Qatar PDPPL
CompliantQatar Personal Data Privacy Protection Law (Law No. 13 of 2016)
Trust Center
Compliance, controls,
and the receipts.
Toothmatrix — multi-tenant dental lab SaaS is built for clinics, labs and regulators who need to verify — not take our word for it. PDPPL · SOC 2 Type II · ISO 27001:2022 · GDPR · HIPAA-aligned. One audit pack. One PDF.
Tip: the audit pack and DPA require a free Toothmatrix account so we can scope your tenant. Sign in.
Frameworks & certifications
SOC 2 Type II
Controls implementedAICPA SOC 2 Type II — Security, Availability, Confidentiality
External audit · Q3 2026
ISO/IEC 27001:2022
Controls implementedISO/IEC 27001:2022 — Information Security Management Systems
External audit · Q4 2026
EU GDPR
AlignedEU General Data Protection Regulation (2016/679)
US HIPAA
AlignedHealth Insurance Portability and Accountability Act
Subprocessors
We use a short, intentional list of vendors. Each is bound by a written Data Processing Agreement. Customers receive 30 days' notice before any new subprocessor is added to this list.
| Vendor | Purpose | Data classes | Location | |
|---|---|---|---|---|
| MongoDB Atlas | Primary application database | case data, user identifiers, audit logs | Multi-region (configurable) | Privacy |
| Stripe, Inc. | Credit-card processing for credit pack top-ups | payment card metadata (PCI tokens only), billing address | United States / Ireland | Privacy |
| Google (Gmail SMTP) | Outbound transactional email (magic-link, invoices) | recipient email, case metadata | United States | Privacy |
| Twilio Inc. | SMS + WhatsApp lab-alert notifications (optional) | phone number, case status updates | United States / EU | Privacy |
| Emergent Cloud | Application hosting + Kubernetes runtime | all application data (encrypted at rest) | Multi-region | Privacy |
| Cloudflare, Inc. | DNS, DDoS protection, CDN | IP address (24-hour retention) | Global edge | Privacy |
Company
- Legal entity
- Toothrocket Labs / Toothmatrix
Doha, Qatar
Founded · 2024
Data Protection Officer
For data-subject access requests, deletion, portability, or any PDPPL/GDPR right.
dpo@toothrocket.comSecurity disclosure
security@toothrocket.com — responsible disclosure rewarded
security@toothrocket.comUptime target · 99.9% (rolling 90-day) · Last updated 2026-06-12
Build v1.0.55·55 production releases·shipped 2026-02-11
