Privacy Policy

Dentelyx is a software service provider that helps dental clinics recover missed patient enquiries via automated SMS follow-ups and CRM integration. For the purposes of data protection law, Dentelyx acts as a data controller in respect of information collected through this website and as a data processor in respect of patient enquiry data processed on behalf of clinic partners.

We may collect the following categories of personal information:

**Website visitors:** IP address, browser type, pages visited, and time spent on our site (via standard server logs).

**Contact form submissions:** Your name, email address, phone number, clinic name, and the content of your message.

**Clinic partner accounts:** Email address, hashed passwords, and clinic association details.

**Patient enquiry data (processed on behalf of clinics):** Name, phone number, enquiry type, registered patient status, and preferred appointment time — provided voluntarily by patients in response to SMS prompts.

We use the information we collect to:

• Respond to enquiries and book demos

• Provide and maintain our services to clinic partners

• Process and log patient enquiry data on behalf of clinics

• Improve our website and services

• Meet legal and regulatory obligations

We do not use your data for unsolicited marketing without your explicit consent.

We process personal data under the following lawful bases:

Legitimate interests: Processing contact form submissions to respond to business enquiries

Contract: Processing data necessary to fulfil our service agreements with clinic partners

Legal obligation: Where required by law

Consent: Where you have explicitly opted in to marketing communications

We do not sell, trade, or rent your personal information to third parties. We may share data with:

Airtable: Patient enquiry data is forwarded to clinic-specific Airtable bases as part of our core service. Each clinic's data is stored in a separate, isolated base.

Twilio: We use Twilio to send and receive SMS messages as part of our service.

Hosting providers: Our website and application are hosted on reputable cloud infrastructure providers.

All third-party processors are bound by appropriate data processing agreements.

We implement industry-standard security measures to protect your personal information, including:

• Encryption of passwords using bcrypt hashing (passwords are never stored in plain text)

• HTTPS/TLS encryption for all data in transit

• HTTP-only, secure cookies for authentication

• Role-based access controls ensuring each clinic can only access their own data

• Input validation and sanitisation to prevent injection attacks

• Regular security reviews

While we take reasonable precautions, no website or internet transmission is 100% secure. We encourage you to use strong, unique passwords for your account.

We retain personal data for as long as necessary to fulfil the purposes outlined in this policy, or as required by law. Contact enquiry data is retained for up to 2 years. Partner account data is retained for the duration of the service agreement and deleted within 30 days of account closure upon request.

Under UK GDPR, you have the right to:

Access** the personal data we hold about you:

Rectify** inaccurate or incomplete data:

Erase** your personal data in certain circumstances:

Restrict** processing of your data:

Object** to processing based on legitimate interests:

Data portability** — receive your data in a structured format:

To exercise any of these rights, please contact us using the details below. We will respond within 30 days.

We use strictly necessary cookies to maintain your login session when accessing the partner or admin portal. These cookies are HTTP-only, secure, and expire automatically. We do not use tracking or advertising cookies.

Our services are not directed at children under the age of 16. We do not knowingly collect personal information from children. If you believe we have inadvertently collected such data, please contact us immediately.

We may update this Privacy Policy from time to time. We will notify clinic partners of material changes via email. The "last updated" date at the top of this page will always reflect the most recent version.

If you have any questions about this Privacy Policy or how we handle your data, please contact us:

**Email:** hello@dente-lyx.com

**Website:** www.dente-lyx.com

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at www.ico.org.uk if you believe your data has been handled improperly.