← Back to DentNote AI

Privacy Policy

Last updated: April 2026

Overview

DentNote AI is operated by DMA Academy ("we", "us", "our"). This policy explains what data we collect, how we use it, and your rights under UK GDPR and the Data Protection Act 2018.

Important: Do Not Enter Patient-Identifiable Information

DentNote AI is designed for generating clinical note templates from anonymised key points. You must NOT enter patient names, NHS numbers, dates of birth, addresses, or any other patient-identifiable information into the app.

The key points you enter should contain only clinical observations (e.g. "composite UR6, MOD cavity, caries removed") without any information that could identify a specific patient.

What Data We Collect

We collect the following data when you use DentNote AI:

  • Account information: Name, email address, practice name, hashed password
  • Clinical input: Key points, procedure type, tooth notation, BPE scores entered for note generation
  • Generated notes: The AI-generated clinical notes produced by the app
  • Settings: Your saved preferences (clinician name, materials, LA defaults)
  • Templates: Any note templates you create
  • Usage logs: Procedure type, generation timestamp, and mode (for service improvement)

How We Use Your Data

  • To generate clinical notes based on your input
  • To save your settings, templates, and note history for your convenience
  • To improve the quality and accuracy of generated notes
  • To manage your account and authentication
  • To process subscription payments (if applicable)

AI Processing

Your clinical key points are sent to a third-party AI model (Google Gemini via OpenRouter) to generate clinical notes. This data is:

  • Transmitted securely over HTTPS
  • Used solely for generating your requested note
  • Not used to train AI models
  • Not stored by the AI provider beyond the immediate request

This is why it is critical that you do not include patient-identifiable information in your key points.

Data Storage

Your account data, settings, templates, and generated notes are stored in a secure PostgreSQL database hosted by Supabase. Data is encrypted at rest and in transit. Passwords are hashed using bcrypt and are never stored in plain text.

Payment Processing

If you subscribe to a paid plan, payments are processed by Stripe. We do not store your card details. Stripe handles all payment data in accordance with PCI DSS standards. Please refer to Stripe's privacy policy for details.

Data Sharing

We do not sell, rent, or share your personal data with third parties, except:

  • AI processing providers (as described above, for note generation only)
  • Payment processors (Stripe, for subscription management only)
  • Where required by law or regulation

Data Retention

Your data is retained for as long as your account is active. If you delete your account, all associated data (settings, notes, templates) will be permanently deleted within 30 days.

Your Rights

Under UK GDPR, you have the right to:

  • Access your personal data
  • Rectify inaccurate data
  • Erase your data ("right to be forgotten")
  • Restrict processing of your data
  • Port your data to another service
  • Object to processing of your data

To exercise any of these rights, contact us at the email below.

Contact

For any privacy-related queries or data requests, contact:
team@dma.academy