DentFlow

Legal

Privacy Policy

This Privacy Policy explains how DentFlow ("we", "us", "our") processes personal data when you visit dentflow.com, use our marketing website, or sign up for early access to our dental practice management software. We are committed to protecting your privacy and processing data in accordance with the EU General Data Protection Regulation (GDPR) and applicable national laws.

Last updated: 29 June 2026

1. Data controller

The data controller responsible for processing your personal data in connection with this website is DentFlow. For any questions about this policy or your data, contact us at hello@dentflow.com.

2. Scope of this policy

This policy applies to personal data collected through our public marketing website and early access signup form. It does not govern the DentFlow product platform used by clinics to manage patients — a separate Data Processing Agreement and product privacy terms will apply when you become a customer. This website does not collect patient health data, medical records, or clinic operational data.

3. Personal data you provide

When you submit the early access form, we collect the following information:

  • Full name — to address you personally in communications
  • Email address — to respond to your request and send product updates
  • Language preference (locale) — to communicate in your preferred language
  • Timestamp of submission — to record when you signed up

4. Data collected automatically

When you visit our website, our hosting infrastructure may automatically process technical data required to deliver the site and maintain security. This may include:

  • IP address and approximate location (country/region)
  • Browser type, device type, and operating system
  • Pages visited, date and time of access, and referring URL
  • Server and application logs for error diagnosis and abuse prevention

5. Legal basis for processing

We process personal data only where we have a valid legal basis under Article 6 GDPR:

  • Consent (Art. 6(1)(a)) — when you submit the early access form, you consent to us storing your contact details and contacting you about DentFlow. You may withdraw consent at any time.
  • Legitimate interests (Art. 6(1)(f)) — to operate, secure, and improve our website, prevent fraud, and understand how visitors use our pages. We balance these interests against your rights and expectations.
  • Legal obligation (Art. 6(1)(c)) — where we must retain certain records to comply with applicable law.

6. How we use your data

We use personal data for the following purposes:

  • Processing and responding to your early access request
  • Contacting you about DentFlow launch, onboarding, and product news
  • Sending internal email notifications to our team when a new signup is received
  • Maintaining a waitlist of interested clinics in our email mailbox
  • Improving our website, messaging, and product based on aggregate interest
  • Protecting the security and integrity of our systems

7. Sharing with third parties

We do not sell, rent, or trade your personal data. We share data only with trusted service providers who help us operate this website, and only to the extent necessary:

  • Email delivery providers (e.g. SMTP/mailbox hosting) — to send notification emails when you sign up and to deliver your contact details to our team
  • Cloud hosting providers — to host the website
  • Professional advisers — lawyers or accountants, only if required and under confidentiality obligations
  • Authorities — if required by law, court order, or to protect our legal rights

8. International data transfers

We aim to process early access signups within the European Economic Area (EEA). Signup details are delivered to our team by email and retained in our mailbox. If any of our service providers process data outside the EEA, we ensure appropriate safeguards are in place — such as EU Standard Contractual Clauses or an adequacy decision — in line with Chapter V GDPR.

9. Data retention

We keep personal data only as long as necessary for the purposes described in this policy:

  • Early access signups: in our email mailbox until you withdraw consent, unsubscribe, or request deletion, or for up to 24 months of inactivity — whichever comes first
  • Server logs: typically up to 90 days, unless needed for security investigations
  • Legal and accounting records: as required by applicable law

10. Security measures

We implement appropriate technical and organisational measures to protect personal data, including HTTPS encryption in transit, access controls on our servers, and limiting access to lead data to authorised team members. No method of transmission or storage is 100% secure; if you believe your data has been compromised, please contact us immediately.

11. Cookies and similar technologies

Our marketing website uses only essential cookies required for basic functionality — for example, remembering your language preference. We do not currently use advertising cookies, social media trackers, or third-party analytics (such as Google Analytics) on this site. You can control cookies through your browser settings; disabling essential cookies may affect language selection.

12. Your rights under GDPR

If you are in the EU/EEA, UK, or another jurisdiction with similar protections, you have the following rights regarding your personal data:

  • Right of access — request a copy of the data we hold about you
  • Right to rectification — correct inaccurate or incomplete data
  • Right to erasure — request deletion of your data ("right to be forgotten")
  • Right to restriction — limit how we use your data in certain circumstances
  • Right to data portability — receive your data in a structured, machine-readable format
  • Right to object — object to processing based on legitimate interests
  • Right to withdraw consent — at any time, without affecting prior lawful processing

13. Complaints to a supervisory authority

You have the right to lodge a complaint with a data protection supervisory authority in your country of residence, place of work, or where an alleged infringement occurred. We encourage you to contact us first at hello@dentflow.com so we can try to resolve your concern. A list of EU supervisory authorities is available at edpb.europa.eu.

14. Children's data

Our website and early access program are intended for dental clinic professionals and are not directed at children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

15. Changes to this policy

We may update this Privacy Policy from time to time — for example, when we add new features, change our data practices, or need to comply with legal requirements. We will post the updated version on this page and revise the "Last updated" date. For material changes affecting early access signups, we may also notify you by email where appropriate.

16. Contact us

For privacy questions, data subject requests, or to exercise your rights, email us at hello@dentflow.com. Please include enough detail for us to identify your request and we will respond within one month, as required by GDPR (extendable by two further months for complex requests).