General Terms of Service (SaaS)
These General Terms of Service (hereinafter the "GTS") govern the relationship between the company DIGILAB, a Société par Actions Simplifiée with share capital of 10,000 euros, whose registered office is located at 55 avenue Foch, 75016 Paris, registered with the Paris Trade and Companies Registry under number 999 221 831, and its clients (hereinafter referred to as the "Client").
The Provider and the Client are hereinafter collectively referred to as the "Parties" without joint and several liability between them.
DIGILAB (hereinafter referred to as "DIGILAB" or the "Provider") is a company that provides and maintains software specialized in order management, production workflows, and digital processes for dental laboratories, called DIGILAB (hereinafter the "Solution").
The Solution is accessible as a remote service (or "SaaS mode").
The Client has subscribed to the Services in the course of their professional activity.
These provisions enter into force upon the Client's access to the Services. They will be presented to the Client by any means prior to such access.
Article 1. Definitions
Anomaly: means any malfunction or non-conformity of the Solution's features compared to its normal operating state, when the Solution is used in accordance with its intended purpose and Documentation. The various categories of Anomalies are described in Annex 3.
Documentation: means all documentation of any nature relating to the Solution and/or the Services, including any updates, improvements, or other modifications that may be made thereto, and any other elements that may be appended, provided or made available by the Provider to the Client and relating to the Services.
Data: means the information (including Personal Data) that the Client owns and/or is responsible for, which it enters, submits, transmits, collects, stores, and/or processes under the GTS.
Personal Data: means any information relating to an identified or identifiable natural person, directly or indirectly.
License: means the right to access and use the Solution granted by the Provider to the Client under the terms of these GTS.
Services: means all services as described in the Annexes, provided by the Provider to the Client in performance of these terms, comprising (i) provision of the Solution in SaaS mode to the Client (or the "License"), (ii) hosting of the Solution and Data, (iii) support and corrective and evolutionary maintenance of the Solution, and (iv) User training, depending on the plan subscribed to by the Client.
User: means any natural person under the responsibility of the Client and authorized by the Client to connect to the Solution and benefit from the Services in accordance with the provisions of the GTS. The number of Users authorized to connect to the Solution depends on the plan subscribed to by the Client.
Credentials: means the specific identifier by which each User will authenticate to connect to the Services. This includes a login and password unique to each User. User Credentials are confidential.
Article 2. Contractual Documents
These GTS consist exclusively of the following documents:
- this document;
- the following Annexes:
- Annex 1: Description of the Solution and Services and Technical Requirements
- Annex 2: Security Provisions
- Annex 3: Service Levels (availability rate and incident management)
- Annex 4: Personal Data Processing Agreement
It is understood that the contractual documents are mutually explanatory. However, in the event of any contradiction or discrepancy between the terms of the contractual documents, the Parties agree that this document prevails over the Annexes, which each carry equal weight.
It is expressly agreed between the Parties that the Client's general purchasing conditions do not apply to their commercial relationship.
The technical Annexes may be updated by the Provider and must be communicated to the Client by any means.
Article 3. Purpose
These GTS are intended to define the conditions under which:
- the Provider makes the Solution available to the Client and provides the associated Services, and
- the Client undertakes to use the Solution.
Article 4. Effective Date and Term
A. Term
The Client subscribes to the Services for a fixed term, based on the plan chosen by the Client at the time of subscription, which may be monthly or annual, under the conditions specified below.
Monthly Subscription
The monthly subscription is entered into for an initial term of one (1) month. The monthly fee is payable in full at the time of the License subscription, for the upcoming month.
The subscription automatically renews for successive periods of one (1) month, subject to prior payment of the corresponding fee.
It may be canceled by the Client at any time, provided that any month begun is fully due and is not subject to any refund.
Termination takes effect at the end of the current month.
If the monthly fee is not paid when due, the Services will be automatically suspended without prior notice and the agreement will be terminated by operation of law.
Annual Subscription
The annual subscription is entered into for a firm term of twelve (12) months (the "Initial Term").
The annual fee is payable in full at the time of the License subscription, for the entire Initial Term.
The subscription may be canceled by the Client at any time during the annual period. However, all fees due for the current year remain payable, and no refund may be granted.
By way of exception, in the event of termination based on a material and unremedied breach by the Provider of its contractual obligations, duly notified by the Client in accordance with Article 4.B, only the fees accrued up to the effective date of termination shall be due.
If the annual fee is not paid at the end of the Initial Term, the Services will be automatically suspended without prior notice and the agreement will be terminated by operation of law.
In the absence of termination at the end of the Initial Term and subject to prior payment of the corresponding annual fee, the Services will be tacitly renewed for successive periods of twelve (12) months (each such renewal period being referred to as a "Renewed Period"), at the rates applicable at the time of renewal.
It is however noted that prior to subscribing to the Services under the conditions described above, the Client benefits from restricted access to the Solution as part of a free trial (the "Test Phase"), under the terms defined in Article 5.C.
B. Termination for Breach
In the event that either Party fails to fulfill any of its obligations under these terms, the other Party may send a formal notice to remedy such breach within a maximum period of fifteen (15) days, by registered letter with acknowledgment of receipt.
If, at the end of the fifteen (15) calendar-day period, the breach has not been or could not be remedied, the other Party may terminate the Services by operation of law, by registered letter with acknowledgment of receipt, without prejudice to any damages to which it may be entitled.
Except in the case of termination of the Services for breach by the Provider of its obligations, it is agreed between the Parties that the Client remains liable for all amounts due in connection with the Services until the normal end of the Services (whether the Initial Term or a Renewed Period).
C. Consequences of Termination
In the event of expiration or termination of the Services for any reason, the Provider undertakes to perform the data portability services set out in the "Data Portability" article.
Upon termination of the Services for any reason, the License granted by the Provider hereunder will be automatically terminated, and the Parties shall promptly return to each other, without further formalities, all documents of any nature in their possession belonging to the other Party (including the Documentation, as applicable).
In all cases, and unless the Client requests application of the "Data Portability" article of these GTS, the Provider will delete the Data three (3) weeks after the effective date of termination of the Services, unless required by law to retain it longer.
Article 5. Terms of Use and Implementation of the Services
A. Rights of Use of the Solution and Services
In consideration of payment of the price of the Services, the Provider grants the Client, on a non-exclusive, personal, non-assignable, and non-transferable basis, a right of access to and use of the Solution and its Documentation, by its Users, under the conditions and for the duration of these terms.
The DIGILAB Solution is strictly reserved for internal professional use by dental laboratories and prosthetics manufacturing facilities, within the scope of their design, manufacturing, and management activities relating to prosthetics. It is strictly prohibited to use DIGILAB to create, operate, or feed, directly or indirectly, matchmaking or intermediary platforms between Practitioners and prosthetics laboratories, when such use is carried out by a Client outside the strict framework of using the Solution and Services as provided for and authorized by these General Terms of Service.
The Solution will be used by the Client under its sole control, direction, and responsibility. The Client guarantees that Users will comply with these terms.
The Client undertakes not to (i) resell, sublicense, rent, share, or make the Solution and Services available to any unauthorized third party in any manner without the prior written consent of the Provider; (ii) illegally access, disrupt the integrity or performance of the Solution or the data it contains; (iii) reverse engineer the Solution.
Any non-compliant use, as well as any attempt to misuse the Solution for such purposes, will result in the immediate suspension or deactivation of access to the Solution, without prior notice or right to compensation.
B. Terms of Service Provision
The Services are provided within an infrastructure using the Provider's resources.
The Provider may, at any time, modify the Solution and/or the Services, or change the manner in which the Services are provided, provided that this does not result in a substantial regression in the performance and functionality of the Services, unless required to correct an Anomaly.
The Client acknowledges having been informed by the Provider of all technical requirements necessary for the optimal operation of the Services, as set out in Annex 1. The Client is further informed that these requirements may evolve, particularly for technical reasons.
The Client is solely responsible for access to the Services; it is their responsibility to take all measures necessary to maintain such access. The Provider is released from all liability in the event of inability to access the Services due to an event beyond its control.
The Client undertakes not to allow unauthorized persons to access the Services and must ensure that each authorized person complies with these GTS.
C. Service Validation
The Services will be subject to a Test Phase, the duration of which shall be agreed between the Parties, but may not exceed fourteen (14) days.
During this Test Phase, the Provider grants the Client limited access to the Solution for one hundred (100) cases.
At the end of the Test Phase — either upon expiration of the fourteen (14)-day period or upon reaching the threshold of one hundred (100) processed cases, whichever occurs first — the Client must subscribe to a paid plan in order to continue accessing the Solution and Services.
In the absence of such subscription, access to the Solution and Services will be automatically suspended without prior notice until the Client actually subscribes to a paid plan.
D. Access to Services – Availability
The Provider guarantees access to the Services and their performance in accordance with the SLA provisions in Annex 3.
The Solution is normally accessible 24 hours a day, 7 days a week, except:
- periods of unavailability related to maintenance operations necessary for the proper functioning of the Solution;
- periods of unavailability resulting from a force majeure event or an event outside the Provider's control, such as incidents, bugs, or failures that may affect applications available online or Internet access;
- periods of unavailability, degradation, or interruption of the Services attributable, directly or indirectly, to the API interfaces, data feeds, cloud platforms, or services operated by intraoral scanner manufacturers or any other third-party provider on which the Services depend, including in the event of modification, suspension, restriction of access, unavailability, deletion, or technical changes decided by such third parties.
The periods of unavailability referred to above are not taken into account in the calculation of the guaranteed availability rate under the Service Levels defined in Annex 3, and do not give rise to any penalty, credit, or compensation.
Where technically feasible, the Provider will endeavor to notify the User of any interruption as promptly as possible and by any means.
Users access the Services, for each use, using Credentials from any desktop or laptop computer, tablet, or smartphone.
The Client is however informed that connection to the Services is made via the Internet network. The Client is accordingly advised of the technical hazards that may affect this network and cause slowdowns or unavailability making connection impossible. The Provider cannot be held liable for difficulties in accessing the Services due to disruptions to the Internet network.
Credentials are assigned to each User. The Client must ensure that its Users maintain the confidentiality of Credentials. Credentials may only be used to provide access to the Services for Users authorized by the Client, in order to ensure the security of Client Data.
The Client is solely responsible for the use, and any potential loss or misappropriation of Credentials. The Client must promptly notify the Provider if it discovers a security breach related in particular to the voluntary disclosure or misappropriation of Credentials, so that the Provider may promptly take all appropriate measures to remedy the security breach.
In the event of loss or misappropriation of Credentials, the Provider reserves the right to close or suspend the relevant account, without any liability on its part.
Access to the Services may be temporarily interrupted, without compensation, for operational reasons related to the Services — including to perform maintenance on the Solution or the Provider's servers. In such cases, the Client will be notified by any means at least twenty-four (24) hours in advance.
In the event of a security breach identified by the Provider that is likely to seriously compromise the security of the Services and/or Data, the Provider may proceed, without prior notice, with a temporary interruption of the Services in order to remedy the security breach as quickly as possible.
In the event of a proven or suspected breach by the Client of its obligations set out above, the Provider may take all measures it deems necessary, including in particular the immediate suspension without prior notice of access to the Solution, without any liability on the Provider's part under any circumstances.
Article 6. Obligations of the Parties
A. Provider's Obligations
The Provider undertakes to make the Solution available to the Client and to provide the Services to the Client, in accordance with these provisions and professional standards of practice, from the date the Services are made available, within the framework of a best-efforts obligation.
In this context, the Provider undertakes to:
- provide the Services in compliance with the Service Levels (SLA) defined in Annex 3;
- assign qualified and competent personnel to the performance of the Services.
B. Client's Cooperation Obligation
In addition to the obligations relating to the use of the Solution and Services and the payment obligations set forth herein, the Client undertakes to cooperate with the Provider and to provide or ensure access to all information and elements that the Provider may reasonably need in order to fulfill its obligations hereunder.
The Client undertakes to use the Services in compliance with applicable laws and regulations.
Article 7. Intellectual Property
A. Ownership Rights and Use of the Solution
The Solution and the associated Documentation are and remain the property of the Provider or its licensors.
The Provider warrants that it is the author or holder of the exclusive rights to exploit the Solution in accordance with the provisions of intellectual property law. The Provider retains all intellectual property rights relating to the Solution and to the confidential information it owns.
Accordingly, the Client understands and acknowledges that the License granted hereunder does not carry any transfer of ownership to its benefit. The Client is prohibited from infringing upon the Solution in any manner whatsoever, including in particular from using the Solution in a manner inconsistent with its professional purpose and with the conditions set forth herein.
The Parties mutually agree to recognize and respect each other's intellectual property rights.
This Article shall survive the termination or expiration of these terms for any reason.
B. Non-Infringement Warranty
The Provider warrants that it holds all intellectual property rights necessary to provide the Solution and that, to the best of its knowledge, such rights do not infringe the intellectual property rights of any third party.
The Provider indemnifies the Client against any third-party claim on the grounds of infringement resulting from the Client's use of the Solution.
Accordingly, the Provider shall bear all damages, costs, and expenses to which the Client may be ordered by a final court judgment.
If, as a result of such a claim, the Client is prevented from using the Solution, the Provider shall, at its own expense, take one of the following measures, which it considers most appropriate, as the Client's sole and exclusive remedy:
- Obtain the right for the Client to use the Solution in accordance with these terms;
- replace or modify the Solution so as to avoid such action while maintaining an equivalent level of functionality and relevance;
- refund to the Client the amounts paid by the Client hereunder, proportional to the period during which the Services could not be performed pursuant to this Article.
Article 8. Maintenance and Support
The Provider provides maintenance and support services for the Solution under the terms and conditions expressly and exhaustively set out in Annexes 1 and 2.
Article 9. Data
A. Data Ownership
The Client is the sole holder of rights over the Data that may be processed by the Provider in connection with the Services.
The Client grants, as necessary, to the Provider and its potential subcontractors a non-exclusive, worldwide, royalty-free, assignable license permitting in particular the access, hosting, use, and copying of said Data for the purposes of performing the Services.
This license will automatically terminate upon cessation of these terms, unless continued hosting and processing of the Data is necessary, particularly in connection with the implementation of Data Portability operations.
The Provider reserves the right to use Data derived from the Client's use of the Solution and Services, in strictly anonymized form, for the purpose of producing statistics, analyses, or studies intended to improve the performance, quality, and functionality of the Solution and Services. Such processing is carried out in compliance with Applicable Regulations, and in no event allows the direct or indirect identification of the Client or its Users.
The Client declares and warrants that it holds all authorizations necessary to use the Data in connection with the Services and that it may freely grant a license thereon under the terms above to the Provider and its potential subcontractors. The Client further declares and warrants that in creating, installing, or uploading Data in connection with the Services, it does not exceed any rights that may have been granted to it over all or part of the Data, and that it does not infringe any third-party rights.
The Client undertakes to ensure that Users do not enter or communicate, in connection with use of the Solution, any Personal Data, sensitive data, confidential data, or data protected by trade secrets.
It is the Client's responsibility to implement the internal controls and guidelines necessary to prevent any unauthorized entry or transmission of such Data. The Provider shall not be held liable for any involuntary or inappropriate processing resulting from the transmission of such Data by the Client or its Users in violation of these provisions.
The Client will ensure not to communicate, in connection with use of the Services, any Data that would require the Provider to comply with specific laws or regulations other than those applicable to the normal provision of the Services.
The Client undertakes to indemnify the Provider for all financial consequences that the Provider may incur as a result of a breach by the Client of the above warranties concerning the Data.
B. Security
The Provider undertakes to perform the Services in compliance with the security document set out in Annex 2.
C. Personal Data
In connection with the provision of the Services, the Parties undertake to comply with all obligations arising from any applicable legislation relating to the protection of personal data, in particular those derived from the French Act of January 6, 1978, as amended, relating to Information Technology, Data Files, and Civil Liberties (loi du 6 janvier 1978), and, since May 25, 2018, from Regulation EU/2016/679 of April 27, 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data ("Applicable Regulations").
In connection with the Services, the Provider acts as Data Processor within the meaning of the Applicable Regulations. The conditions relating to the processing carried out in this context are described in the Personal Data protection document (Annex 4).
With respect to Personal Data collected and processed by each Party for its own account for administrative management purposes under these terms, each Party acknowledges that it processes such data in its capacity as Data Controller within the meaning of the GDPR and undertakes, in that capacity, to comply with all obligations incumbent upon it.
The Provider shall in no event be held liable for the Client's failure to comply with its legal or contractual obligations with respect to any Personal Data that may be entered into the Solution by the User.
This Article shall survive the termination or expiration of these terms for any reason.
Article 10. Pricing
The applicable rates are those in force online on the website (https://digilab.dental) at the time of subscription to the Services, expressed in the currency of the relevant country, and determined based on the type of plan subscribed to by the Client and any case overages.
Prices may be revised at the Provider's initiative.
Payment is made online at the time of subscription and then automatically at each billing date, by automatic debit from the payment method provided by the Client. By providing their banking details, the Client expressly authorizes the Provider to debit the amounts due for the Services.
Invoices are issued and transmitted to the Client in electronic format. In the event of a dispute regarding an invoice, payment of the disputed invoice remains due. If the dispute is upheld, a credit will be issued to the Client as promptly as possible.
Article 11. Warranties
The Provider warrants that the Services conform to its Documentation.
The Provider does not warrant that the Services are free from all defects or hazards, and undertakes to remedy only the Anomalies detected in accordance with Annex 3.
Conformity of the Services shall not be extended to any other express or implied warranty with respect to the Services, including in particular any implied warranty of merchantability or fitness of the Solution for a particular objective or result that the Client may have set for itself and/or to perform particular tasks that motivated its decision to subscribe to the Services. The Provider does not warrant that the functionality of the Services, including the Solution, will meet the Client's requirements.
To the extent permitted by law, all warranties other than those expressly set out herein are expressly excluded.
Article 12. Liability
The Provider shall in no event be held liable for indirect damages suffered by the Client that may arise from or in connection with the performance of these terms and their consequences. Indirect damages include in particular, without limitation, loss of earnings or profits, loss of opportunity, commercial damages, loss of Data, notwithstanding the fact that the Provider may have been advised of the likelihood of their occurrence.
In the event that the Provider's liability is established as a result of a breach by the Provider of its contractual obligations, the total cumulative compensation, for all causes combined, including principal, interest, and costs, to which the Client may be entitled, shall be limited to the direct and foreseeable damages suffered by the Client, and may not exceed an amount equal to the amounts paid by the Client to the Provider for the Services during the six (6) months preceding the event giving rise to the Provider's liability.
The liability of the Parties may not, however, be excluded or capped in the event of personal injury or damages caused by fraud or gross negligence.
In any event, the Provider's liability shall in no event be incurred in the event of:
- use of the Services in a manner not provided for in the Documentation and/or not expressly authorized by these terms or the Documentation;
- modification of all or part of the Solution and Services without the Provider's consent by the Client or a third party;
- continued use of all or part of the Solution and Services when the Provider had recommended suspending use;
- use of the Solution and Services in an environment or configuration that does not comply with the Provider's technical requirements, or in connection with third-party programs or data not expressly approved by the Provider;
- occurrence of any damage resulting from an act or negligence of the Client, or that the Client could have avoided by following the Provider's recommendations;
- use in connection with the Solution and Services of programs not provided or approved by the Provider that may affect the Solution, Services, or Client Data.
Article 13. Confidentiality
Unless expressly stated otherwise by the disclosing Party, all information, data, documents, deliverables, and/or know-how of any nature communicated by one Party to the other in connection with the performance of these terms, as well as the terms hereof, shall be considered confidential (the "Confidential Information"). Furthermore, the Parties undertake not to make any use of information gathered during pre-contractual negotiations or in connection with the performance of these terms in any manner that could cause harm to the other Party.
This undertaking remains in force for the duration of these terms, and for a period of five (5) years from their termination or expiration, for any reason.
Information shall not be considered Confidential Information if it (i) was in the possession of the receiving Party prior to its disclosure by the other Party, without such possession resulting directly or indirectly from unauthorized disclosure of such information by a third party; (ii) is in the public domain at the time of its disclosure or subsequently enters the public domain through no fault of the receiving Party; (iii) was legitimately obtained from a third party without breach of any confidentiality obligation.
To the extent permitted by law, the Parties undertake to return or destroy, according to the other Party's instructions, all Data and Information upon request from the relevant Party, within a maximum period of fifteen (15) days from receipt of the request.
This Article shall survive the termination or expiration of these terms for any reason.
Article 14. Data Portability
In the event of expiration and/or termination of the Services, the Client has until the end of the Data retention period provided for under the subscribed plan to retrieve the Data accessible through the Solution's features.
Article 15. Governing Law and Jurisdiction
These GTS and any dispute arising therefrom shall be governed by and construed in accordance with French law.
In the event of a dispute arising between the Provider and the Client concerning the validity, performance, nullity, or interpretation of these terms, the Parties undertake to cooperate diligently and in good faith with a view to finding an amicable resolution.
If, however, no agreement is reached within a reasonable time, only the courts within the jurisdiction of the Paris Court of Appeal shall have jurisdiction, even in the event of multiple defendants, warranty claims, or emergency proceedings.
These GTS are drafted in French and any translation into a foreign language is provided for informational purposes only; the French version shall be the sole legally binding version.
Article 16. Miscellaneous Provisions
A. Entire Agreement
These GTS supersede and replace all prior discussions, negotiations, and/or agreements that may have existed between the Parties concerning the same subject matter and the same Services.
B. Headings
The headings of paragraphs and articles of the GTS are inserted for ease of reading and may in no event be used to guide their interpretation.
C. Partial Invalidity
If one or more provisions of the GTS are held, rendered, or declared invalid by reason of a law, regulation, or decision of a competent court, the Parties shall consult with each other to agree on one or more replacement provisions that allow the original clause(s) to be achieved to the extent possible. All other provisions of the GTS shall retain their full force and effect.
D. Non-Waiver
The failure of either Party to invoke a breach by the other Party of any of its obligations shall not be construed as a waiver of the obligation in question or as an amendment to these terms, and shall not prevent the non-defaulting Party from invoking such breach in the future.
E. Force Majeure
Only events that are unforeseeable and unavoidable, and that prevent either Party from partially or fully performing its obligations under these terms (as defined in article 1218 du Code civil and the case law of the Cour de cassation), shall be expressly considered as force majeure events. The Provider and the Client agree that internal labor disputes within their respective companies and/or their subcontractors do not constitute a force majeure event within the meaning of this article.
In the event of a force majeure event, the obligations assumed under the GTS shall be suspended for the duration of such event. The Party invoking a force majeure event must notify the other Party immediately upon its occurrence. Should the effects of the force majeure event exceed one (1) month, either Party may terminate the Services by operation of law and without prior formal notice, subject to a minimum notice period of one (1) month.
F. Insurance
Each Party declares that it has taken out and will maintain with a reputable and solvent insurance company a policy covering the consequences of its Professional and General Civil Liability.
G. Notices
Unless otherwise stipulated, notices shall be sent by registered letter with acknowledgment of receipt. Any notice shall take effect from the date of its first presentation.
H. Amendments
The Provider reserves the right to amend these GTS and their Annexes at any time, provided that such amendments do not result in a substantial reduction of the Client's rights. Any amendment will be brought to the Client's attention by any means the Provider deems appropriate. The amended GTS will enter into force on the date specified in the notice sent to the Client.
Annex 1 – Description of the Solution and Services and Technical Requirements
General Overview
DIGILAB is a web-based software platform for dental prosthetics laboratories and dental practitioners, enabling centralized management of digital orders from intraoral scanners.
The Solution unifies access to orders from multiple cloud platforms of dental scanner manufacturers within a single interface, facilitating the management, traceability, and processing of digital cases.
DIGILAB is accessible via a secure web browser and relies on a cloud infrastructure hosted on Google Cloud.
1. Core Software Functions
The DIGILAB Solution enables in particular:
- Automatic centralization of digital orders from various intraoral scanner brands;
- Viewing and downloading of orders and associated files (STL, PLY, images, complete archives);
- 3D visualization of digital impressions directly from the web interface;
- Full management of the production cycle, including: validation, scheduling, modeling, manufacturing, shipping;
- Order tracking and traceability with activity history and timeline;
- Management of production statuses by treatment type (prostheses, surgical guides, aligners);
- Integrated communication via discussion spaces between dentists and laboratories;
- Creation and modification of orders;
- Laboratory and user management;
- Automatic generation of documents, including: purchase orders, declarations of conformity, QR code labels, invoices;
- Data export (including Excel format);
- Integration with third-party dental CAD software and laboratory management software;
- Customization of the interface with the laboratory's colors and logo (depending on plan).
The platform enables the management of various types of dental treatments: dental prostheses, surgical guides, and alignment trays.
Modules and Options Available by Plan
BASIC Plan
Allows:
- order viewing;
- basic search and filters;
- file downloads;
- 3D scan visualization;
- integration with third-party software.
ESSENTIAL Plan
Includes all BASIC features plus:
- advanced order management;
- order modification and creation;
- custom filters and views;
- collaborative discussion spaces;
- laboratory graphic customization;
- automatic document generation;
- production status management;
- data exports;
- advanced user and laboratory management;
- comprehensive traceability tools.
Optional Module: DL Desktop
Software module installable on a Windows workstation enabling:
- automatic local retrieval of DIGILAB orders;
- automatic file downloads;
- automatic generation of EXOCAD-compatible exports (.dentalProject);
- automatic file organization on the user's workstation;
- direct opening of cases in CAD software.
2. Associated Services
Technical Support
Provision of a Frequently Asked Questions (FAQ) section accessible online. Provision of an assistance chatbot accessible from the DIGILAB interface. Access to a ticketing platform allowing users to submit technical support requests, report anomalies, and track the processing of incidents by the DIGILAB team.
Training
Online onboarding program in video format, enabling progressive adoption of the DIGILAB Solution, including in particular: initial account configuration, connection to scanner platforms, order management, production tracking, and use of key features.
Maintenance and Updates
The DIGILAB Solution benefits from regular application updates, continuous functional improvements, security patches, and cloud infrastructure maintenance. The infrastructure undergoes automatic daily backups, continuous technical monitoring, and data and communications encryption.
3. Technical Requirements
Minimum Configuration for Accessing the Web Solution
Compatible browsers:
- Google Chrome (recommended)
- Microsoft Edge
- Any Chromium-based browser
Compatible operating systems:
- Windows 10 or later
- Recent version of macOS
- Linux
Internet connection: Broadband connection recommended, minimum advised speed: 5 Mbps
Hardware: Standard computer capable of displaying 3D models. Recommended screen resolution ≥ 1920×1080 for optimal comfort.
Requirements for the DL Desktop Module
- Windows 10 or Windows 11
- Intel Core i3 processor or equivalent minimum
- 4 GB of RAM minimum (8 GB recommended)
- 500 MB of disk space minimum
- Authorized access to local storage folders
- Stable Internet connection
Integration Requirements
To function correctly, the laboratory must have an active cloud account with compatible intraoral scanner manufacturers, including: 3Shape, Medit, Dexis, Shining 3D, 3Disc, iTero, Alliedstar (AS Connect), Panda / Freqtek, DScore, as well as the necessary access to any third-party software used (CAD or laboratory management software).
DIGILAB offers assistance in configuring these connections.
Annex 2 – Security Document
1. Technical Security Measures
1.1 Data Protection
The Solution relies on a secure cloud infrastructure hosted on Google Cloud Platform (GCP), located within the European Union, in GCP regions europe-west9-a (Paris), europe-west4-a (Netherlands), and europe-west1 (Belgium).
Data Encryption
- All communications with the DIGILAB platform are secured via the HTTPS (TLS) protocol, with SSL certificates issued by Google Cloud or the Caddy server.
- User passwords are never stored in plain text and are protected by a strong hashing algorithm (bcrypt).
- Credentials required to connect to dental scanner platforms are encrypted using an AES algorithm prior to storage.
- Data stored on Google Cloud virtual machines benefits from native at-rest encryption via encryption keys managed by Google.
Secure Storage
- Application data is stored in a MongoDB database isolated within the cloud infrastructure.
- Network access to the database is restricted by IP filtering, allowing only necessary internal services.
- A migration to MongoDB Atlas (a secure managed service) is underway to further strengthen security mechanisms and high availability.
Backups
- Virtual machines undergo automatic daily backups (daily snapshots).
- Backups are managed by the Google Backup and Disaster Recovery service.
- Automatic restart mechanisms allow for rapid service restoration in the event of an incident.
Certification and Hosting
The infrastructure relies on Google Cloud Platform, a provider holding numerous international security certifications (ISO 27001, ISO 27017, ISO 27018, HDS). Google Cloud Platform is also SOC 2 and SOC 3 certified.
The DIGILAB platform processes data that may qualify as health data within the meaning of article L.1111-8 du Code de la santé publique.
1.2 Access Control
Authentication
- Access to the DIGILAB platform requires authentication by username and password.
- Auto-login mechanisms between the various DIGILAB applications are secured server-side.
- Passwords are stored exclusively in hashed form.
Permission Management
- Users have access only to orders and data associated with their laboratory.
- Role separation limits access to authorized administrators.
Administrator and Infrastructure Access
- Access to virtual machines is performed exclusively via individual SSH keys.
- Access is restricted to authorized accounts.
- Google Cloud service accounts have restricted API permissions following the principle of least privilege.
1.3 Network and Infrastructure Security
Secure Architecture
- The DIGILAB infrastructure is distributed across several isolated services: application services, Cloud Run functions, databases, and third-party integration servers.
- Critical services use fixed IPs and VPC connectors to limit public exposure.
Network Protection
- Google Cloud firewall rules restrict incoming traffic to necessary ports (HTTP/HTTPS).
- The MongoDB database is protected by IP address filtering.
- Inter-service communications are routed through secure internal networks.
Monitoring and Logging
The services use Google Cloud Logging and Monitoring (Stackdriver / Google Cloud Operations) for: event logging, performance tracking, and anomaly detection. VM integrity monitoring is enabled.
System Protection
VMs benefit from an enabled vTPM module, integrity monitoring, automatic migrations during host maintenance events, and automatic restart in the event of failure.
Application Protection
The DIGILAB infrastructure relies on a hybrid architecture combining serverless services (Cloud Run, Firebase Hosting) and GCP Compute Engine virtual machines. Application containers are built from maintained base images and benefit from the integrated security mechanisms of the GCP platform (isolation, sandboxing, gVisor). This serverless architecture makes the deployment of a traditional third-party antivirus on runtime environments unnecessary.
Security Controls
DIGILAB may perform or commission vulnerability scans and/or security tests at a frequency adapted to the level of risk and the evolution of the Solution, without guaranteeing exhaustive coverage, and will implement reasonable corrective actions based on criticality.
Maintenance and Updates
Systems, dependencies, and application images are regularly updated to remediate known vulnerabilities. Application deployments follow a continuous delivery process (CI/CD) that includes quality and security controls.
2. Operational and Organizational Measures
2.1 Security Incident Management
DIGILAB applies an incident management process comprising:
- detection via cloud monitoring tools;
- technical analysis of the incident;
- isolation of the affected service if necessary;
- data restoration via backups;
- correction and deployment of a patch;
- traceability of actions taken.
In the event of a security incident affecting data, DIGILAB undertakes to notify the client within a maximum of 72 hours after becoming aware of the incident, in accordance with applicable regulatory obligations (including GDPR).
2.2 Business Continuity and Disaster Recovery Plan
To ensure service continuity:
- application components are distributed across multiple independent cloud services;
- daily backups enable rapid restoration of environments;
- instances have automatic restart capabilities;
- the Google Cloud infrastructure guarantees high hardware and network availability;
- services can be rapidly redeployed via Docker containers and managed services (Cloud Run, Firebase Hosting).
These measures serve to minimize service interruptions and ensure operational recovery in accordance with the following objectives:
- Recovery Point Objective (RPO): 24 hours.
- Recovery Time Objective (RTO): 24 to 48 hours depending on the nature of the incident.
2.3 Data Retention and Deletion
Data relating to user accounts is retained for the entire duration of the contractual relationship. Data relating to user orders is retained according to the plan chosen:
- BASIC: 21 days
- ESSENTIAL: 8 weeks (56 days)
2.4 Personal Data Protection
The processing of personal data carried out in connection with the use of the DIGILAB platform is governed by a specific annex entitled "Data Protection – GDPR (DPA)" incorporated into the General Terms of Service.
3. Security Contacts
The designated contacts for matters relating to the security of the DIGILAB platform are:
- Contractual contact: Mickael ANOUFA – mickael.anoufa@digilab.dental
- Technical security contact: Mickael ANOUFA – mickael.anoufa@digilab.dental
Annex 3 – Service Levels
1. Solution Availability
1.1 Availability Rate
The Provider undertakes to ensure a monthly availability of the DIGILAB Solution of 99.5% of the time on business days (excluding public holidays), Monday through Friday from 09:00 to 18:00 (CET).
Availability corresponds to the ability for authorized users to:
- access the DIGILAB platform;
- view orders;
- download associated files;
- use the main features of the service.
Excluded from the availability calculation:
- scheduled maintenance windows;
- interruptions related to a force majeure event;
- failures of the Client's Internet networks or equipment;
- unavailability resulting from third-party services or external scanner platforms.
1.2 Scheduled Maintenance
Maintenance operations may be carried out to ensure: application updates, security patches, and cloud infrastructure evolution.
Applicable conditions:
- prior notification at least 24 hours before the intervention;
- preferential scheduling outside business hours when possible;
- communication of a post-incident report within 3 business days (excluding public holidays) in the event of a major incident.
1.3 Recovery Objectives
The DIGILAB infrastructure benefits from backup and recovery mechanisms meeting the following objectives:
- RPO (Recovery Point Objective): maximum 12 hours (maximum data loss in the event of a major incident)
- RTO (Recovery Time Objective): maximum 5 hours (target service restoration time)
2. Performance and Anomaly Management
2.1 Anomaly Classification
Blocking Anomaly (Critical)
Includes in particular: complete inability to access the DIGILAB platform; general service unavailability; loss or corruption of data preventing normal use.
Major Anomaly
Includes in particular: failure to automatically receive orders from scanners; malfunction affecting an essential feature without complete service outage.
Minor Anomaly
Includes in particular: display issue; interface anomaly; incomplete information or non-blocking behavior of the platform.
2.2 Response Commitments
The Provider undertakes to acknowledge receipt of Client requests within the following timeframes (business hours, excluding public holidays):
| Anomaly Level | Response Time |
|---|---|
| Blocking | 4 business hours |
| Major | 8 business hours |
| Minor | 24 business hours |
2.3 Resolution Commitments
| Anomaly Level | Target Resolution Time |
|---|---|
| Blocking | 24 business hours (excluding public holidays) |
| Major | 7 business days (excluding public holidays) |
| Minor | 15 business days (excluding public holidays) |
Resolution timeframes are understood as a reasonable objective for correction or the implementation of a workaround solution.
2.4 Anomaly Reporting and Tracking Procedure
Anomalies may be reported via email: support@digilab.dental.
Each report is logged, classified by severity, and tracked until closure. The Client undertakes to provide all information necessary to reproduce the anomaly.
3. Support and Assistance
3.1 Contact Methods
DIGILAB technical support is accessible by:
- Email: support@digilab.dental
- Ticketing portal integrated into the platform
- DIGILAB assistance chatbot
3.2 Support Hours
Technical support is provided Monday through Friday, from 09:00 to 17:00 (CET), excluding public holidays. Requests are prioritized according to the severity level of the anomaly.
4. Service Credits
4.1 Principle
In the event of a proven failure to meet the availability commitments defined in this annex, the Client may request a service credit. Credits take exclusively the form of a credit applied against a future DIGILAB invoice. Service credits represent DIGILAB's sole liability and the Client's exclusive remedy in the event of non-conformity of the Services provided with the Service Levels.
4.2 Cap
The total amount of service credits granted may not exceed an amount equal to the amounts paid by the Client for the Services during the month preceding the event giving rise to the Provider's liability.
4.3 Eligibility Conditions
Any credit request must:
- be submitted in writing within 30 days following the incident;
- include the elements necessary to establish the alleged breach.
Annex 4 – Personal Data Processing
For purposes of these terms, the following definitions apply:
Personal Data: means any information relating to an identified or identifiable person, directly or indirectly, in particular by reference to an identification number or to one or more specific elements pertaining to them. "Client Personal Data" means data communicated by the Client to the Provider as well as data collected, produced, or otherwise Processed by the Provider in connection with the performance of the Agreement.
Processing: means any operation or set of operations applied to Personal Data, whether or not by automated means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or any other form of making available, alignment or combination, as well as restriction, erasure, or destruction.
The terms "Data Subjects", "Data Controller", and "Data Processor" have the meanings given to them in Article 4 of the GDPR.
A) General Provisions
The Parties acknowledge that for the Processing operations carried out in connection with the performance of the Agreement, the Client acts as Data Controller and the Provider as Data Processor. As Data Processor, the Provider undertakes to:
- Process Personal Data solely for the purposes covered by the subprocessing arrangement;
- Process Personal Data in accordance with the Client's documented instructions. If the Provider considers that an instruction constitutes a violation of Applicable Regulations, it will immediately inform the Client;
- Ensure the confidentiality, security, and integrity of the Personal Data processed hereunder;
- Ensure that persons authorized to process Personal Data comply with Applicable Regulations;
- Inform the Client of any potential transfer of Personal Data outside the European Union, or to a country without an adequate level of protection, and ensure that such transfer and/or hosting is carried out to countries that ensure a sufficient level of Data protection;
- The Provider has a general authorization to engage another subprocessor (hereinafter, the "sub-subprocessor") to carry out specific processing activities. In the event of the addition or replacement of a sub-subprocessor, the Provider informs the Client in advance and in writing; the Client has one (1) month from the date of receipt of such information to raise any objections;
- Right to inform Data Subjects: It is the Client's responsibility to provide information to Data Subjects regarding the processing operations at the time of collection of Personal Data;
- Exercise of data subject rights: To the extent possible, the Provider will assist the Client in fulfilling its obligation to respond to requests from data subjects to exercise their rights. When data subjects submit such requests directly to the Provider, the Provider will forward them to the Client within seventy-two (72) hours of receipt;
- Notification of personal data breaches: the Provider notifies the Client of any Personal Data breach within a maximum of 72 (seventy-two) hours after becoming aware of it, by email to the address made available by the Client for this purpose;
- DPIA: to the extent possible, the Provider will assist the Client in carrying out data protection impact assessments;
- Fate of Personal Data: Upon termination of these terms, the Provider undertakes to destroy all Personal Data, unless otherwise required by law.
B) Description of Processing
| Category | Description | ||||||
|---|---|---|---|---|---|---|---|
| Services provided | Provision of a SaaS solution and hosting of data transmitted by the client (billing data, identification data, health data) related to the client's activities, maintenance. | ||||||
| Nature of Processing operations | Collection ☑ · Recording ☑ · Use ☑ · Disclosure ☐ · Deletion ☐ · Modification ☐ · Restriction ☐ | ||||||
| Purposes of Processing | Management of orders and files processed by the Client; processing of data relating to patients, practitioners, and partners; storage, hosting, and backup of Client Data. | ||||||
| Categories of Data Subjects | Clients of the Data Controller: Practitioner, Patients ☑ Employees of the Data Controller ☑ Suppliers of the Data Controller ☐ |
||||||
| Categories of Personal Data |
Identification data ☑: User identifying data (practitioners and laboratory employees): last name, first name, email address, postal address, phone number. Patient reference: identification number, or first and last name. Professional life data ☑: Position and professional title, laboratory name. Economic / financial data: Invoices are generated and hosted by Stripe, a third-party payment provider. DIGILAB does not store payment data (credit card, IBAN) or the invoices themselves. Connection data ☑: User connection data. Other ☑: Social security number, photographs, dental impressions, X-rays, scans depending on the work involved. |
||||||
| Special categories of personal data | Yes ☑ — Patient health data | ||||||
| Location of Processing operations | Transfers outside the European Economic Area: No ☑ | ||||||
| Sub-subprocessors |
|
||||||
| Duration of Processing operations | For the duration of the agreement | ||||||
| DPO – Data Processor | dpo@digilab.dental |
Version dated June 25, 2026