Effective Date:
Effective Date:
10 - 01 - 2026
10 - 01 - 2026
Last Updated:
Last Updated:
07 - 01 - 2026
07 - 01 - 2026
1. Introduction
1. Introduction
Curo Twin (“Curo Twin”, “we”, “us”, “our”) operates Login.Dental, a global, multi-tenant password management platform (“Services”). Login.Dental enables organisations to securely store, manage, share, and audit access to credentials and related access data.
This Privacy Policy explains how personal data is collected, processed, stored, shared, and deleted when individuals access our website or use Login.Dental.
Login.Dental is built on a Zero-Knowledge security architecture, meaning Curo Twin does not have access to users’ plaintext credentials, master passwords, or encryption keys.
We comply with applicable data protection and privacy laws in the jurisdictions where the Services are made available, including the UK General Data Protection Regulation (UK GDPR), the Australian Privacy Act 1988, and applicable United States privacy laws.
Curo Twin (“Curo Twin”, “we”, “us”, “our”) operates Login.Dental, a global, multi-tenant password management platform (“Services”). Login.Dental enables organisations to securely store, manage, share, and audit access to credentials and related access data.
This Privacy Policy explains how personal data is collected, processed, stored, shared, and deleted when individuals access our website or use Login.Dental.
Login.Dental is built on a Zero-Knowledge security architecture, meaning Curo Twin does not have access to users’ plaintext credentials, master passwords, or encryption keys.
We comply with applicable data protection and privacy laws in the jurisdictions where the Services are made available, including the UK General Data Protection Regulation (UK GDPR), the Australian Privacy Act 1988, and applicable United States privacy laws.
2. Scope and Applicability
2. Scope and Applicability
This Privacy Policy applies to:
Website visitors
Prospective customers and trial users
Customers using Login.Dental
End users whose access is managed through Login.Dental
Communications with support and operational teams
Where Curo Twin processes personal data on behalf of customers, such processing is governed by contractual agreements, including a Data Processing Agreement (DPA).
This Privacy Policy applies to:
Website visitors
Prospective customers and trial users
Customers using Login.Dental
End users whose access is managed through Login.Dental
Communications with support and operational teams
Where Curo Twin processes personal data on behalf of customers, such processing is governed by contractual agreements, including a Data Processing Agreement (DPA).
3. Roles and Responsibilities
3. Roles and Responsibilities
Depending on context, Curo Twin acts as:
Data Controller
For personal data related to:
Website usage
Account onboarding and administration
Billing and contractual relationships
Direct communications and support interactions
Data Processor
For personal data processed within Login.Dental on behalf of customers.
Customers act as Data Controllers for all credential data, user access data, and organisational data stored or managed within their Login.Dental environment.
Depending on context, Curo Twin acts as:
Data Controller
For personal data related to:
Website usage
Account onboarding and administration
Billing and contractual relationships
Direct communications and support interactions
Data Processor
For personal data processed within Login.Dental on behalf of customers.
Customers act as Data Controllers for all credential data, user access data, and organisational data stored or managed within their Login.Dental environment.
4. Zero-Knowledge Architecture
4. Zero-Knowledge Architecture
Login.Dental is designed using a Zero-Knowledge architecture.
This means:
Credentials and sensitive vault data are encrypted before being stored or transmitted.
Encryption and decryption occur using secrets known only to authorised users.
Curo Twin does not store, recover, or have access to master passwords or encryption keys.
Curo Twin cannot view, retrieve, or decrypt stored credentials.
As a result, even authorised Curo Twin personnel cannot access customer vault contents.
Implications of Zero-Knowledge Design
Loss of user-managed secrets may result in irreversible loss of encrypted data.
Support services cannot recover passwords or decrypt vault contents.
Administrative access is limited to metadata, configuration, and audit information only.
Login.Dental is designed using a Zero-Knowledge architecture.
This means:
Credentials and sensitive vault data are encrypted before being stored or transmitted.
Encryption and decryption occur using secrets known only to authorised users.
Curo Twin does not store, recover, or have access to master passwords or encryption keys.
Curo Twin cannot view, retrieve, or decrypt stored credentials.
As a result, even authorised Curo Twin personnel cannot access customer vault contents.
Implications of Zero-Knowledge Design
Loss of user-managed secrets may result in irreversible loss of encrypted data.
Support services cannot recover passwords or decrypt vault contents.
Administrative access is limited to metadata, configuration, and audit information only.
5. Personal Data We Collect
5. Personal Data We Collect
a. Data provided directly
Name
Email address
Phone number
Organisation details
Role and access information
Support communications
b. Data collected automatically
IP address
Device, browser, and operating system details
Authentication events (login, logout, failures)
Usage activity and security logs
c. Customer-managed data (Processor role)
User profiles created by administrators
Role and permission assignments
Vault access metadata
Audit and activity logs
Important:
Stored credentials are encrypted and inaccessible to Curo Twin at all times.
a. Data provided directly
Name
Email address
Phone number
Organisation details
Role and access information
Support communications
b. Data collected automatically
IP address
Device, browser, and operating system details
Authentication events (login, logout, failures)
Usage activity and security logs
c. Customer-managed data (Processor role)
User profiles created by administrators
Role and permission assignments
Vault access metadata
Audit and activity logs
Important:
Stored credentials are encrypted and inaccessible to Curo Twin at all times.
6. Purpose and Legal Basis for Processing
6. Purpose and Legal Basis for Processing
Personal data is processed for the following purposes:
Purpose -User authentication and access control
Legal Basis - Contract
Purpose -Secure credential storage and management
Legal Basis - Contract
Purpose -Audit logging and security monitoring
Legal Basis - Audit logging and security monitoring
Purpose -Legitimate interest / Legal obligation
Legal Basis - Contract
Purpose -Credential sharing and access governance
Legal Basis - Contract
Purpose -Customer support and incident response
Legal Basis - Legitimate interest
Purpose -Compliance with legal obligations
Legal Basis - Legal obligation
Personal data is processed for the following purposes:
Purpose -User authentication and access control
Legal Basis - Contract
Purpose -Secure credential storage and management
Legal Basis - Contract
Purpose -Audit logging and security monitoring
Legal Basis - Audit logging and security monitoring
Purpose -Legitimate interest / Legal obligation
Legal Basis - Contract
Purpose -Credential sharing and access governance
Legal Basis - Contract
Purpose -Customer support and incident response
Legal Basis - Legitimate interest
Purpose -Compliance with legal obligations
Legal Basis - Legal obligation
7. Cookies and Similar Technologies
7. Cookies and Similar Technologies
Login.Dental uses essential cookies required for:
Authentication
Session management
Security enforcement
Non-essential cookies (such as analytics) are used only where permitted by law and subject to user choice.
Login.Dental uses essential cookies required for:
Authentication
Session management
Security enforcement
Non-essential cookies (such as analytics) are used only where permitted by law and subject to user choice.
8. Data Sharing and Sub-Processors
8. Data Sharing and Sub-Processors
Curo Twin does not sell, rent, or monetise personal data.
Personal data may be shared only with:
Cloud hosting and infrastructure providers
Security, monitoring, and logging services
Communication and notification providers
Legal or regulatory authorities where required by law
All sub-processors are contractually required to meet strict confidentiality, security, and data protection obligations.
Curo Twin does not sell, rent, or monetise personal data.
Personal data may be shared only with:
Cloud hosting and infrastructure providers
Security, monitoring, and logging services
Communication and notification providers
Legal or regulatory authorities where required by law
All sub-processors are contractually required to meet strict confidentiality, security, and data protection obligations.
9. International Data Transfers
9. International Data Transfers
Login.Dental is a global service. Personal data may be processed or stored in multiple jurisdictions.
Where cross-border transfers occur, appropriate safeguards are applied, including:
Standard Contractual Clauses (SCCs)
International Data Transfer Agreements (IDTA)
Other lawful mechanisms recognised by applicable law
Login.Dental is a global service. Personal data may be processed or stored in multiple jurisdictions.
Where cross-border transfers occur, appropriate safeguards are applied, including:
Standard Contractual Clauses (SCCs)
International Data Transfer Agreements (IDTA)
Other lawful mechanisms recognised by applicable law
10. Data Retention
10. Data Retention
Personal data is retained only for as long as necessary to:
Operate and secure the Services
Maintain audit and compliance records
Fulfil contractual and legal obligations
Retention periods vary by data type, customer configuration, and regulatory requirements.
Personal data is retained only for as long as necessary to:
Operate and secure the Services
Maintain audit and compliance records
Fulfil contractual and legal obligations
Retention periods vary by data type, customer configuration, and regulatory requirements.
11. User Deletion and Data Removal Workflow
11. User Deletion and Data Removal Workflow
Login.Dental supports controlled deletion of user accounts and associated personal data.
Deletion Process
Request Initiation
Individual users may request deletion where permitted.
Organisation-managed users are deleted by authorised administrators.
Verification and Validation
Identity and authority are verified.
Legal, contractual, or security constraints are reviewed.
Immediate Access Revocation
User access is disabled immediately.
Active sessions, tokens, and API access are invalidated.
Personal Data Handling
Personal identifiers are deleted or anonymised.
Organisation-owned credentials remain available to authorised users unless explicitly removed.
Audit and Compliance Retention
Security and audit logs may be retained where legally required, with restricted access.
Backup Handling
Deleted data is removed from backups according to defined retention schedules and is not restored for operational use.
Confirmation
Confirmation of deletion is provided where required by law.
Login.Dental supports controlled deletion of user accounts and associated personal data.
Deletion Process
Request Initiation
Individual users may request deletion where permitted.
Organisation-managed users are deleted by authorised administrators.
Verification and Validation
Identity and authority are verified.
Legal, contractual, or security constraints are reviewed.
Immediate Access Revocation
User access is disabled immediately.
Active sessions, tokens, and API access are invalidated.
Personal Data Handling
Personal identifiers are deleted or anonymised.
Organisation-owned credentials remain available to authorised users unless explicitly removed.
Audit and Compliance Retention
Security and audit logs may be retained where legally required, with restricted access.
Backup Handling
Deleted data is removed from backups according to defined retention schedules and is not restored for operational use.
Confirmation
Confirmation of deletion is provided where required by law.
12. Security Measures
12. Security Measures
Curo Twin implements security controls appropriate for a password management platform, including:
Encryption in transit and at rest
Zero-Knowledge encryption design
Role-based and scope-based access control
Comprehensive audit logging
Continuous monitoring and review
No system can be guaranteed completely secure, but controls are regularly reviewed and improved.
Curo Twin implements security controls appropriate for a password management platform, including:
Encryption in transit and at rest
Zero-Knowledge encryption design
Role-based and scope-based access control
Comprehensive audit logging
Continuous monitoring and review
No system can be guaranteed completely secure, but controls are regularly reviewed and improved.
13. Data Subject Rights
13. Data Subject Rights
Subject to applicable law, individuals may have the right to:
Access personal data
Request correction or deletion
Restrict or object to processing
Request data portability
Withdraw consent where applicable
Requests are handled within legally mandated timelines.
Subject to applicable law, individuals may have the right to:
Access personal data
Request correction or deletion
Restrict or object to processing
Request data portability
Withdraw consent where applicable
Requests are handled within legally mandated timelines.
14. Customer Responsibilities
14. Customer Responsibilities
Customers using Login.Dental are responsible for:
Lawful collection and use of personal data
Providing appropriate privacy notices to users
Defining access roles and permissions
Managing encryption key ownership and recovery practices
Handling end-user data rights requests where required
Customers using Login.Dental are responsible for:
Lawful collection and use of personal data
Providing appropriate privacy notices to users
Defining access roles and permissions
Managing encryption key ownership and recovery practices
Handling end-user data rights requests where required
15. Children’s Data
15. Children’s Data
Login.Dental is not intended for individuals below the minimum age required by applicable law (generally 16). We do not knowingly collect children’s personal data.
Login.Dental is not intended for individuals below the minimum age required by applicable law (generally 16). We do not knowingly collect children’s personal data.
16. Changes to This Policy
16. Changes to This Policy
This Privacy Policy may be updated periodically. Material changes will be communicated via the website or service notifications.
This Privacy Policy may be updated periodically. Material changes will be communicated via the website or service notifications.
17. Contact Information
17. Contact Information
For privacy or data protection queries:
Company: Curo Twin
Product: Login.Dental (Password Manager)
Email: privacy@curotwin.com
Registered Address: 115 N Stewart Avenue
Unit 1C, Kissimme
FL 34747
USA
Individuals may lodge complaints with their local data protection authority.
For privacy or data protection queries:
Company: Curo Twin
Product: Login.Dental (Password Manager)
Email: privacy@curotwin.com
Registered Address: 115 N Stewart Avenue
Unit 1C, Kissimme
FL 34747
USA
Individuals may lodge complaints with their local data protection authority.