Privacy Policy

Dent Dock is a dental practice management platform operated by Dent Dock Ltd, registered in England and Wales. Our platform is available at dentdock.co.uk and app.dentdock.co.uk.

Contact: hello@dentdock.co.uk

We collect the following categories of data:

Practice account data — practice name, address, phone, email, opening hours and branding preferences provided during onboarding.

User account data — name, email address and role for each staff member added to a practice account.

Patient data — name, date of birth, contact details, appointment history, medical notes, form responses and communication preferences. This data is entered by practice staff or submitted directly by patients via the online booking flow.

Payment data — transaction records, deposit amounts and payment status. Card details are processed directly by Stripe and never stored on Dent Dock servers.

Usage data — how you interact with the platform, including pages visited, features used and error logs. Used to improve the product.

Communications data — SMS messages sent and received via the Inbox feature.

We use data to:

• Provide and operate the Dent Dock platform
• Send appointment reminders and recalls on behalf of dental practices
• Process payments via Stripe
• Provide customer support
• Improve and develop the platform
• Comply with legal obligations

We process data under the following lawful bases under UK GDPR:

Contract — to deliver the service you have signed up for.

Legitimate interests — to improve the platform, prevent fraud and ensure security.

Consent — for marketing communications to waitlist subscribers.

Legal obligation — where required by law.

We share data only with the following third-party processors, all operating under appropriate data processing agreements:

• Supabase — database and authentication. Data stored in EU West 2 (London), UK.
• Stripe — payment processing.
• The SMS Works — SMS delivery. UK-based, UK data residency.
• Resend — transactional email delivery.
• Vercel — platform hosting and edge network.

We do not sell data to third parties. We do not use patient data for advertising.

Practice and user account data is retained for the duration of the subscription and deleted within 90 days of account closure upon request.

Patient data is retained in accordance with CQC guidelines for dental records — a minimum of 10 years for adults, until age 25 for patients treated as children.

All data is stored on Supabase infrastructure in the EU West 2 (London) region. Data does not leave the United Kingdom.

You have the right to:

• Access the personal data we hold about you
• Correct inaccurate data
• Request deletion of your data
• Object to processing
• Data portability
• Withdraw consent at any time

To exercise any of these rights, contact us at hello@dentdock.co.uk. We will respond within 30 days.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

We implement appropriate technical and organisational measures to protect your data, including encryption at rest and in transit, row-level security policies and access controls.

We may update this policy from time to time. We will notify account holders of material changes by email.