Legal
Privacy Policy
1. Introduction
Dentelyx ("we", "us", or "our") is committed to protecting the privacy of individuals who interact with our website and services. This Privacy Policy explains how we collect, use, store, and share your personal information in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
By using our website or services you agree to the collection and use of information as described in this policy. If you do not agree, please do not use our services.
2. Information We Collect
2.1 Information you provide directly
- Name, email address, phone number, and practice details when you enquire or book a demo
- Account credentials when you register as a partner clinic
- Communications you send to us
2.2 Information collected automatically
- IP address and browser type
- Pages visited and time spent on our website
- Referring website addresses
- Device type and operating system
2.3 Information from dental clinic operations
When you use Dentelyx as a clinic partner, we may process:
- Incoming patient call records and phone numbers
- Patient SMS conversation transcripts
- Appointment enquiry details provided by patients
- Lead and appointment tracking data
In this context, your clinic acts as the data controller of patient data, and Dentelyx acts as a data processor on your behalf.
3. How We Use Your Information
We use the information we collect to:
- Provide, operate, and improve the Dentelyx platform
- Send automated SMS follow-ups to missed callers on behalf of your clinic
- Generate leads and appointment requests in your partner dashboard
- Communicate with you about your account, updates, or support
- Comply with legal obligations
- Analyse platform performance and prevent fraud
We do not sell, rent, or share your personal information with third parties for marketing purposes.
4. Lawful Basis for Processing
We process personal data on the following legal bases under UK GDPR:
- Contract: processing necessary to provide the services you have contracted
- Legitimate interests: improving and operating our platform
- Legal obligation: complying with applicable law
- Consent: where you have given specific consent (e.g. marketing)
5. Data Storage and Transfers
Your data is stored on secure cloud infrastructure. We use third-party providers including but not limited to Twilio (SMS services) and Supabase (database hosting). Data may be processed or stored outside the UK. Where data is transferred internationally, we ensure appropriate safeguards are in place in accordance with UK GDPR requirements.
6. Data Security
We implement industry-standard technical and organisational measures to protect your data, including encryption in transit and at rest, access controls, and regular security reviews. However, no method of transmission over the internet is 100% secure and we cannot guarantee absolute security.
7. Cookies
Our website uses essential cookies to ensure proper functionality. We may also use analytics cookies to understand how visitors use our site. By continuing to use our website, you consent to our use of cookies. You can control cookies through your browser settings.
8. Third-Party Services
We use the following third-party services which may process personal data:
- Twilio: SMS delivery and call event detection
- Supabase: database and backend infrastructure
- Vercel: website hosting
- Calendly: demo booking (where applicable)
Each of these providers has their own privacy policy and data processing agreements. We recommend reviewing their policies for full details.
9. Data Retention
We retain personal data for as long as necessary to provide our services and comply with legal obligations. Lead and patient enquiry data held on behalf of clinic partners is retained in accordance with our data processing agreement with each clinic. You may request deletion of your data at any time (see Section 10 below).
10. Your Rights
Under UK GDPR, you have the right to:
- Access — request a copy of the personal data we hold about you
- Rectification — request correction of inaccurate data
- Erasure — request deletion of your personal data
- Restriction — request that we limit how we use your data
- Portability — request your data in a structured, machine-readable format
- Object — object to our processing of your data
To exercise any of these rights, contact us at qasim@dentelyx.co.uk. We will respond within 30 days. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.
11. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated by updating the date at the top of this page. We encourage you to review this policy periodically.
12. Contact Us
If you have any questions about this Privacy Policy or how we handle your data, contact us at:
- Email: qasim@dentelyx.co.uk