Privacy Policy

1. Who We Are

Data Controller: Conor Pyne trading as DentaBook AI

Email: conorpyne@dentabook.ie

Website: dentabook.ie

As a provider of booking software to dental practices, DentaBook AI acts as a Data Processor in relation to patient data, while the dental practice acts as the Data Controller. We process patient data only on the instructions of the dental practice, as set out in our Data Processing Agreement.

2. What Data We Collect

2.1 Website Visitors (dentabook.ie)

When you contact us via our website contact form, we collect:

• Your name
• Your email address
• Your phone number
• Your practice name (if applicable)
• Any message you choose to send

2.2 Dental Practice Subscribers

When a dental practice signs up to DentaBook AI, we collect:

• Practice name and address
• Contact person name and email
• Billing information (processed securely via Stripe)
• Dentist names and specialties
• Service types and appointment durations

2.3 Patient Booking Data

When a patient books through a dental practice's DentaBook AI widget, we collect and process on behalf of the dental practice:

• Patient full name
• Patient email address
• Patient phone number
• Appointment date, time and service type
• Any notes provided by the patient

3. How We Use Personal Data

3.1 Website Enquiries

We use contact form data to respond to your enquiry and set up your account if you proceed. Legal basis: Legitimate interests and contract performance.

3.2 Dental Practice Accounts

We use subscriber data to provide and maintain the service, process payments, and provide support. Legal basis: Contract performance and legitimate interests.

3.3 Patient Booking Data

We process patient data solely to provide the booking functionality on behalf of the dental practice. We do not use patient data for marketing or any other purpose. Legal basis: Contract performance (as Data Processor).

4. Data Storage & Security

All data is stored securely using Supabase (PostgreSQL), hosted within the European Union. Each dental practice has its own isolated database — patient data from one practice is never accessible to another.

We implement the following security measures:

• Encrypted database connections (SSL/TLS)
• Row-level security policies in our database
• Access controls limiting data access to authorised personnel only
• Secure API key management via environment variables

5. Data Retention

• Website enquiry data: 2 years from the date of enquiry
• Dental practice subscriber data: Duration of subscription plus 1 year
• Patient booking data: As directed by the dental practice, subject to their own retention obligations

When a dental practice cancels their subscription, we provide a full export of their patient booking data and securely delete it from our systems within 30 days.

6. Sharing Personal Data

We do not sell personal data. We share data only with trusted service providers necessary to operate our service:

• Supabase — database hosting (EU servers)
• Vercel — application hosting
• Resend — transactional email delivery
• Stripe — payment processing (dental practice subscriptions only)
• Anthropic — AI triage functionality (symptom descriptions only, no patient identifiers)

All third-party processors are bound by appropriate data processing agreements and GDPR-compliant terms.

7. Your Rights Under GDPR

You have the following rights in relation to your personal data:

• Right of access — to receive a copy of the data we hold about you
• Right to rectification — to have inaccurate data corrected
• Right to erasure — to have your data deleted in certain circumstances
• Right to restriction — to limit how we use your data
• Right to data portability — to receive your data in a machine-readable format
• Right to object — to object to certain types of processing

To exercise any of these rights, please contact us at conorpyne@dentabook.ie. We will respond within 30 days.

If you are a patient of a dental practice using DentaBook AI, please contact the dental practice directly as they are the Data Controller for your booking data.

8. Cookies

Our website uses only essential cookies necessary for the website to function. We do not use advertising or tracking cookies. The booking widget may use session cookies to maintain your booking progress — these are deleted when you close your browser.

9. Data Processing Agreement

Dental practices that subscribe to DentaBook AI enter into a Data Processing Agreement (DPA) with us, as required by Article 28 of the GDPR. This DPA sets out the terms under which we process patient data on behalf of the practice.

A copy of our standard Data Processing Agreement is available on request by emailing conorpyne@dentabook.ie.

10. Complaints

If you have a concern about how we handle your personal data, please contact us first at conorpyne@dentabook.ie.

You also have the right to lodge a complaint with the Data Protection Commission (DPC):

• Website: dataprotection.ie
• Phone: +353 57 868 4800
• Address: 21 Fitzwilliam Square South, Dublin 2, D02 RD28

11. Changes to This Policy

We may update this Privacy Policy from time to time. Any changes will be published on dentabook.ie with an updated "Last updated" date. We will notify dental practice subscribers of any significant changes by email.