Privacy Policy

1. Who we are

This Privacy Policy applies to Dra. Paola Chicue's dental clinic ("we", "us", "our"), located at Calle 6 #76-22 Local 33, Centro Comercial Capri, Cali, Valle del Cauca, Colombia. We operate the website at calismiledesign.com and provide cosmetic and restorative dentistry services to local and international patients.

For privacy questions or to exercise your rights, contact us at paolachicuemejorsonrisa@gmail.com or via WhatsApp at +57 301 383 4658.

2. Information we collect

We only collect data you actively share with us through our virtual consultation form, WhatsApp, or email:

• Identifying information: full name, WhatsApp number, email address.
• Treatment context: the treatment you are interested in and any notes or smile goals you choose to share.
• Optional photos: images you voluntarily upload of your teeth or smile.
• Marketing attribution: UTM parameters (source, medium, campaign) when you arrive from a tracked link.
• Technical data: standard server logs (IP address, user agent, timestamps) handled by our hosting provider for security and abuse prevention.

3. How we use your information

• To prepare a personalized treatment plan and respond to your consultation request.
• To coordinate your visit (appointments, VIP Concierge logistics, follow-up care).
• To send transactional messages by email or WhatsApp (quotes, reminders, post-treatment instructions).
• To improve our services and measure marketing performance in aggregate.
• To comply with legal, accounting, and clinical record-keeping obligations.

We never sell your personal data and we do not use it for unrelated advertising.

4. AI-assisted triage

To respond faster, the information you submit through the virtual consultation form is processed by an AI assistant (AWS Bedrock) that drafts a preliminary reply for our staff to review. The AI does not send anything to you automatically — every message is reviewed and approved by a human at our clinic before delivery. Your data is not used to train third-party AI models.

5. Where your data is stored

Your data is stored on Amazon Web Services (AWS) infrastructure in the United States, with encryption at rest (DynamoDB) and encryption in transit (HTTPS/TLS). Email is delivered through AWS Simple Email Service (SES). We retain consultation records for as long as needed to deliver care and to meet our legal obligations, typically up to 5 years, after which we securely delete them.

6. Cookies and similar technologies

Our site uses minimal cookies and local storage strictly required to render the site (e.g., language preference). We also use Google Analytics 4 to understand how visitors find and use the site. Analytics cookies are off by default — they are only set after you click "Accept analytics" in the on-screen consent banner. Until then, Google Consent Mode reports only anonymous, cookieless modeled signals. We never use advertising, remarketing, or personalization cookies.

Embedded third-party services we may load: Google Maps (clinic location), YouTube / Instagram (testimonial videos), Google Fonts (Material Symbols icons), and WhatsApp (concierge link). Visiting their content may set their own cookies under their respective policies.

7. Sharing your information

We share your data only with:

• Authorized clinical staff who participate in your care.
• Service providers acting on our instructions (AWS for hosting and email, payment processors when applicable) under written agreements that require confidentiality.
• Authorities, when required by law or to protect our rights.

8. Your rights

You can exercise the following rights at any time, free of charge:

• Access: request a copy of the personal data we hold about you.
• Correction: ask us to fix incomplete or inaccurate information.
• Deletion: request that we erase your data, subject to legal retention obligations.
• Withdraw consent: stop receiving WhatsApp or email communications.
• Portability: receive your data in a structured, commonly used format.
• Object: oppose specific uses of your data when applicable.

To exercise any right, write to paolachicuemejorsonrisa@gmail.com. We respond within 15 business days.

9. Security

We apply administrative, technical, and physical safeguards proportional to the sensitivity of your data: TLS encryption, encrypted databases, restricted staff access, audit logs, and regular reviews. No method is 100% secure, so we encourage you not to share sensitive medical history through public channels.

10. International transfers

If you contact us from outside Colombia, your data will be transferred to and processed in jurisdictions (such as the United States) that may have different data protection rules. We rely on AWS contractual commitments and standard data protection clauses to keep your data safe regardless of where it is processed.

11. Children's privacy

We do not knowingly collect data from minors under 18 without parental or guardian consent. If you believe a minor has shared data with us without authorization, please contact us so we can remove it.

12. Changes to this policy

We may update this policy to reflect changes in our practices or applicable law. The "Last updated" date at the top will always show the latest revision. Significant changes will be communicated via a banner on this site or by email when appropriate.

13. Governing law

This policy is governed by Colombian Law 1581 of 2012 on Personal Data Protection ("Habeas Data") and its regulations. Where applicable, we also align with GDPR principles for European visitors and CCPA principles for California residents.