Privacy policy

Document from April 8, 2020

Cephio sp. z o. o. [Ltd.] respects the privacy and personal integrity of its users and we always want to be transparent about how we process users’ personal information so that you can feel safe when you submit personal information to us. In accordance with the GDPR, we have created this Privacy Policy that among other things informs you about the types of information we collect, the purposes for which they are collected and the rights you have in relation to your personal information. This Privacy Policy may be updated from time to time at our discretion to take into account any change in our business practices, information policies or applicable law. In addition, Cephio will notify you of any such changes when signing in onto the service or where possible via the email you provided to us. If you continue to use the site after changes take effect, you agree to be bound by this Policy as amended. The latest updated version of the Policy will be posted on the relevant and publicly accessible page of this website. We therefore recommend that you review this Policy regularly because it governs how we handle your personal information.


By continuing to use or access the site, you are signifying that you agree to your personal information being processed in accordance with this Privacy Policy. In this Policy, capitalized terms or expressions have the meaning attributed to them in our Terms and Conditions.


Cephio sp. z o. o. [Ltd.], Poland is the data controller for the company’s processing of personal information.


The nature and scope of information collected via our website depends on the nature of your interaction with the website and the types of information you voluntarily choose to submit to us. Information we collect include:

  • Personal information: This is the type of information which can be used to contact or identify you as a specific person. It includes information that you personally choose to provide to us when you use the site including for example when you send us an email or fill in registration forms or make purchases on the site. While our website can be accessed openly, you may have to register to be able to access certain services and features. To complete your registration, we may collect personal information such as your name, email address, and telephone number. If you purchase Cephio via the site or subscribe to any of free trials, we may collect payment and business information. Payment information includes details of your preferred payment method such as credit card information (credit card number, expiration and CVV code) as well as business information such as name, email, phone number, name of company, company address and tax number. Note that Cephio does not store any payment information, all this information is handled by our payment processing partners, PayPal and/or Braintree, who assist us in processing your purchases on the site.

  • Information collected when you contact us: If you communicate with us via email, SMS, chat service or submit comments or feedback, your message may contain personal information such as your name and email address. This kind of information may be collected so that we can use it to respond to you and reply to your questions or enquiries.

  • Information collected via newsletter subscriptions and customer surveys: If you subscribe to our Cephio newsletter, promotions or news updates, please note that we may collect the email address that you provide to us in relation to such subscription. In other cases we may collect personal information when you take part in our customer surveys, giveaways or contests regarding our services and products. Note that taking part in surveys is optional and information is only collected to be able to provide with content that we think will be valuable to you based on your interests or preferences.

  • X-ray images: We allow users to upload and analyse anonymous patient X-Ray images from their devices for cephalometric analysis purposes. Please be aware however that images may contain sensitive personal information such as patient name and age, as well as geotags and the date the image was taken. Review your images before uploading them and make sure they don’t contain personal information that you do not want to share. Note that the patient specific information such as patient name are temporarily provided only for generating PDF or image reports. We do not store this information.

  • Information collected via cookies: In addition to information that you directly provide to us, we also collect non-personal information about site usage. Information collected using cookies include user’s internet protocol address, type of device used to view the site and its operating system, browser type and version, pages viewed on the site and date and time of visit. This information is collected passively with the use of cookies. To understand what cookies are, what they are used for and how to manage them, please read more at the Cookie section of this Privacy Policy.

  • Cookies: Our websites uses cookies and other identifiers together with information we have about you to provide a useful or personalised user experience. A cookie is a small file, usually containing a string of letter or numbers, saved on to a user’s device when the user visits a website. Cookies help to recognise the user’s device and remember user actions and preferences. Cookies do not collect personal information or install anything on users’ devices.

  • Session and persistent cookies: At Cephio we use two types of cookies: session and persistent cookies. Session cookies are temporary cookies that are used during your browsing session and expire as soon as you close your browser. Session cookies help to link user actions on the site so as to offer an easy and useful browsing experience. Session cookies help for example to remember your login information so that you do not have to log in repeatedly as you navigate around the site. They can also help to store and remember items that you have added in your shopping cart as you browse around the site. Persistent cookies are cookies that are stored on a user’s device for a longer period of time. They help to recognise user’s device, remember user preferences and choices across the site over time. We use persistent cookies to remember user preferences and actions on subsequent visits so as to offer a convenient and personalised experience of content, services or functionality. As part our commitment to transparency, we make our best effort to inform website visitors about the use of cookies on the site as soon as they access the site cookies and provide option to consent to or reject the use of cookies.

  • Managing cookies: Note that cookies can be blocked or deleted if you do not want them to be stored on your device. To block or delete cookies, please review your browsers security or privacy settings. Please note however that blocking certain cookies which are important for the site’s functionality may disable some features of the site and affect your overall browsing experience.


We use personal information for the following purposes:

  • Provide our services: We collect and certain personal information so as to be able to identify you as our customer and provide you with access to our website and cephalometric analysis services. These include completing your registration and maintaining your user account, managing your orders or subscriptions and providing customer support services.

  • Managing customer relationship: We also use your information to communicate with you as a customer and deliver relevant information or assistance to you.

  • Personalisation: To improve and customise our services and content in accordance with our users experience, preferences, interests, feedback or suggestions.

  • Safety and security: We process information so as to ensure safety of our platform and its users and prevent fraudulent use or abuse of our systems, or to enforce this Privacy Policy and our Terms and Conditions.

  • Marketing: When registering or subscribing, we will provide users with the choice of consenting to receive promotional or marketing communications. If you consent to receive marketing communications, we may use certain personal information to create, optimize, manage and deliver marketing communications or advertising campaigns for our products and services.

  • Promote and develop our services: We use usage data and statistics, cephalometric analyses results as well as customer feedback, comments or suggestions to assess the performance of our Cephio software program and website so to improve its usability and improve our business and/or develop new services, programs or features.

  • Service providers: Cephio works with a number of service providers who assist us in maintaining our platform and IT-environment. These include partners or providers who provide us with cloud hosting, email service delivery, payment processing, customer support and maintenance and support services. In certain cases, these providers may obtain access to certain personal information as is necessary for delivery of their services to us, or to our customers.

  • Business or asset transfer or sale: In the event that Cephio or its assets are sold, acquired by or merged with another business, customer information is typically one of the assets to be transferred or disclosed. In the event of such transactions, we will take reasonable efforts to inform of you of any such change in ownership using the email address you provided to us.

  • Disclosure of information for legal compliance purposes: Cephio may disclose information relating to your use of Cephio Platform when such disclosure is obligatory or required so as to comply with a legal obligation (for example, pursuant to a court order or mandatory request of law enforcement), to protect against unlawful, abusive or fraudulent use of the Cephio Platform, to safeguard Cephio’s rights or property, or enforce any legal agreement between you and Cephio.

Depending on the purpose and type of information, typically we process personal information on the following lawful grounds:

  • Performance of contract: We collect and use personal information where if it is necessary for performance of a contract to which you a party to or to take measures (negotiations, for example) before such agreement is concluded.

  • Consent: In certain cases, we will seek your prior consent before collecting information. Where you give us consent to process personal information for specific purposes (for example in relation to direct marketing purposes), in such cases you have the right to withdraw your consent at any time.

  • Legitimate interest: We may use personal information where it is necessary in our legitimate business interest on a condition that your integrity is adequately protected. This includes the disclosure of personal information to our service partners to enable them to deliver services to you on our behalf, the use of personal information for platform development and marketing purposes, as well as to maintain and develop security of our digital platform.

  • Compliance with the law: Processing is necessary to comply with legal obligation to which we are subject to. This covers situations where we are compelled to retain or disclose personal information pursuant to a legal process or obligation.

We may include links to websites and online services run by third parties. These websites many collect your personal information when you visit or use them in accordance with their privacy policies which may be different from ours. Note that links to third party services and websites appearing on our platform are provided for convenience and information purposes only and does not constitute express or implied recommendation or endorsement whatsoever on any aspect of those sites or services. Because we do not manage, control own or otherwise recommend those third party services and websites, we do not accept responsibility regarding how they handle your personal information.


We do our best to protect your integrity by processing your information in a precautionary, lawful and transparent manner and we take appropriate and necessary protective measures to safeguard your information against theft, unlawful access, modification or disclosure. Cephio has taken appropriate technical, physical, legal and organisational security measures to protect your integrity. These include the use of standard encryption, access controls, and maintaining backups of stored personal information. Note however that there is no digital service or system that is completely secure against all threats. While we strive to promote security of our platform and your information, we do not make or offer any warranty or guarantee, express or implied, of security.


We retain personal information as long as it is necessary to fulfil the purposes for which they were collected or for as long as applicable law permits, including example for tax or audit compliance purposes. This means, to the extent permitted by applicable law, we may retain certain personal information even where your customer relationship ends. For direct marketing purposes, we may retain and use certain personal and anonymous information for up to 2 years following the end of your customer relationship with us.


Your personal informal is processed within the European Union (EU) and European Economic Area (EEA). Our servers are located in Amsterdam, The Netherlands. Our platform is however available globally and because of the nature of digital services, we may, in certain cases allow processing (transfer or access) of personal information outside of EU/EEA for legitimate business interests. Where information is processed outside of EU/EEA on our behalf, Cephio will take reasonable efforts to protect your privacy by ensuring that the country to which data is transferred provides an adequate level of protection and through data processing and confidentiality agreements.


We process personal information in a lawful, transparent and open way in relation with you and ensure that your information is correct and updated. In accordance with the GDPR and applicable laws, you have the following rights in relation to your personal information.

  • You have the right to access certain information collected by us from you and obtain additional information about purposes for which it is collected or basis of processing. This right applies only to information directly provided by you. It does not apply to information collected from third parties or through the use of cookies, analytics or similar technologies. You can access and update some of your information via Cephio’s settings dashboard. If you want access to additional information, you are welcome to contact us with your specific questions or request. In those cases where you have the right to obtain additional information, you have the right to order a copy of that information we process about by contacting us via email at: A copy of that information will provided free of charge. Please note we must confirm your identity before you obtain access to your information.

  • You have the right to request correction of or erasure of your information that you believe is incorrect or outdated and additionally, you have the right to demand the erasure of your information if there exists no legal basis for its processing. Under certain circumstances, you have the right to limit or restrict the processing of your personal information. Please note that the right to demand erasure or deletion of personal information may be subject to applicable data retention laws including for example where personal information must be retained in relation to tax and audit purposes, or legal proceedings or criminal investigations.

  • You have the right to request us to transfer information that provided directly to us to another data controller if it is technically possible. Such information will be transferred in a commonly used, structured and machine-readable format.

  • In certain cases, you have the right to object to processing of your information for certain purposes including for example against direct marketing purposes or where your information has been collected unlawfully.


Cephio users residing in the State of California have certain rights, under the California Consumer Privacy Act, relating to the use of their personal information. Upon a verifiable request, you have the right to: (a) access and know the types of information collected about you, the sources from which such is information is collected and the business purposes for use or collection; (b) right to know if your personal information is being shared, disclosed or sold to third parties; as well as (c) the right to opt-out of the sale of consumer personal information. If you would like make a data request, you can fill out contact forms on our website. If we receive your data request, we will do our best to provide such information to you within forty five (45) days.


For requests, questions or enquiries about this Policy, please contact us via: email at, or via Facebook.