24 mo

  • Marketing list → until opt‑out

  • Analytics → 13 mo

  • Logs → 12 mo

  • Consent records → 5 yrs

  • Legal/accounting → 7 yrs

9  Do‑Not‑Track / GPC

We honour Global Privacy Control signals as an opt‑out from advertising cookies.  DNT is not yet standardised.

10  Children

Website not directed to <16 (EU) / <13 (U.S.).  We delete any such data on notice.

11  Changes

We may update this Policy; new date = new version.  Material changes → banner/e‑mail notice.

12  Contact

Questions? ✉ support@smileinspector.io