Skip to main content
DigiLab
Features DL Desktop FAQ Pricing
  • Français
  • English (UK)
  • English (US)
  • 中文
  • Deutsch
  • Español
  • 日本語
  • Português
  • Italiano
  • Nederlands
  • Türkçe
Machine translation. The original French version is the legally binding reference.

General Terms of Service — SaaS

These General Terms of Service for SaaS (hereinafter the "GTS") govern the relations between the company DIGILAB, a Société par Actions Simplifiée with a share capital of 10,000 euros, whose registered office is at 55 avenue Foch, 75016 Paris, registered with the Paris Trade and Companies Register under number 999 221 831, and its clients (hereinafter referred to as the "Client").

The Service Provider and the Client are hereinafter collectively referred to as the "Parties", without joint and several liability between them.

DIGILAB (hereinafter referred to as "DIGILAB" or the "Service Provider") is a company that provides and maintains software specialising in order management, production workflows and digital processes for dental laboratories, named DIGILAB (hereinafter the "Solution").

The Solution is accessible as a remote service (or "SaaS mode").

The Client has subscribed to the Services in the course of their professional activity.

These provisions enter into force upon the Client's first access to the Services. They shall be presented to the Client by any means prior to such access.

Article 1. Definitions

Anomaly: means any malfunction or non-conformity of the Solution's features with respect to their normal operating state, when the Solution is used in accordance with its purpose and the Documentation. The various categories of Anomalies are described in Annex 3.

Documentation: means documentation of any nature relating to the Solution and/or the Services, including any update, improvement or other modification that may be made thereto and any other element that may be added thereto, provided or made available by the Service Provider to the Client and relating to the Services.

Data: means information (including Personal Data) owned and/or controlled by the Client that it inputs, records, transmits, collects, retains and/or processes in the context of the GTS.

Personal Data: means any information relating to an identified or identifiable natural person, directly or indirectly.

Licence: means the right to use the Solution granted by the Service Provider to the Client pursuant to the terms of these GTS.

Services: means all services as described in the Annexes, provided by the Service Provider to the Client in performance of these terms, comprising (i) the provision of the Solution to the Client in SaaS mode (or the "Licence"), (ii) the hosting of the Solution and Data, (iii) support and corrective and evolutionary maintenance of the Solution, and (iv) User training, depending on the plan subscribed by the Client.

User: means any natural person under the responsibility of the Client and authorised by the Client to connect to the Solution and benefit from the Services in accordance with the provisions of the GTS. The number of Users authorised to connect to the Solution depends on the plan subscribed by the Client.

Credentials: means the specific identifier by which each User will identify themselves to connect to the Services. This comprises a login and a password unique to each User. The User's Credentials are confidential.

Article 2. Contractual documents

These GTS consist exclusively of the following documents:

  • this document;
  • the following Annexes:
    • Annex 1: Description of the Solution and Services and technical prerequisites
    • Annex 2: Security provisions
    • Annex 3: Service Levels (availability rate and incident management)
    • Annex 4: Agreement on the processing of Personal Data

It is understood that the contractual documents shall be interpreted in the light of one another. However, in the event of any contradiction or divergence between the terms of the contractual documents, the Parties agree that this document prevails over the Annexes, each of which has the same value.

It is expressly agreed between the Parties that the Client's general purchasing conditions are not applicable to their commercial relationship.

The technical Annexes may be updated by the Service Provider and must be communicated to the Client by any means.

Article 3. Purpose

These GTS are intended to define the conditions under which:

  • the Service Provider makes the Solution available to the Client and provides the associated Services; and
  • the Client undertakes to use the Solution.

Article 4. Entry into force and duration

A. Duration

The Client subscribes to the Services for a fixed term, according to the plan chosen by the Client at the time of subscription, which may be monthly or annual, on the terms set out below.

Monthly subscription

The monthly subscription is entered into for an initial term of one (1) month. Payment of the monthly fee is due in full at the time of subscribing to the Licence, for the forthcoming month.

The subscription is renewed by tacit renewal for successive periods of one (1) month, subject to prior payment of the corresponding fee.

It may be terminated by the Client at any time, it being specified that any month that has commenced is due in full and shall not give rise to any refund.

Termination takes effect at the end of the current month.

In the absence of payment of the monthly fee by the due date, the Services will be automatically suspended, without prior notice, and the agreement will be terminated by operation of law.

Annual subscription

The annual subscription is entered into for a firm term of twelve (12) months (the "Initial Term").

Payment of the annual fee is due in full at the time of subscribing to the Licence, for the entirety of the Initial Term.

The subscription may be terminated by the Client at any time during the annual period. However, all fees due in respect of the current year remain payable and no refund may be granted.

By way of derogation, in the event of termination based on a serious and unremedied breach by the Service Provider of its contractual obligations, duly notified by the Client in accordance with the conditions of Article 4.B, only the fees accrued up to the effective date of termination shall be due.

In the absence of payment of the annual fee upon expiry of the Initial Term, the Services will be automatically suspended, without prior notice, and the agreement will be terminated by operation of law.

In the absence of termination at the end of the Initial Term and subject to prior payment of the corresponding annual fee, the Services will be tacitly renewed for successive periods of twelve (12) months (each renewal period being referred to as a "Renewed Period"), at the rates applicable at the time of renewal.

It is however specified that, prior to subscribing to the Services under the aforementioned conditions, the Client benefits from restricted access to the Solution as part of a free trial (the "Testing Phase"), on the terms defined in Article 5c.

B. Termination for breach

In the event of a breach by one of the Parties of any of its obligations under these terms, the other Party may give formal notice to remedy such breach within a maximum period of fifteen (15) days, by registered letter with acknowledgement of receipt.

If at the end of this fifteen (15) calendar day period the breach has not been or could not be remedied, the other Party may terminate the Services by operation of law, by registered letter with acknowledgement of receipt, without prejudice to all damages to which it may be entitled.

Except in the event of termination of the Services due to a breach by the Service Provider of its obligations, it is agreed between the Parties that the Client shall remain liable for all sums due in respect of the Services until the normal expiry of the Services (whether that is the Initial Term or a Renewed Period).

C. Consequences of termination

In the event of expiry or termination of the Services for any reason whatsoever, the Service Provider undertakes to carry out the reversibility services set out in the "Reversibility" Article.

Upon termination of the Services, for any reason whatsoever, the Licence granted by the Service Provider under these terms shall be automatically terminated, and the Parties shall return to each other without delay or additional formalities all documents of any nature in their possession belonging to the other Party (including the Documentation where applicable).

In all circumstances and unless the Client requests the application of the "Reversibility" article of these GTS, the Service Provider shall delete the Data three (3) weeks after the effective date of termination of the Services, unless there is a specific legal obligation to the contrary.

Article 5. Conditions of use and implementation of the Services

A. Rights of use of the Solution and Services

In consideration of payment of the price of the Services, the Service Provider grants the Client, on a non-exclusive, personal, non-assignable and non-transferable basis, a right of access to and use of the Solution and its Documentation by its Users, on the conditions and for the duration of these terms.

The DIGILAB Solution is strictly reserved for internal professional use by dental laboratories and prosthetics factories, in the context of their activities relating to the design, manufacture and management of prostheses. It is strictly prohibited to use DIGILAB to create, operate or feed, directly or indirectly, matchmaking or intermediation platforms between Practitioners and prosthetics laboratories, where such uses are carried out by a Client outside the strict framework of using the Solution and the Services as provided for and authorised by these General Terms of Service.

The Solution shall be used by the Client under its sole control, direction and sole responsibility. The Client warrants that Users shall comply with these terms.

The Client undertakes not to (i) resell, sub-licence, hire, share, or make the Solution and Services available to an unauthorised third party in any manner whatsoever without the prior written authorisation of the Service Provider; (ii) unlawfully access, or disrupt the integrity or performance of the Solution or the data it contains; (iii) reverse-engineer the Solution.

Any non-compliant use, as well as any attempt to misuse the Solution for such purposes, will result in the immediate suspension or deactivation of access to the Solution, without prior notice or right to compensation.

B. Terms of service provision

The Services are provided within an infrastructure using the Service Provider's resources.

The Service Provider may, at any time, modify the Solution and/or the Services, or change the manner in which the Services are provided, provided that this does not result in a substantial regression in the performance and functionality of the Services, unless such change is necessary to correct an Anomaly.

The Client acknowledges having been informed by the Service Provider of all technical prerequisites necessary for the optimal operation of the Services, as set out in Annex 1. The Client is also informed that these prerequisites may evolve, in particular for technical reasons.

The Client is solely responsible for access to the Services; it is the Client's responsibility to take all measures to maintain such access. The Service Provider is released from all liability in the event of impossibility of access to the Services due to an event outside its control.

The Client undertakes not to allow unauthorised persons access to the Services and must ensure that each authorised person complies with these GTS.

C. Acceptance of the Services

The Services shall be subject to a Testing Phase, the duration of which shall be agreed between the Parties, without however exceeding fourteen (14) days.

During this Testing Phase, the Service Provider grants the Client restricted access to the Solution for one hundred (100) cases.

At the end of the Testing Phase, either upon expiry of the fourteen (14) day period or upon reaching the threshold of one hundred (100) processed cases, whichever occurs first, the Client must necessarily subscribe to a paid subscription in order to continue accessing the Solution and the Services.

In the absence of a subscription under these conditions, access to the Solution and the Services will be automatically suspended, without prior notice, until the Client effectively subscribes to a plan.

D. Access to Services – Availability

The Service Provider guarantees access to and performance of the Services in accordance with the SLA provisions set out in Annex 3.

The Solution is normally accessible 24 hours a day, 7 days a week, except:

  • periods of unavailability related to maintenance operations necessary for the proper functioning of the Solution;
  • periods of unavailability resulting from a case of force majeure or an event outside the Service Provider's control, such as incidents, bugs or failures that may affect online applications or Internet access;
  • periods of unavailability, degradation or interruption of the Services attributable, directly or indirectly, to application programming interfaces (API), data flows, cloud platforms or services operated by intra-oral scanner manufacturers or by any other third-party provider upon which the Services depend, including in particular in the event of modification, suspension, restriction of access, unavailability, deletion or technical evolution decided upon by such third parties.

The periods of unavailability referred to above are not taken into account in the calculation of the guaranteed availability rate under the Service Levels defined in Annex 3 and do not give rise to any penalty, credit or compensation.

Where technically possible, the Service Provider shall endeavour to notify the User of any interruption as soon as possible and by any means.

Users' access to the Services is effected, for each use, using Credentials from any desktop or laptop computer, tablet or smartphone.

The Client is however informed that connection to the Services is made via the Internet network. As such, the Client is warned of the technical hazards that may affect this network and cause slowdowns or unavailability that render connection impossible. The Service Provider cannot be held liable for difficulties in accessing the Services due to disruptions to the Internet network.

Credentials are assigned to each User. The Client shall ensure that the confidentiality of the Credentials is observed by its Users. The Credentials may only be used to allow access to the Services by Users authorised by the Client, in order to guarantee the security of the Client's Data.

The Client is solely responsible for the use, and possible loss or misappropriation, of the Credentials. The Client shall promptly inform the Service Provider if it identifies a security breach related in particular to the voluntary disclosure or misappropriation of Credentials, so that the Service Provider can promptly take any appropriate measures to remedy the security breach.

In the event of loss or misappropriation of the Credentials, the Service Provider reserves the right to close or suspend the relevant account, without any liability on its part.

Access to the Services may be temporarily interrupted, without compensation and without service credit, for reasons of necessity related to the Services, including in particular to ensure maintenance of the Solution or the Service Provider's servers. In such circumstances, the Client shall be informed by any means at least twenty-four (24) hours in advance.

In the event of a security breach identified by the Service Provider that is likely to seriously compromise the security of the Services and/or the Data, the Service Provider may, without prior notice, temporarily interrupt the Services in order to remedy the security breach as quickly as possible.

In the event of a proven or suspected breach by the Client of its obligations referred to above, the Service Provider may take any measures it deems necessary, including in particular the immediate and without-notice suspension of access to the Solution, without any liability on its part on any grounds whatsoever.

Article 6. Obligations of the Parties

A. Obligations of the Service Provider

The Service Provider undertakes to make the Solution available to the Client, and to provide the Services to the Client, in accordance with these provisions, and in accordance with best professional practice, from the date of provision of the Services, under a best-efforts obligation.

In this context, the Service Provider undertakes to:

  • provide the Services in compliance with the Service Levels (SLA) defined in Annex 3;
  • assign qualified and competent personnel to the performance of the Services.

B. Client's obligation to cooperate

In addition to the obligations relating to the use of the Solution and the Services and the payment obligations in respect of the Services described herein, the Client undertakes to cooperate with the Service Provider and to provide or guarantee access to any information or elements that the Service Provider may reasonably require in order to fulfil its obligations under these terms.

The Client undertakes to use the Services in compliance with applicable laws and regulations.

Article 7. Intellectual property

A. Ownership rights and use of the Solution

The Solution and the associated Documentation are and remain the property of the Service Provider or its licensors.

The Service Provider warrants that it is the author or holder of the exclusive exploitation rights to the Solution in accordance with the provisions of the Code de la Propriété Intellectuelle. The Service Provider retains all intellectual property rights relating to the Solution and to the confidential information it owns.

Consequently, the Client understands and acknowledges that the Licence granted to it under these terms does not effect any transfer of ownership in its favour. The Client is prohibited from infringing the Solution in any manner whatsoever, including in particular from using the Solution in a manner that does not comply with its professional purpose and the conditions set out in these terms.

The Parties warrant that they recognise and respect each other's intellectual property rights.

This Article shall survive the termination or expiry of these terms for any reason whatsoever.

B. Warranty against eviction

The Service Provider warrants that it holds all the intellectual property rights enabling it to provide the Solution, and that, to the best of its knowledge, they do not infringe any third-party intellectual property rights.

The Service Provider indemnifies the Client against any claim by a third party on the grounds of infringement resulting from the Client's use of the Solution.

Accordingly, the Service Provider shall bear all condemnations to the principal amount, costs and accessories to which the Client may be condemned by a final court decision.

If, as a result of such action, the Client is prevented from using the Solution, the Service Provider shall, at its own expense, take one of the following measures, whichever it considers most appropriate, constituting the Client's sole and exclusive remedy:

  • Obtain the right for the Client to use the Solution in accordance with these terms;
  • replace or modify the Solution to avoid such action whilst maintaining an equivalent level of functionality and relevance;
  • reimburse the Client for the sums paid by the Client under these terms, in proportion to the period during which the Services could not be performed pursuant to this Article.

Article 8. Maintenance and support

The Service Provider provides maintenance and support services for the Solution on the terms and conditions expressly and exhaustively set out in Annexes 1 and 2.

Article 9. Data

A. Data ownership

The Client is the sole holder of rights to the Data that may be processed by the Service Provider in the context of the Services.

The Client grants, to the extent necessary, to the Service Provider and its possible sub-processors a non-exclusive, worldwide, royalty-free and assignable licence, enabling in particular access to, hosting of, use of and copying of the said Data for the purposes of performing the Services.

This licence shall terminate automatically upon cessation of these terms, unless it is necessary to continue hosting the Data and processing it, including in particular in the context of implementing Reversibility operations.

The Service Provider reserves the right to use Data arising from the Client's use of the Solution and the Services, in strictly anonymised form, for the purpose of producing statistics, analyses or studies aimed at improving the performance, quality and functionalities of the Solution and the Services. Such processing is carried out in compliance with the Applicable Regulations, and does not under any circumstances enable the direct or indirect identification of the Client or its Users.

The Client represents and warrants that it holds all necessary authorisations to exploit the Data in the context of the Services and that it may freely grant a licence in the aforementioned terms to the Service Provider and its possible sub-processors. The Client further represents and warrants that in creating, installing or uploading the Data in the context of the Services, it does not exceed any rights that may have been granted to it in respect of all or part of the Data and that it does not infringe the rights of third parties.

The Client undertakes to ensure that Users do not input or communicate, in the context of using the Solution, any Personal Data, sensitive data, confidential data or data protected by trade secret.

It is the Client's responsibility to put in place the necessary internal controls and instructions to prevent any unauthorised input or transmission of such Data. The Service Provider shall not be held liable for any involuntary or inappropriate processing resulting from the transmission of such Data by the Client or its Users in breach of these provisions.

The Client shall ensure that it does not communicate, in the course of using the Services, any Data that would require the Service Provider to comply with specific laws or regulations other than those provided for in the context of the normal provision of the Services.

The Client undertakes to indemnify the Service Provider for all financial consequences that the Service Provider may be required to bear as a result of the Client's breach of the aforementioned warranties concerning the Data.

B. Security

The Service Provider undertakes to perform the Services in accordance with the security document reproduced in Annex 2.

C. Personal Data

In connection with the provision of the Services, the Parties undertake to comply with all obligations arising from the application of any applicable legislation relating to the protection of personal data, in particular those arising from the loi du 6 janvier 1978 modifiée relative à l'Informatique, aux Fichiers et aux Libertés and, since 25 May 2018, from the Règlement UE/2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (the "Applicable Regulations").

In the context of the Services, the Service Provider acts as a Processor within the meaning of the Applicable Regulations. The conditions relating to the processing carried out in this context are described in the Personal Data protection document (Annex 4).

With regard to Personal Data collected and processed by each of the Parties on their own account for the purposes of the administrative management of these terms, each Party acknowledges that it processes such data as Data Controller within the meaning of the GDPR and undertakes as such to comply with all obligations incumbent upon it in that capacity.

The Service Provider shall under no circumstances be liable for the Client's failure to comply with its legal or contractual obligations with regard to Personal Data possibly integrated into the Solution by the User.

This Article shall survive the termination or expiry of these terms for any reason whatsoever.

Article 10. Pricing

The applicable prices are those in force online on the website (https://digilab.dental) at the time of subscribing to the Services, expressed in the currency of the country concerned and determined according to the type of plan subscribed by the Client and any case overruns.

Prices may be revised at the Service Provider's initiative.

Payment is made online at the time of subscription and then automatically at each due date, by direct debit from the payment method provided by the Client. By providing their bank details, the Client expressly authorises the Service Provider to debit the amounts due in respect of the Services.

Invoices are issued and transmitted to the Client in electronic format. In the event of a dispute regarding an invoice, payment of the disputed invoice remains due. If the dispute is accepted, a credit note shall be sent to the Client as soon as possible.

Article 11. Warranties

The Service Provider warrants that the Services are compliant with its Documentation.

The Service Provider does not warrant that the Services are free from all defects or hazards and undertakes to remedy exclusively the Anomalies detected in accordance with Annex 3.

The compliance of the Services shall not be extended to any other express or implied warranty relating to the Services, including in particular any implied warranty of merchantability or fitness of the Solution for a particular objective or result set by the Client and/or for performing particular tasks that may have motivated its decision to subscribe to the Services. The Service Provider does not warrant that the features of the Services, including the Solution, will meet the Client's requirements.

To the extent permitted by law, any warranty other than those expressed herein is expressly excluded.

Article 12. Liability

The Service Provider shall under no circumstances be held liable for any indirect loss suffered by the Client that may arise from or in connection with the performance of these terms and their consequences. Indirect losses include in particular, without this list being exhaustive, loss of earnings or profits, loss of opportunity, commercial losses, loss of Data, notwithstanding the fact that the Service Provider may have been warned of the likelihood of their occurrence.

In the event that the Service Provider's liability is engaged as a result of a breach by the Service Provider of its contractual obligations, the amount of total and cumulative compensation, for all causes, principal, interest and costs, to which the Client may be entitled, shall be limited to the direct and foreseeable loss suffered by the Client and may not exceed an amount equal to the sums paid by the Client to the Service Provider in respect of the Services during the six (6) months preceding the event giving rise to the claim against the Service Provider.

The Parties' liability may not, however, be excluded or capped in the event of personal injury or damage caused by fraud or gross negligence.

In any event, the Service Provider's liability shall under no circumstances be sought in the case of:

  • use of the Services in a manner not provided for in the Documentation and/or not expressly authorised by these terms or the Documentation;
  • modification of all or part of the Solution and the Services without the Service Provider's consent by the Client or a third party;
  • continued use of all or part of the Solution and the Services when the Service Provider had recommended suspending such use;
  • use of the Solution and the Services in an environment or configuration that does not comply with the Service Provider's technical prerequisites, or in connection with third-party programmes or data not expressly approved by the Service Provider;
  • occurrence of any damage resulting from the Client's fault or negligence, or which the Client could have avoided by following the Service Provider's recommendations;
  • use, in connection with the Solution and the Services, of programmes not provided or approved by the Service Provider that may affect the Solution, the Services or the Client's Data.

Article 13. Confidentiality

Unless expressly stated otherwise by the disclosing Party, all information, data, documents, deliverables and/or know-how, of whatever nature, communicated by one Party to the other in the context of the performance of these terms, as well as the terms hereof, are considered confidential (the "Confidential Information"). Furthermore, the Parties undertake not to make any use of information gathered in the context of pre-contractual negotiations or the performance of these terms in a manner that could cause prejudice to the other Party.

This undertaking remains in force for the duration of these terms, and for a period of five (5) years from their termination or expiry, for whatever reason.

The following shall not be considered Confidential Information: information (i) that was in the possession of the receiving Party prior to its disclosure by the other Party, without such possession resulting directly or indirectly from the unauthorised disclosure of that information by a third party; (ii) that forms part of the public domain at the date of its disclosure or subsequently falls into the public domain without this being attributable to any wrongful conduct by the recipient; (iii) that was legitimately obtained from a third party without breaching any confidentiality obligation.

To the extent permitted by law, the Parties undertake to return or destroy, in accordance with the instructions of the other Party, all Data and Information, at the request of the relevant Party, within a maximum period of fifteen (15) days from receipt of the request.

This Article shall survive the termination or expiry of these terms for any reason whatsoever.

Article 14. Reversibility

In the event of expiry and/or termination of the Services, the Client has the data retention period provided for by the subscribed plan to retrieve the Data accessible through the Solution's features.

Article 15. Applicable law and competent courts

These GTS and any dispute relating thereto shall be governed by and construed in accordance with French law.

In the event of any dispute arising between the Service Provider and the Client concerning the validity, performance, nullity or interpretation of these terms, the Parties undertake to cooperate diligently and in good faith with a view to finding an amicable solution.

If, however, no agreement is reached within a reasonable period of time, the courts within the jurisdiction of the Paris Court of Appeal shall have sole jurisdiction, even in the case of multiple defendants, third-party claims or interim proceedings.

These GTS are drafted in the French language and any translation into a foreign language is provided for information purposes only, French being the sole authoritative language.

Article 16. Miscellaneous provisions

A. Entire agreement

These GTS supersede and replace any and all discussions, negotiations and/or agreements that may previously have existed between the Parties concerning the same subject matter and the same Services.

B. Headings

The headings of paragraphs and articles of the GTS are inserted for ease of reading only and shall not under any circumstances be used to guide their interpretation.

C. Partial invalidity

If one (or more) of the provisions of the GTS is held, rendered or declared invalid by reason of a law, regulation or decision of a competent court, the Parties shall consult one another to agree on one or more provisions to replace the invalid provision(s) and to achieve, as far as possible, the objective of the original clause(s). All other provisions of the GTS shall retain their full force and effect.

D. Non-waiver

The failure of either Party to invoke a breach by the other Party of any of its obligations shall not be construed as a waiver of the obligation in question or as an amendment to these terms, and shall not prevent the non-defaulting Party from invoking such breach in the future.

E. Force majeure

Only those events that are unforeseeable and irresistible and that prevent one or both Parties from partially or fully performing their obligations under these terms shall be expressly recognised as force majeure events (as defined in article 1218 du Code civil and the case law of the Court of Cassation). The Service Provider and the Client agree that internal labour disputes within their respective companies and/or their sub-processors shall not constitute force majeure within the meaning of this article.

In the event of a force majeure event, the obligations entered into under the GTS shall be suspended for the duration of the event. The Party invoking a force majeure event shall inform the other Party upon its occurrence. Should the effects of the force majeure event extend beyond one (1) month, either Party may terminate the Services by operation of law and without prior formal notice, subject to a minimum notice period of one (1) month.

F. Insurance

Each Party declares that it has subscribed to and maintains, with a well-known and solvent insurance company, insurance covering the consequences of its Professional and General Civil Liability.

G. Notices

Unless otherwise stipulated, notices shall be sent by registered letter with acknowledgement of receipt. Any notice shall take effect from the date of its first presentation.

H. Amendments

The Service Provider reserves the right to amend these GTS and their Annexes at any time, provided that such amendments do not result in a substantial diminution of the Client's rights. Any amendment shall be brought to the Client's attention by any means the Service Provider deems appropriate. The amended GTS shall enter into force on the date specified in the notification addressed to the Client.


Annex 1 – Description of the Solution and Services and technical prerequisites

General overview

DIGILAB is a web-based software platform for dental prosthetics laboratories and dental practitioners, enabling the centralised management of digital orders from intra-oral scanners.

The solution enables unified access to orders from multiple cloud platforms of dental scanner manufacturers within a single interface, thereby facilitating the management, traceability and processing of digital cases.

DIGILAB is accessible via a secure web browser and relies on a cloud infrastructure hosted on Google Cloud.

1. Main software functions

The DIGILAB solution enables in particular:

  • Automatic centralisation of digital orders from various brands of intra-oral scanners;
  • Consultation and downloading of orders and associated files (STL, PLY, images, complete archives);
  • 3D visualisation of digital impressions directly from the web interface;
  • Full management of the production cycle, including: validation, planning, modelling, manufacture, dispatch;
  • Order tracking and traceability with history and timeline of actions;
  • Management of production statuses according to treatment type (prostheses, surgical guides, aligners);
  • Integrated communication via discussion spaces between dentists and laboratories;
  • Order creation and modification;
  • Management of laboratories and users;
  • Automatic document generation, including: purchase orders, conformity declarations, QR code labels, invoices;
  • Data export (including in Excel format);
  • Integration with third-party dental CAD software and laboratory management software;
  • Customisation of the interface with the laboratory's branding and logo (depending on plan).

The platform enables the management of various types of dental treatments: dental prostheses, surgical guides, alignment appliances.

Modules and options available depending on the plan

BASIC plan

Enables:

  • order consultation;
  • basic search and filters;
  • file downloading;
  • 3D scan visualisation;
  • integration with third-party software.

ESSENTIAL plan

Includes all BASIC features plus:

  • advanced order management;
  • order modification and creation;
  • custom filters and views;
  • collaborative discussion spaces;
  • laboratory graphic customisation;
  • automatic document generation;
  • production status management;
  • data exports;
  • advanced user and laboratory management;
  • comprehensive traceability tools.

Optional module: DL Desktop

Software module installable on a Windows workstation, enabling:

  • local automatic retrieval of DIGILAB orders;
  • automatic file downloading;
  • automatic generation of EXOCAD-compatible exports (.dentalProject);
  • automatic organisation of files on the user's workstation;
  • direct opening of cases in CAD software.

2. Associated services

Technical support

Provision of an online Frequently Asked Questions (FAQ) resource. Provision of an assistance chatbot accessible from the DIGILAB interface. Access to a ticketing platform enabling users to submit technical support requests, report anomalies and track the handling of incidents by the DIGILAB team.

Training

Online onboarding pathway in video format, enabling progressive familiarisation with the DIGILAB solution, including in particular: initial account configuration, connection to scanner platforms, order management, production monitoring, use of the main features.

Maintenance and updates

The DIGILAB solution benefits from regular application updates, continuous functional improvements, security patches, and cloud infrastructure maintenance. The infrastructure is subject to daily automatic backups, continuous technical supervision, and encryption of data and communications.

3. Technical prerequisites

Minimum configuration for access to the web solution

Compatible browsers:

  • Google Chrome (recommended)
  • Microsoft Edge
  • Any Chromium-based browser

Compatible operating systems:

  • Windows 10 or above
  • Recent macOS
  • Linux

Internet connection: Broadband connection recommended; minimum advised speed: 5 Mbps

Hardware: Standard computer capable of displaying 3D models. Screen recommended ≥ 1920×1080 for optimal comfort.

Prerequisites for the DL Desktop module

  • Windows 10 or Windows 11
  • Intel Core i3 processor or equivalent minimum
  • 4 GB RAM minimum (8 GB recommended)
  • 500 MB disk space minimum
  • Authorised access to local storage folders
  • Stable Internet connection

Integration prerequisites

To function correctly, the laboratory must hold an active cloud account with the compatible intra-oral scanner manufacturers, including in particular: 3Shape, Medit, Dexis, Shining 3D, 3Disc, iTero, Alliedstar (AS Connect), Panda / Freqtek, DScore, as well as the necessary access to any third-party software used (CAD or laboratory management software).

DIGILAB offers assistance with the configuration of these connections.


Annex 2 – Security document

1. Technical security measures

1.1 Data protection

The Solution relies on a secure cloud infrastructure hosted on Google Cloud Platform (GCP), located in the European Union, GCP regions europe-west9-a (Paris), europe-west4-a (Netherlands), europe-west1 (Belgium).

Data encryption

  • All communications with the DIGILAB platform are secured via the HTTPS (TLS) protocol, with SSL certificates issued by Google Cloud or by the Caddy server.
  • User passwords are never stored in plain text and are protected by a strong hashing algorithm (bcrypt).
  • The credentials required to connect to dental scanner platforms are encrypted using an AES algorithm prior to storage.
  • Data stored on Google Cloud virtual machines benefits from native at-rest encryption via encryption keys managed by Google.

Secure storage

  • Application data is stored in a MongoDB database isolated within the cloud infrastructure.
  • Network access to the database is restricted by IP filtering allowing only the necessary internal services.
  • A migration to MongoDB Atlas (a secure managed service) is under way in order to further strengthen security and high-availability mechanisms.

Backups

  • Virtual machines are subject to daily automatic backups (daily snapshots).
  • Backups are managed by the Google Backup and Disaster Recovery service.
  • Automatic restart mechanisms enable rapid restoration of services in the event of an incident.

Certification and hosting

The infrastructure relies on Google Cloud Platform, a provider holding numerous international security certifications (ISO 27001, ISO 27017, ISO 27018, HDS). Google Cloud Platform is also certified SOC 2 and SOC 3.

The DIGILAB platform processes data that may qualify as health data within the meaning of article L.1111-8 du Code de la santé publique.

1.2 Access control

Authentication

  • Access to the DIGILAB platform requires authentication by username and password.
  • Auto-connection mechanisms between the various DIGILAB applications are secured server-side.
  • Passwords are stored exclusively in hashed form.

Permission management

  • Users only have access to orders and data associated with their laboratory.
  • Role separation limits access to authorised administrators.

Administrator and infrastructure access

  • Access to virtual machines is effected exclusively via individual SSH keys.
  • Access is restricted to authorised accounts.
  • Google Cloud service accounts hold restricted API rights in accordance with the principle of least privilege.

1.3 Network and infrastructure security

Secure architecture

  • The DIGILAB infrastructure is distributed across several isolated services: application services, Cloud Run functions, databases, third-party integration servers.
  • Critical services use fixed IPs and VPC connectors in order to limit public exposure.

Network protection

  • Google Cloud firewall rules restrict incoming traffic to necessary ports (HTTP/HTTPS).
  • The MongoDB database is protected by IP address filtering.
  • Inter-service communications are carried out via secure internal networks.

Supervision and logging

The services use Google Cloud Logging and Monitoring (Stackdriver / Google Cloud Operations) for: event logging, performance monitoring, anomaly detection. VM integrity monitoring is activated.

System protection

VMs benefit from an activated vTPM module, integrity monitoring, automatic migrations during host maintenance, and automatic restart in the event of failure.

Application protection

The DIGILAB infrastructure relies on a hybrid architecture combining serverless services (Cloud Run, Firebase Hosting) and GCP Compute Engine virtual machines. Application containers are built from maintained base images and benefit from the integrated security mechanisms of the GCP platform (isolation, sandboxing, gVisor). This serverless architecture renders the deployment of traditional third-party antivirus software on execution environments unnecessary.

Security controls

DIGILAB may carry out or commission vulnerability scans and/or security tests at a frequency adapted to the level of risk and the evolution of the Solution, without any guarantee of exhaustive coverage, and shall implement reasonable corrective actions according to criticality.

Maintenance and updates

Systems, dependencies and application images are subject to regular updates in order to address known vulnerabilities. Application deployments follow a continuous delivery process (CI/CD) including quality and security controls.

2. Operational and organisational measures

2.1 Security incident management

DIGILAB applies an incident management process comprising:

  • detection via cloud supervision tools;
  • technical analysis of the incident;
  • isolation of the affected service where necessary;
  • data restoration via backups;
  • correction and deployment of a patch;
  • traceability of actions taken.

In the event of a security incident affecting data, DIGILAB undertakes to notify the Client within a maximum period of 72 hours of becoming aware of it, in accordance with applicable regulatory obligations (including in particular the GDPR).

2.2 Business continuity and disaster recovery plan

In order to ensure service continuity:

  • application components are distributed across several independent cloud services;
  • daily backups enable rapid restoration of environments;
  • instances have automatic restart functionality;
  • the Google Cloud infrastructure guarantees high hardware and network availability;
  • services can be rapidly redeployed via Docker containers and managed services (Cloud Run, Firebase Hosting).

These measures enable service interruptions to be minimised and operational recovery to be ensured in accordance with the following objectives:

  • Recovery Point Objective (RPO): 24 hours.
  • Recovery Time Objective (RTO): 24 to 48 hours depending on the nature of the incident.

2.3 Data retention and deletion

Data relating to user accounts is retained for the duration of the contractual relationship. Data relating to user orders is retained according to the chosen plan:

  • BASIC: 21 days
  • ESSENTIAL: 8 weeks (56 days)

2.4 Protection of personal data

The processing of personal data carried out in the context of using the DIGILAB platform is governed by a specific annex "Data Protection – GDPR (DPA)" integrated into the General Terms of Service.

3. Security contacts

The designated contacts for questions relating to the security of the DIGILAB platform are:

  • Contractual contact: Mickael ANOUFA – mickael.anoufa@digilab.dental
  • Technical security contact: Mickael ANOUFA – mickael.anoufa@digilab.dental

Annex 3 – Service Levels

1. Solution availability

1.1 Availability rate

The Service Provider undertakes to ensure a monthly availability of the DIGILAB Solution of 99.5% of the time on working days (excluding public holidays), Monday to Friday from 09:00 to 18:00 (CET).

Availability corresponds to the ability of authorised users to:

  • access the DIGILAB platform;
  • consult orders;
  • download associated files;
  • use the main service features.

The following are excluded from the availability calculation:

  • planned maintenance windows;
  • interruptions related to force majeure;
  • failures of the Client's Internet networks or equipment;
  • unavailability resulting from third-party services or external scanner platforms.

1.2 Planned maintenance

Maintenance operations may be carried out in order to ensure: application updates, security patches, cloud infrastructure evolution.

Applicable conditions:

  • prior notification at least 24 hours before the intervention;
  • operations carried out preferably outside working hours where possible;
  • provision of a post-incident report within 3 working days (excluding public holidays) in the event of a major incident.

1.3 Recovery objectives

The DIGILAB infrastructure benefits from backup and recovery mechanisms enabling the following objectives:

  • RPO (Recovery Point Objective): maximum 12 hours (maximum data loss in the event of a major incident)
  • RTO (Recovery Time Objective): maximum 5 hours (target service restoration time)

2. Performance and Anomaly management

2.1 Anomaly classification

Blocking Anomaly (Critical)

Corresponds in particular to: total inability to access the DIGILAB platform; general service unavailability; loss or corruption of data preventing normal use.

Major Anomaly

Corresponds in particular to: absence of automatic order receipt from scanners; malfunction affecting an essential feature without complete service shutdown.

Minor Anomaly

Corresponds in particular to: display defect; interface anomaly; incomplete information or non-blocking behaviour of the platform.

2.2 Response commitments

The Service Provider undertakes to acknowledge receipt of Client requests within the following timeframes (working hours, excluding public holidays):

Anomaly levelResponse time
Blocking4 working hours
Major8 working hours
Minor24 working hours

2.3 Resolution commitments

Anomaly levelTarget resolution time
Blocking24 working hours (excluding public holidays)
Major7 working days (excluding public holidays)
Minor15 working days (excluding public holidays)

Resolution timeframes are understood as a reasonable target for correction or implementation of a workaround.

2.4 Anomaly reporting and tracking procedure

Anomalies may be reported via the email address: support@digilab.dental.

Each report is the subject of a record, a severity qualification and monitoring through to closure. The Client undertakes to provide all information necessary to reproduce the anomaly.

3. Support and assistance

3.1 Contact methods

DIGILAB technical support is accessible via:

  • Email: support@digilab.dental
  • Integrated ticketing portal on the platform
  • DIGILAB assistance chatbot

3.2 Support hours

Technical support is provided Monday to Friday, from 09:00 to 17:00 (CET), excluding public holidays. Request handling is prioritised according to the anomaly severity level.

4. Service credits

4.1 Principle

In the event of a proven failure to meet the availability commitments defined in this annex, the Client may request the granting of a service credit. Credits take exclusively the form of a credit note applied against a future DIGILAB invoice. Service credits represent DIGILAB's sole liability and the Client's exclusive remedy in the event of non-compliance of the Services provided with the Service Levels.

4.2 Limitation

The total amount of service credits granted may not exceed an amount equal to the sums paid by the Client in respect of the Services during the month preceding the event giving rise to the claim against the Service Provider.

4.3 Eligibility conditions

Any credit request must:

  • be submitted in writing within 30 days following the incident;
  • contain the elements enabling the alleged breach to be established.

Annex 4 – Processing of Personal Data

For the purposes of these terms, the following definitions apply:

Personal Data: means any information relating to an identified or identifiable person, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to them. "Client's Personal Data" means that which is communicated by the Client to the Service Provider as well as that collected, produced or otherwise Processed by the Service Provider in connection with the performance of the Agreement.

Processing: means any operation or set of operations applied to Personal Data, whether or not by automated means, such as collection, recording, organisation, retention, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or any other form of making available, alignment or combination, as well as restriction, erasure or destruction.

The expressions "Data Subjects", "Data Controller" and "Processor" have the meanings given to them in Article 4 of the GDPR.

A) General provisions

The Parties acknowledge that, for the Processing operations carried out in the context of the performance of the Agreement, the Client acts as Data Controller and the Service Provider as Processor. As Processor, the Service Provider undertakes to:

  • Process Personal Data solely for the purposes that are the subject of the sub-processing;
  • Process Personal Data in accordance with the Client's documented instructions. If the Service Provider considers that an instruction constitutes a breach of the Applicable Regulations, it shall immediately inform the Client;
  • Guarantee the confidentiality, security and integrity of the Personal Data processed under these terms;
  • Ensure that persons authorised to process Personal Data comply with the Applicable Regulations;
  • Inform the Client of any possible transfer of Personal Data outside the European Union, or to a non-adequate country, and guarantee that such transfer and/or hosting is carried out to countries that ensure a sufficient level of Data protection;
  • The Service Provider holds a general authorisation to engage another sub-processor (hereinafter the "further sub-processor") to carry out specific processing activities. In the event of the addition or replacement of a further sub-processor, the Service Provider shall inform the Client in advance and in writing; the Client shall have a period of one (1) month from the date of receipt of this information to raise objections;
  • Right to information of Data Subjects: It is the Client's responsibility to provide information to the Data Subjects concerned by the processing operations at the time of collecting Personal Data;
  • Exercise of data subjects' rights: To the extent possible, the Service Provider shall assist the Client in fulfilling its obligation to respond to requests by data subjects to exercise their rights. When data subjects submit requests to exercise their rights to the Service Provider, the Service Provider shall forward them to the Client within seventy-two (72) hours of their receipt;
  • Notification of personal data breaches: the Service Provider shall notify the Client of any Personal Data breach within a maximum period of 72 (seventy-two) hours of becoming aware of it, by email to the email address made available to it by the Client for this purpose;
  • DPIA: to the extent possible, the Service Provider shall assist the Client in carrying out data protection impact assessments;
  • Fate of Personal Data: Upon termination of these terms, the Service Provider undertakes to destroy all Personal Data, unless there is a contrary legal obligation.

B) Description of Processing operations

CategoryDescription
Services provided Provision of a SaaS solution and hosting of data transmitted by the client (billing data, identification data, health data) related to the client's activity, maintenance.
Nature of Processing operations Collection ☑ · Recording ☑ · Use ☑ · Disclosure ☐ · Deletion ☐ · Modification ☐ · Restriction ☐
Purposes of Processing Management of orders and files processed by the Client; processing of data relating to patients, practitioners and partners; storage, hosting and backup of the Client's Data.
Categories of Data Subjects Clients of the Data Controller: Practitioner, Patients ☑
Employees of the Data Controller ☑
Suppliers of the Data Controller ☐
Categories of Personal Data Identification data ☑: User identification data (practitioner and laboratory employees): surname, first name, email address, postal address, telephone number. Patient reference: identification number, or surnames and first names.

Professional life data ☑: Professional role and title, laboratory name.

Economic/financial data: Invoices are generated and hosted by Stripe, a third-party payment provider. DIGILAB does not store payment data (bank cards, IBAN) or the invoices themselves.

Connection data ☑: User connection data.

Other ☑: National Insurance number, photographs, impressions (teeth), X-rays, scans depending on the work in question.
Special categories of personal data Yes ☑ — Patient health data
Location of Processing operations Transfers outside the European Economic Area: No ☑
Further sub-processors
Company nameSub-contracted services
Google Cloud PlatformHosting (HDS)
StripeBilling
Duration of Processing operations For the duration of the agreement
DPO – Processor dpo@digilab.dental

Version dated 25 June 2026

DigiLab

The platform that connects dental laboratories to the digital world. Intelligent centralisation and automation.

Product

  • Features
  • DL Desktop
  • Pricing

Resources

  • FAQ

Contact

  • Contact
  • 24/7 Support

© 2026 DigiLab. All rights reserved.

Legal notices Terms of use Terms of service Privacy policy
FR EN US 中文 DE ES JA PT IT NL TR