Book demo Start trial
Legal

Privacy Policy.

How we handle personal data of website visitors, prospective customers and authorised users of the dentdial service.

Last updated: 26 May 2026 · Version 1.0

This Privacy Policy explains how the company operating dentdial (“we”, “us”) handles personal data when you visit dentdial.ai or use the dentdial service in the role of a customer, prospective customer, or authorised user.

For personal data of patients of our customer practices processed through the dentdial Service, our customer (the practice) is the Data Controller and we act as Data Processor. That processing is governed by our Data Processing Agreement, not this Policy.

Contents

  1. Who we are
  2. Data we collect
  3. How we use it
  4. Lawful basis
  5. Sharing & sub-processors
  6. International transfers
  7. Retention
  8. Security
  9. Your rights
  10. Cookies
  11. Children
  12. Changes
  13. Contact & complaints

1. Who we are

The Data Controller is the UK-registered company operating dentdial. Full operating entity and registered office details are available on request via the contact form.

Our Data Protection contact: our contact form.

2. Data we collect

From website visitors

  • Anonymised analytics (page views, referrer, device type) via privacy-respecting analytics.
  • IP address, in security and rate-limiting logs, retained briefly.
  • Information you submit through forms (name, practice name, email, phone, message).

From prospective customers

  • Contact details, practice information, conversation history relating to your enquiry or demo.
  • Records of demos delivered and proposals sent.

From authorised users of the Service

  • Account details (name, work email, role, practice).
  • Authentication metadata (login times, IP address, multi-factor status).
  • Usage telemetry (features used, dashboard activity, API call counts).
  • Support correspondence.
  • Billing information (handled by our payment processors — we do not store full card numbers).

3. How we use personal data

  • To provide and improve the website and the Service.
  • To respond to enquiries and provide demos.
  • To deliver, support, secure and bill for subscriptions.
  • To send service announcements, security alerts and admin emails.
  • To send marketing emails to business contacts, where lawful.
  • To analyse usage to improve product and reliability.
  • To comply with legal obligations.

4. Lawful basis

  • Contract — to deliver the Service you have signed up for.
  • Legitimate interests — to run a viable business: securing the platform, analytics, business-to-business marketing.
  • Consent — where required, e.g. non-essential cookies and certain marketing.
  • Legal obligation — to comply with tax, accounting, and law-enforcement requirements.

You can object to processing based on legitimate interests at any time — see Section 9.

5. Sharing & sub-processors

We share personal data only where necessary, with vetted vendors under written contracts that bind them to UK GDPR-equivalent protections. Current sub-processors include cloud hosting (AWS, UK region), email delivery, payment processing (Stripe / GoCardless), error monitoring, customer support tooling, and analytics. The full list is available on request from our contact form.

We do not sell personal data. We share with law enforcement only where legally compelled.

6. International transfers

We store all customer and patient-related data in the UK. Some operational tooling (e.g. error monitoring) may briefly process metadata outside the UK under appropriate safeguards — Standard Contractual Clauses with the UK International Data Transfer Addendum, or adequacy where available.

7. Retention

  • Website analytics — aggregated indefinitely; identifiable logs ≤ 30 days.
  • Enquiries and demo records — up to 24 months after last contact.
  • Account and billing records — for the duration of the contract plus 7 years (tax).
  • Support tickets — 24 months.
  • Customer Data (patient-related) — per the DPA and your retention configuration.

8. Security

We employ industry-standard technical and organisational measures including encryption at rest (AES-256) and in transit (TLS 1.3), role-based access control, multi-factor authentication, audit logging, regular vulnerability scanning, dependency monitoring, secure software development practices, and staff confidentiality undertakings. See our security page for more.

9. Your rights

Under UK GDPR you have the right to: be informed; access your data; rectify inaccurate data; have data erased in certain circumstances; restrict processing; data portability; object to processing; and not be subject to solely automated decisions with legal effect. To exercise any right, email our contact form. We respond within one month.

10. Cookies

We use the minimum cookies needed to operate the website and (with your consent) to understand how it is used. See our Cookie Policy for a full list.

11. Children

The Service is sold to dental practices and used by their authorised staff. The website is not intended for children. We do not knowingly collect personal data from anyone under 16 through this website.

12. Changes

We will post any changes to this Policy here and update the “Last updated” date. Material changes affecting how we use your data will be notified to account holders by email at least 30 days in advance.

13. Contact & complaints

Email our contact form with any questions or to exercise your rights. If you are unhappy with our response, you have the right to complain to the Information Commissioner’s Office (ico.org.uk, 0303 123 1113).