Privacy policy
Effective date: 31 July 2025
This Privacy Policy explains how AMV Consulting LLC (doing business as SmileInspector, “we“, “us“, “our“) collects, uses, shares, and safeguards your personal information when you visit https://smileinspector.io and any related marketing sub‑domains (collectively, the “Website“). It does not cover the SmileInspector SDK, APIs, or paid cloud services, which are subject to separate agreements.
1 Who we are
Controller AMV Consulting LLC
19125 North Creek Parkway, Suite 120, Bothell, WA 98011, USA
✉ support@smileinspector.io
2 What information we collect & why
| Category | Examples | Purpose | Lawful basis (EEA/UK) | Retention |
|---|---|---|---|---|
| Form data | Name, company, email, phone (optional), message | Respond to enquiries, schedule demos | Contract or Legitimate Interest | 24 mo after last contact |
| Newsletter opt‑in | Email, marketing prefs | Send updates & offers | Consent | Until unsubscribe |
| Usage & device | IP, browser, OS, pages, referrer, crash logs | Analytics & site security | Legitimate Interest (essential); Consent (analytics) | 13 mo (analytics), 12 mo (logs) |
| Advertising IDs | _fbp, _gcl_au, IDE, bcookie, td | Show/measure ads | Consent | 90 days – 13 mo |
| Session replay | FullStory fs_uid, fs_lua (masked) | UX debugging | Consent | 13 mo |
| Security cookies | spa-auth‑*, csrf-state* | Protect forms & login | Legitimate Interest | Session / ≤10 min |
We do not knowingly collect sensitive data or data from children (see § 11).
3 How we use data
Provide & secure the Website
Respond to enquiries and support requests
Send marketing emails if you opted‑in
Analyse usage to improve UX
Detect and prevent fraud/security incidents
4 Cookies & consent
We use cookies, pixels, and local‑storage. Our Cookie Policy lists each cookie and its lifetime. On first visit you’ll see a banner with Accept all / Reject all / Manage buttons. You can change choices anytime via the footer link.
5 Sharing & transfers
We share data only with trusted processors (Google Analytics 4, Mixpanel, FullStory, Microsoft Clarity, Meta, LinkedIn, Google Ads, UnrulyX, HubSpot) under GDPR‑compliant contracts. International transfers rely on the EU‑US Data Privacy Framework or Standard Contractual Clauses.
6 Your rights
Depending on your region you may access, correct, delete, restrict, port, or object to processing. Email us at support@smileinspector.io; we’ll reply within 30 days. U.S. state‑specific rights (CPRA, VCDPA, etc.) appear in the “U.S. State Privacy Addendum”.
7 Security
TLS 1.3 encryption, AES‑256 at rest, least‑privilege IAM, regular penetration tests, continuous monitoring.
8 Retention summary
Leads / forms → 24 mo
Marketing list → until opt‑out
Analytics → 13 mo
Logs → 12 mo
Consent records → 5 yrs
Legal/accounting → 7 yrs
9 Do‑Not‑Track / GPC
We honour Global Privacy Control signals as an opt‑out from advertising cookies. DNT is not yet standardised.
10 Children
Website not directed to <16 (EU) / <13 (U.S.). We delete any such data on notice.
11 Changes
We may update this Policy; new date = new version. Material changes → banner/e‑mail notice.
12 Contact
Questions? ✉ support@smileinspector.io