How long Connexy keeps any information collected through the Connexy Miroir that some U.S. state laws may treat as biometric, and how that information is destroyed. Applied out of an abundance of caution, in parallel with our broader Confidentiality Policy.
The original photograph is deleted within 24 hours. The simulated preview is deleted within 30 days. The consent audit record is retained indefinitely for legal purposes but never contains the image or the preview after they are destroyed. We never sell, lease, or share this information with the third-party image-processing service that generates the preview.
Connexy Inc. ("we," "us," "our") is a Canadian company headquartered in Montreal, Quebec, providing a smile-preview iPad system to dental clinics in the United States under the brand name Connexy Miroir. The Miroir is operated by clinic staff during in-chair patient consultations to generate a simulated visual preview of potential dental treatment outcomes.
Back to topThis policy applies, out of an abundance of caution, to information collected through the Connexy Miroir that one or more U.S. state biometric-information statutes might treat as biometric — even if Connexy's view is that the information falls outside those statutes' definitions of "biometric identifier." Specifically:
This policy does not cover non-biometric information such as the patient's name, email address, treatment preferences, or appointment details. That information is governed by the dental clinic's own privacy practices and by Connexy's general Confidentiality Policy at connexy.ca/confidentialitypolicy.
Back to topWe collect and process the patient's smile photograph for the sole purpose of generating a simulated visual preview of potential dental treatment outcomes. The preview is delivered to the patient by email and made available to the participating clinic to support informed consent and treatment-planning conversations.
The defensive denials in the "What we never do" block above apply to every photograph and preview collected under this policy.
Back to topWe share the smile photograph and the simulated preview only with the following parties, and only to the extent strictly necessary to deliver the Connexy Miroir service:
The third-party image-processing service that generates the preview receives only the anonymized image URL and rendering instructions. It never receives the patient's name or contact information.
We do not sell, lease, trade, or otherwise profit from any information covered by this policy. We do not disclose information covered by this policy to anyone outside the participating clinic and Connexy, except where required by law (for example, a valid court order or regulatory request).
Back to topWe apply a split retention schedule that minimizes how long sensitive information exists on our systems.
Deleted from Connexy's systems within twenty-four (24) hours of the preview being generated. The original photograph's only purpose is to feed the preview generation. Once the preview exists, the original serves no further purpose, and we delete it.
In addition, Connexy applies a one-hour expiration parameter on its image-upload calls so that the original photograph is removed from the third-party image-hosting service within one (1) hour of upload — a defense-in-depth measure on top of the 24-hour ceiling.
Retained for up to thirty (30) days from the date of generation, then automatically and permanently deleted. The preview is retained for this period solely to support the patient's follow-up conversation with the participating clinic.
Retained indefinitely as required for legal and audit purposes. The audit record contains only the timestamp, consent version, and cryptographic hash of the consent text shown — not the photograph or the preview, both of which are destroyed on the schedule above.
We may delete either the photograph or the preview sooner if (a) the patient requests deletion, (b) the patient withdraws consent, or (c) the immediate purpose has been fulfilled and continued retention serves no legitimate purpose.
Back to topThe 24-hour photograph deletion and the 30-day preview deletion are both executed by automated scheduled jobs from all primary and backup storage systems that Connexy controls. The third-party image-hosting service's transient copy of the photograph is removed on its own automated schedule, which does not exceed twenty-four (24) hours and is further constrained by Connexy's 1-hour expiration parameter described in Section 5.
Deletion is final and not reversible. Once an item is deleted under this policy, it cannot be restored from any Connexy system.
Back to topConnexy is a Canadian company headquartered in Montreal, Quebec. Patient data submitted through the Connexy Miroir is processed in the United States and in Canada. We use commercially reasonable safeguards — including encryption in transit, access controls, and contractual data-processing agreements with sub-processors — to protect the data regardless of which country it transits through.
Back to topIf you are a patient who has used the Connexy Miroir at a participating clinic, you have the following rights regarding the information covered by this policy:
To exercise any of these rights, email [email protected] with your full name and the name of the clinic where you used the Miroir. We will respond within thirty (30) days. If your dental clinic also holds your name and email in its own records, the clinic's privacy practices govern that data; you may need to contact the clinic separately for those records.
Back to topWe do not knowingly collect personal information from children under thirteen (13). Dental clinics must obtain verifiable parental or legal-guardian consent before using the Connexy Miroir with any patient who is under eighteen (18), or refrain from using the Miroir with that patient. The on-iPad consent flow requires the patient or guardian to confirm this before any photograph is captured.
Back to topWe use industry-standard security measures to protect the information covered by this policy while it is in our possession, including:
No method of transmission over the internet or electronic storage is one hundred percent secure. If a security incident occurs that affects information covered by this policy, we will investigate, take reasonable steps to mitigate harm, and notify the affected clinic within seventy-two (72) hours of discovery. We will assist the clinic with any further patient notification it is required to perform, document the incident and the steps taken to remediate it, and report to applicable regulatory authorities where required by law (including the U.S. Department of Health and Human Services for breaches affecting five hundred (500) or more individuals).
Back to topWhen a covered dental practice uses the Connexy Miroir in a manner that involves Protected Health Information under HIPAA, Connexy acts as a Business Associate of that practice.
BAA available on request. Connexy will execute a Business Associate Agreement with a covered practice upon written request to [email protected]. Under the BAA, Connexy processes Protected Health Information solely to provide the Connexy Miroir service and applies safeguards appropriate to the nature of the data.
We may update this policy from time to time. The "Last updated" date at the top reflects the most recent revision. Material changes will be announced on this page at connexy.ca/biometric-policy at least thirty (30) days before they take effect.
Back to topThis policy is intentionally narrow: it addresses only the photograph, the preview, and the destruction schedule applied to them. Connexy's broader handling of personal information — including how we collect clinic-owner contact data, how we advertise, how we share data with third-party platforms, and our HIPAA posture — is documented in our Confidentiality Policy.
If you have any questions about this policy, want to exercise one of the patient rights described in Section 8, or wish to request a Business Associate Agreement, please reach out. We acknowledge requests within five (5) business days and respond in full within thirty (30) days.