Smile Konnect Legal
These terms describe how Smile Konnect enables PHIPA-ready communication between dentists, clinic teams, and their patients. By creating an account or using the services you agree to the commitments below.
Last updated: November 17, 2025
Smile Konnect is a PHIPA-aligned workspace for Canadian dental groups. Every workspace is provisioned to a clinic or dental service operator that has executed a services agreement with Smile Konnect.
The platform is designed for intra-clinic messaging, onboarding, and file exchange between dentists, clinic administrators, and their registered patients. Emergency use is prohibited and the platform does not replace in-person clinical judgement.
The Next.js frontend currently runs with mock authentication for demos while the NestJS API enforces JWT, MFA, and audit logging. When connected to production services you must ensure all staff use hardware- or app-based MFA.
You are responsible for safeguarding credentials, devices, and clinic-issued hardware used to access Smile Konnect.
Accounts are role-based (admin, dentist, patient). Users must: (a) configure MFA, (b) only access data for patients under their care, and (c) immediately report suspected compromise to Smile Konnect support at privacy@smilekonnect.ca.
Prohibited actions include uploading malware, attempting to circumvent security controls, scraping or reselling platform data, or storing non-dental PHI for unrelated clinics. Smile Konnect may suspend access to preserve system integrity.
Clinic teams must maintain valid consent before collecting or sharing personal health information (PHI).
Clinics retain ownership of their PHI while granting Smile Konnect a limited licence to host, process, and transmit data solely to provide the services.
Built-in consent modals (EnhancedConsentDialog) capture approvals before starting chat sessions or sharing media. Clinics must configure the wording to reflect their internal policies. Additional consent terms may reference the consent definitions stored in the backend consent domain so that legal language stays versioned.
Need the details on privacy handling? Read our Privacy Policy and PHIPA Compliance Statement.
Smile Konnect provides 24/7 infrastructure monitoring with a 99.5% monthly uptime target.
We may introduce new features, modify interfaces, or discontinue beta capabilities. Material changes to privacy or data handling will be communicated via in-app notifications and email.
Infrastructure is hosted on Canadian cloud providers with encrypted backups. Email, SMS, and video services rely on audited sub-processors that are contractually bound to PHIPA/HIPAA standards.
Smile Konnect may suspend or terminate access if accounts become delinquent, breach obligations, or pose a security risk.
Upon termination we provide 30 days of read-only access to export PHI. After that window data moves to encrypted archival storage for the remainder of statutory retention periods.
Patients can deactivate self-service accounts at any time. Clinics remain responsible for downstream medical record retention.
These terms are governed by the laws of Ontario and the federal laws of Canada as applicable.
Revisions take effect 30 days after posting unless they relate to urgent security, compliance, or product updates that require immediate enforcement. The "Last updated" date is noted near the top of every document.
Questions can be sent to privacy@smilekonnect.ca. Include clinic identifiers, impacted patients (if any), and a callback number so we can respond promptly.