StraightFiles

Privacy Policy

Last updated: 2026-06-07

1. Overview

This application provides a client-side interface for managing orthodontic and clinical image files stored locally in the browser or in third-party cloud storage services such as Microsoft OneDrive.

The application is designed with a client-first architecture. We do not operate a traditional backend storage system and do not host user files.

2. Data Storage Model

The application supports two storage modes:

Local Storage

  • Files and related data are stored locally in the user's browser (e.g. local storage or IndexedDB)
  • Data never leaves the user's device unless explicitly uploaded to a connected cloud provider

Cloud Storage (BYOS)

  • The application integrates with third-party storage providers such as Microsoft OneDrive via Microsoft Graph API
  • Files remain in the user's own storage account and are not copied or stored by us

3. Data We Do Not Store

We do not permanently store:

  • Images, photos, or medical records
  • Patient data or clinical files
  • File contents from local or cloud storage
  • Directory structures or file metadata
  • IP addresses or device identifiers
  • User activity logs

4. Server-side Processing (Transient Data Handling)

While the application is primarily client-side, limited server-side processing is used to enable integration with Microsoft OneDrive.

When cloud features are used, our backend may temporarily process the following data:

  • File and folder names (which may include personal data such as patient names)
  • Directory structure information from OneDrive
  • Operational commands such as listing folders, renaming files, deleting files, and file management actions

This data is:

  • Processed only in memory
  • Not stored in any database or persistent storage
  • Discarded immediately after the request is completed

5. Authentication & Access Tokens

When connecting to Microsoft OneDrive:

  • Authentication is handled via Microsoft OAuth and Azure App permissions
  • Access tokens are used only during active sessions
  • Tokens are not stored on our servers

6. Third-Party Services

The application integrates with third-party services, including:

  • Microsoft OneDrive (via Microsoft Graph API)

Your use of third-party services is governed by their respective privacy policies:

We are not responsible for data handling practices of third-party providers.

7. Security

We apply standard security practices to protect communication between the client, backend relay services, and third-party APIs.

However, no system can guarantee absolute security, and users are responsible for securing their own accounts and devices.

8. Data Processing Role

We act as a technical intermediary facilitating user interactions with external storage providers. We do not control or own user data stored in third-party systems.

9. Changes to This Policy

We may update this Privacy Policy from time to time. Continued use of the application constitutes acceptance of the updated version.