سياسة الخصوصية

Privacy Policy

Effective Date: March 12, 2026   |   Last Updated: June 5, 2026
Data Controller: Luma Brush Medical Equipment Trading LLC

Luma Brush ("we," "us," or "our") respects your digital privacy. This Unified Privacy Policy delineates our rigorous data practices across our Shopify-powered e-commerce store, our official website (www.lumabrush.ai), and the LumaBrush Mobile Application. We handle personal information in strict compliance with the UAE Personal Data Protection Law (PDPL), the General Data Protection Regulation (GDPR) for European users, the UK Data Protection Act 2018, and relevant platform security rules.

1. Data Controller Contacts

Legal Entity Name	Luma Brush Medical Equipment Trading LLC
Registered Corporate Address	M39 Musaffah, Abu Dhabi, UAE
Operational Hub Location	Dubai, United Arab Emirates
Privacy & Data Subject Emails	adm@agenticdental.com / info@agenticdental.com

 

2. Categories of Personal Data Processed

2.1 E-Commerce Operations (Website & Shopify Store):

• Contact Data: Full name, physical shipping address, billing address, phone number, and email address.

• Financial Information: Credit/debit card numbers, transaction confirmations, bank account variants, payment methods, and historical tracking details handled securely via tokenized payment architecture.

• Store Interaction Records: Navigational tracking, items placed in digital carts, wishlist logs, product evaluations, and customer support communications.

2.2 Mobile Application & Smart Device Metrics:

• Account Credentials: Name, email address, password strings (stored in completely encrypted form), or unique authentication tokens from third-party login providers (Apple ID, Google, Facebook).

• Intraoral Camera Media Data: Raw video feeds streams, photo footage captured by your hardware camera during an active oral scan session, still frames extracted for machine analysis, and meta-logs (scan length, timestamp, coverage zones).

• AI-Derived Dental Analytics: Generated dental fitness indicators, plaque mapping indicators, gum wellness assessments, comparative longitudinal timelines, and score change metrics.

• Diagnostic App Data: Unique phone IDs, operating system profiles, network latency metrics, crash dumps, IP location pointers, and signal indicators.

3. Purposes & Legal Bases for Processing

We strictly process data based on legitimate legal pillars defined under global data protection laws:

• Contractual Performance: Processing order configurations, facilitating shipping routes, tracking financial clearings through Shopify, managing accounts, and resolving hardware warranty inquiries.

• Explicit Consent: Gathering, transferring, and processing raw intraoral video feeds and generating dental reports via our AI server architecture. Consent is explicitly given by initiating a scan inside the application framework.

• Legitimate Interests: Refining our machine vision artificial intelligence model using completely anonymized and de-identified video frames; identifying corporate fraud patterns; capturing web traffic metrics; and executing target marketing paths where opted-in.

• Statutory Obligations: Satisfying UAE commercial accounting, anti-money laundering, and corporate record keeping laws.

4. Special Category Data: Health Protections

Because your intraoral visual clips and AI dental reports infer indicators regarding your physical biological health, Luma Brush prioritizes this as Special Category / Sensitive Personal Data.

• Mandatory Consent: Processing occurs only under explicit, granular consent provided when executing a scan. You can withdraw your consent instantly by terminating your scan activities and requesting deletion of your files.

• Rigorous Access Boundaries: Health information is walled off from standard corporate lines, restricted to authorized automated backend engines, and is never sold, leased, or disclosed to third-party advertising registries or broker networks.

5. Data Disclosures & Third-Party Processors

We share your information solely with trustworthy vendor networks bound by stringent data processing protocols:

• Shopify Inc.: Hosts our e-commerce environment, analyzing transactional interactions to scale checking safety and delivery paths.

• Infrastructure & AI Clouds: Secure cloud servers (such as AWS) hosting data layers, and specialized isolated AI computer vision engines parsing visual files under strict data boundaries.

• Communication Carriers: Delivery gateways orchestrating transactional order alerts, push notifications (Apple APNs / Google FCM), and opted-in SMS/WhatsApp text pipelines. No medical metrics or video streams are ever leaked to these carriers.

• Legal Mandates: Disclosing data to official law enforcement bodies or UAE regulatory courts only when forced by binding judicial summons or anti-fraud protocols.

6. Cross-Border International Transfers

As an internationally active entity headquartered in the United Arab Emirates, Luma Brush routinely transfers personal details across state lines, including storage systems based in the United States, United Kingdom, and the European Economic Area (EEA). To guarantee continuous legal data safety, all data exports outside the source country utilize European Commission Standard Contractual Clauses (SCCs), adequacy findings, and heightened physical controls for health-related metrics.

7. Structural Retention Timelines

Data points are retained only to fulfill original functional purposes or satisfy local statutory rules:

• Profile & E-Commerce Histories: Preserved throughout your active account relationship, plus a 3-year trailing window following explicit account termination or prolonged platform absence.

• Raw Intraoral Video Assets: Automatically and permanently deleted from our servers within 12 months of generation. Processed statistical matrices or completely anonymized frames are decoupled from your profile for separate AI tuning.

• AI Metrics and Progress Scores: Retained through the lifespan of your active profile to drive long-term user tracking; completely wiped out within 90 days of an account closure command.

• Corporate Compliance & Tax Records: Retained for 7 years to fulfill legal and audit provisions under UAE commercial laws.

8. Data Subject Legal Rights

Subject to your geographical location (e.g., GDPR / UAE PDPL rules), you hold actionable legal entitlements over your profile metrics:

• Right of Access & Portability: Secure copies of all structural records, tracking scores, and financial lines can be exported.

• Right to Rectification & Deletion: Instantly updating profile elements or issuing an absolute data erasure notice.

• Right to Object & Opt-Out: Terminating marketing permissions via embedded unsubscribe links or managing store configurations in the Shopify Privacy Portal.

To file an authorized data request, email our privacy desk at adm@agenticdental.com or info@agenticdental.com. We verify identities and fulfill requests within a 30-day window.

9. Operational Privacy Policy Revisions

We dynamically adjust this Privacy Policy to align with technical features or statutory laws. Material policy adjustments will be highlighted across the Website interface, broadcasted via in-app banner alerts, or sent directly to your registered contact email address.