Privacy Policy

Last updated: December 29, 2024

1. Introduction

LendAI Limited (trading as "DentalFlow") ("we", "our", or "us") is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, and protect your personal information when you use our DentalFlow mobile application and related services (the "Service").

This policy complies with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Data Controller

LendAI Limited
Trading as: DentalFlow
Contact: hello@dentalflow.co.uk

3. Information We Collect

3.1 Information You Provide

  • Account Information: Name, email address, and authentication credentials
  • Practice Information: Dental practice name, address, and related business information
  • Inventory Data: Product information, stock levels, supplier details, and transaction records
  • Treatment Kit Data: Custom treatment kit configurations and related inventory items

3.2 Information We Collect Automatically

  • Usage Data: How you interact with our Service, including features used and time spent
  • Device Information: Device type, operating system, unique device identifiers
  • Log Data: IP address, access times, app crashes, and performance data

3.3 Camera and Barcode Data

Our Service uses your device's camera to scan barcodes for inventory management. Images captured are processed locally on your device and are not stored or transmitted to our servers unless you explicitly choose to save product images.

4. Legal Basis for Processing

We process your personal data on the following legal bases:

  • Contract: To provide our inventory management services
  • Legitimate Interest: To improve our Service, ensure security, and provide customer support
  • Consent: Where you have given specific consent for certain processing activities
  • Legal Obligation: To comply with applicable laws and regulations

5. How We Use Your Information

We use your personal information to:

  • Provide and maintain our inventory management Service
  • Process and manage your account registration and authentication
  • Enable real-time inventory tracking and updates
  • Generate stock alerts and reorder reminders
  • Provide customer support and respond to your inquiries
  • Improve our Service and develop new features
  • Ensure the security and integrity of our Service
  • Comply with legal obligations

6. Data Sharing and Disclosure

We do not sell, trade, or otherwise transfer your personal information to third parties except in the following circumstances:

  • Service Providers: Third-party companies that help us provide our Service (e.g., cloud hosting, authentication services)
  • Legal Requirements: When required by law or to protect our rights, property, or safety
  • Business Transfers: In connection with a merger, acquisition, or sale of assets
  • With Your Consent: When you explicitly agree to share information

7. Data Security

We implement appropriate technical and organizational measures to protect your personal information, including:

  • Encryption of data in transit and at rest
  • Practice-level data isolation to ensure data segregation
  • Regular security assessments and monitoring
  • Access controls and authentication mechanisms
  • Secure cloud infrastructure with enterprise-grade security

8. Data Retention

We retain your personal information for as long as necessary to:

  • Provide our Service to you
  • Comply with legal obligations
  • Resolve disputes and enforce our agreements

Account data is typically retained for the duration of your subscription plus 12 months. Inventory and audit trail data may be retained for up to 7 years for business and compliance purposes.

9. Your Rights Under GDPR

You have the following rights regarding your personal data:

  • Right to Access: Request copies of your personal data
  • Right to Rectification: Request correction of inaccurate data
  • Right to Erasure: Request deletion of your personal data
  • Right to Restrict Processing: Request limitation of processing
  • Right to Data Portability: Request transfer of your data
  • Right to Object: Object to processing based on legitimate interests
  • Right to Withdraw Consent: Withdraw consent where processing is based on consent

To exercise these rights, contact us at hello@dentalflow.co.uk

10. International Data Transfers

Your data may be processed in countries outside the UK/EEA. When we transfer data internationally, we ensure appropriate safeguards are in place, including:

  • Adequacy decisions by the UK Information Commissioner's Office
  • Standard contractual clauses
  • Binding corporate rules
  • Certification schemes

11. Children's Privacy

Our Service is not directed to children under 16. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal information from a child under 16, we will take steps to delete such information.

12. Cookies and Tracking

Our mobile application does not use cookies. We may use local storage and analytics tools to improve user experience. You can control these through your device settings.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

  • Posting the new Privacy Policy on our website
  • Sending you an email notification
  • Providing notice through our Service

14. Contact Information

If you have questions about this Privacy Policy or our data practices, please contact us:

  • Email: hello@dentalflow.co.uk
  • Company: LendAI Limited (trading as DentalFlow)

15. Supervisory Authority

You have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) if you believe we have not handled your personal data properly:

  • Website: ico.org.uk
  • Phone: 0303 123 1113
  • Address: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF