Privacy Policy

1. Introduction

SmileConsent ("we", "our", or "us") is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our dental consent management platform.

By using our service, you consent to the data practices described in this policy. If you do not agree with our policies and practices, please do not use our service.

2. Information We Collect

2.1 Personal Information

We may collect the following types of personal information:

• Contact information (name, email address, phone number)
• Professional information (GDC number, practice details, qualifications)
• Practice information (clinic name, address, registration details)
• Patient consent data (when acting as a data processor)
• Payment information (processed securely through Stripe)
• Usage data and analytics

2.2 Technical Information

We automatically collect certain technical information:

• IP address and device information
• Browser type and version
• Operating system
• Pages visited and time spent
• Error logs and performance data

3. How We Use Your Information

We use the collected information for the following purposes:

• Providing and maintaining our dental consent management service
• Processing payments and managing subscriptions
• Communicating with you about service updates and support
• Improving our platform and user experience
• Ensuring compliance with legal and regulatory requirements
• Preventing fraud and ensuring security
• Providing customer support and technical assistance

4. Legal Basis for Processing (GDPR)

Under GDPR, we process your personal data based on the following legal grounds:

• Contract: To provide our services as agreed in our terms
• Legitimate Interest: To improve our services and ensure security
• Legal Obligation: To comply with applicable laws and regulations
• Consent: Where you have given explicit consent for specific purposes

5. Data Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties. We may share your information in the following circumstances:

• Service Providers: With trusted third-party service providers who assist in operating our platform
• Legal Requirements: When required by law or to protect our rights and safety
• Business Transfers: In connection with a merger, acquisition, or sale of assets
• Consent: With your explicit consent for specific purposes

6. Data Security

We implement appropriate technical and organizational security measures to protect your personal information:

• Encryption of data in transit and at rest
• Regular security assessments and updates
• Access controls and authentication measures
• Secure hosting infrastructure (Firebase/Google Cloud)
• Regular backups and disaster recovery procedures
• Staff training on data protection practices

7. Data Retention

We retain your personal information only for as long as necessary to:

• Provide our services
• Comply with legal obligations
• Resolve disputes and enforce agreements
• Maintain business records as required by law

Patient consent data is retained according to dental practice requirements and legal obligations. We will delete or anonymize your data when it is no longer needed.

8. Your Rights (GDPR)

Under GDPR, you have the following rights regarding your personal data:

• Access: Request a copy of your personal data
• Rectification: Request correction of inaccurate data
• Erasure: Request deletion of your personal data
• Portability: Request transfer of your data to another service
• Restriction: Request limitation of processing
• Objection: Object to processing based on legitimate interests
• Withdraw Consent: Withdraw consent where processing is based on consent

To exercise these rights, please contact us using the information provided below.

9. International Data Transfers

Our services are hosted on Google Cloud infrastructure, which may involve data transfers outside the European Economic Area (EEA). We ensure that such transfers comply with GDPR requirements through appropriate safeguards, including Standard Contractual Clauses and adequacy decisions.

10. Cookies and Tracking

We use cookies and similar technologies to:

• Remember your preferences and settings
• Analyze website usage and performance
• Provide personalized content and features
• Ensure security and prevent fraud

You can control cookie settings through your browser preferences. However, disabling certain cookies may affect the functionality of our service.

11. Third-Party Services

Our platform integrates with the following third-party services:

• Stripe: Payment processing (subject to Stripe's privacy policy)
• Firebase/Google Cloud: Hosting and infrastructure
• SendGrid: Email delivery services
• Cloudinary: Media storage and processing

These services have their own privacy policies, and we recommend reviewing them.

12. Children's Privacy

Our service is not intended for children under 16 years of age. We do not knowingly collect personal information from children under 16. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on our website and updating the "Last updated" date. Your continued use of our service after such changes constitutes acceptance of the updated policy.

14. Contact Information

If you have any questions about this Privacy Policy or our data practices, please contact us:

15. Complaints

If you believe we have not addressed your concerns satisfactorily, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) in the UK: