🇺🇸US Launch: HIPAA Compliant AI Notes
Dentistry Dashboard
Free Trial

Compliance, Security & GDPR (UK/EU)

Last updated: 1 Feb 2026

At a glance

  • GDPR compliant (UK GDPR & DPA 2018)
  • You control patient data (you're the Controller; we operate as your Processor)
  • UK/EU hosting on Microsoft Azure (UK South) and AWS (London: eu-west-2)
  • Clinical/platform data stays in UK/EU infrastructure. Billing/email metadata may be processed outside UK/EEA with appropriate safeguards (e.g., SCCs/UK addendum/DPF where applicable).
  • Encryption: TLS in transit, encryption at rest
  • Daily backups with rolling retention (UK database backups: 7 days)
  • AI Notes: no raw audio stored; Azure AI Speech transcribes in real time; Gemini (Vertex AI) helps format drafts
  • Registered with the MHRA as a Digital dictation system (documentation support only)
  • Cyber Essentials certified
Bottom line: You own the data. We secure it. You decide what stays, what's shared, and what's deleted.

What we actually do with your data

AI Notes (documentation support):

While you speak, Azure AI Speech turns your voice into text in real time. We don't keep the audio. We then use Google Cloud Vertex AI (Gemini) to help turn the transcript and your settings into a tidy draft. You review and edit before saving the final note into your practice's clinical system (PMS). Where available, we use regional processing (e.g., `europe-west2`) and our providers do not use your content to train their foundation models.

Boards, Rotas, Lab Tracker & CPD:

These are secure workspaces your team controls. Add what you need (tasks, logs, rota entries, lab cases, certificates). You can export, rename, or delete items whenever you like.

We never sell personal data. Ever.

Where your data lives

  • Platform and clinical content for UK customers is hosted in UK/EU regions: Microsoft Azure (UK South) and AWS (London: eu-west-2).
  • Some non-clinical services (e.g., billing and transactional email metadata) may involve processing outside the UK/EEA. Where this applies, appropriate safeguards are used (e.g., SCCs/UK addendum/DPF as applicable).

Security, without the jargon

Encryption by default

TLS 1.2+ in transit, encryption at rest with cloud‑managed keys.

Access control

Role‑based permissions and least‑privilege access.

Resilience

Daily backups and region‑appropriate redundancy.

Good engineering hygiene

Secure development, change control, dependency monitoring, logging and alerts.

AI provider settings

We use regional endpoints where available and minimise retention. Google Cloud Vertex AI customer data is not used to train or improve Google's AI models.

Your choices & rights

  • Rename or delete your Saved Chats in AI Notes any time.
  • Ask to access, correct, delete, restrict, or port your personal data.
  • Prefer fewer cookies? Use our cookie controls on the website.
  • Need help? A human will respond at info@dentistrydashboard.com.

What Dentistry Dashboard is not

  • We don't make clinical decisions. AI Notes is for drafting documentation only. Clinicians remain in charge.
  • We don't store raw audio from dictation.
  • We don't move UK clinical/platform data outside the UK/EEA as a matter of routine. Some non-clinical services (billing/email/website analytics) may involve processing outside the UK/EEA with safeguards.

UK Compliance & Clinical Safety

Dentistry Dashboard is developed and operated to support UK NHS and data protection expectations for safe, responsible use, including:

  • DCB0129-aligned clinical safety for AI Notes with a named Clinical Safety Officer, safety case documentation, and hazard management
  • DSPT-aligned information governance controls with evidence prepared for publication
  • Cyber Essentials certified infrastructure and security practices
  • UK GDPR / Data Protection Act 2018 compliant processing approach
View Trust Pack summary|Read Privacy Policy

For practices & IG teams

Roles

Your practice = Controller (patient/practice data). Dentistry Dashboard = Processor for that data; Controller for our own account/billing data.

Hosting

Azure (e.g., UK South) & AWS (UK/EU).

AI services

Azure AI Speech (STT), Vertex AI (Gemini) (LLM drafting). EU/UK regionalisation used where available.

Sub‑processors

Core: AWS (hosting), Azure AI Speech (transcription), Vertex AI (Gemini) (draft formatting), Stripe (billing), Postmark (transactional email). Website analytics/ads may use services like Microsoft Clarity and Meta Pixel. Optional (you connect): Google Workspace, Zapier. Full register with regions/purposes available on request.

International transfers

UK clinical/platform data is processed in UK/EU regions. Billing/email/website analytics may involve processing outside the UK/EEA under appropriate safeguards (e.g., SCCs/UK addendum/DPF where applicable).

Retention

Saved Chats stay until users delete them. UK database backups retain deleted data for up to 7 days. Application logs are retained for 14 days.

Breach response

As Processor we notify Controllers without undue delay. We support ICO 72‑hour obligations.

Legal docs

Standard DPA (Art. 28), data exit/termination, and continuity information available for Trust procurement/IG review.

Questions? Talk to us

Email: info@dentistrydashboard.com

Privacy Policy: View Privacy Policy

Terms: Terms & Conditions