Privacy Policy
Last updated: July 2026 (v3 — Tomorrow's Clinic study tools) · Denverse Ltd · 128 City Road, London, EC1V 2NX, United Kingdom
1. Who We Are
Denverse Ltd ("we", "us", "our") is the data controller responsible for your personal information. We are registered in England and Wales (Company No. 17146294) and operate the educational platform at dentalverse.app.
For privacy-related questions, contact our Data Protection contact: info@dentalverse.app
2. Information We Collect
Account information: Name (display name), email address, phone number, university, year of study, country, and date of birth provided during registration and onboarding.
Phone number: Your phone number is collected during onboarding for identity verification via SMS. Phone verification is mandatory to prevent spam and multi-account abuse. Each phone number can only be linked to one account. Your phone number is stored securely in our database and is not shared with any third party other than Twilio (our SMS verification provider).
Usage data: Pages visited, features used, AI interactions, study progress, quiz attempts, and session duration. This is used to personalise your learning experience and improve the Platform.
AI credit usage: For Pro subscribers, we track the computational cost of each AI interaction to calculate credit consumption against your monthly budget. This data includes the number of credits used per feature and is viewable in Settings → AI Usage. Credit tracking begins from the date your Pro subscription is activated and is calculated from your billing period start date. Free plan users do not have AI credit tracking.
User-generated content: Notes, timestamped video study notes, uploaded files (PDFs, documents), saved items, and messages you send through the Platform. Notes you write must not contain patient-identifying information (the Platform is not a clinical record system).
Video library usage: Your watch progress (how far through each video you have watched), completion status, last-watched timestamps, and timestamped notes are stored in our database linked to your account so that you can resume where you left off and access your notes across devices. This data is private to your account and is not shared with any other user or with the video creators.
Dose calculator inputs: Weight, age, ASA class, medical-condition flags, and any other values you enter into the educational dose calculators are processed in your browser session only. We do not store, log, or transmit calculator inputs to our servers. Inputs reset when you close or reload the calculator page.
Tomorrow's Clinic study records: If you use the clinic preparation tools, we store the study data you create: planned clinic days (dates, chosen procedures, optional tooth numbers, day notes), your completed-run study log (procedure names, dates, durations, step records you chose to enter such as measurements or materials, outcomes, plans for a next study session, and written reflections), case threads with app-generated case names, revision cards, readiness-quiz scores, and clinic streaks. This is your personal study log — it is private to your account, is not visible to other users or to our content administrators' review views, and your written reflections and clinical descriptions are excluded from AI processing.
Anonymous patient study profiles: The clinic tools let you record structured study factors (an app-generated label such as "Patient A", age, weight, ASA class, allergy and condition selections from the app's own fixed lists). By design there is no field for a name or any free-text identity — the database itself rejects anything outside the fixed structure. You must never attempt to record identifying details of a real person anywhere on the Platform (see our Terms). Because rare combinations of factors could in principle be indirectly identifying, we handle these profiles as personal data under UK GDPR: private to your account, encrypted in transit, row-level access controls, and deletable by you at any time. If you choose to use the AI study assistant during clinic preparation, the structured factors of the profile you attached (age, weight, ASA class, and allergy/condition names — never your free-text notes or reflections) are included in that request to our AI provider solely to ground the educational answer.
On-device run drafts: An in-progress Clinic Mode run is drafted to your own device's local storage so an interruption doesn't lose your work. Drafts never leave your device, expire automatically, and are cleared when the run is saved or discarded.
Reminder emails: When the clinic reminder service is active and you have a day planned, we use Resend to deliver a night-before email summarising your own planned day. You can ask us to turn reminders off for your account at any time via info@dentalverse.app. Resend receives your email address and the message content solely for delivery.
Payment information: Billing is handled entirely by Stripe. We receive only a payment confirmation token and the last 4 digits of your card. We never store full card details.
Technical data: IP address, browser type, device information, and cookies. See our Cookie Policy for details.
3. How We Use Your Information
- To provide, operate, and maintain the Platform and its features
- To process subscription payments and send billing receipts
- To personalise your study experience based on progress and usage patterns
- To send important service notifications (billing, policy updates, security alerts)
- To respond to support requests and enquiries
- To improve Platform content and AI model performance (in anonymised, aggregated form)
- To comply with our legal obligations under UK and EU law
We do not sell your personal data to third parties. We do not use your data for advertising purposes.
4. Legal Basis for Processing (UK GDPR)
- Contract: Processing necessary to provide the service you subscribed to
- Legitimate interests: Improving our Platform, preventing fraud, and ensuring security
- Legal obligation: Retaining records as required by UK law (e.g. financial records for 7 years)
- Consent: For optional communications such as newsletters or marketing emails
5. Data Sharing and Third Parties
We share data only with trusted service providers necessary to operate the Platform:
- Supabase: Database and authentication infrastructure (EU-based servers)
- Stripe: Payment processing. Stripe's privacy policy applies to payment data
- Twilio: SMS verification for phone number validation during onboarding. Twilio receives your phone number solely to deliver a one-time verification code. See Twilio's Privacy Policy
- AI Service Providers: Power AI study features including Teach Me, Quiz Me, AI Chat, and related tools. Content submitted to AI features may be processed by our AI providers under their respective data processing agreements. All content is processed solely to deliver educational responses and is not used to train third-party models on your personal data
- PostHog: Product analytics to understand how features are used and improve the Platform. PostHog processes anonymised usage data (pages visited, features used, session duration) and is hosted in the EU (Frankfurt). Data is linked to your account only while you are logged in. See PostHog's Privacy Policy
- Resend: Transactional email delivery (e.g. night-before clinic reminders). Resend receives your email address and the message content solely for delivery. See Resend's Privacy Policy
- Vercel: Platform hosting, deployment infrastructure, and anonymised analytics (page views and performance metrics)
- YouTube (Google LLC): The video library embeds YouTube videos via YouTube's privacy-enhanced iframe player (youtube-nocookie.com). No cookies are set and no data is transferred to YouTube until you actively initiate playback. Once you press play, YouTube may receive your IP address, the video ID, browser information, and — if you are signed in to a Google account in the same browser — identifiers linked to that account. Dentalverse does not transmit your account details to YouTube. Admin playlist imports use the YouTube Data API v3 server-side only (no user data is sent). See Google's Privacy Policy
All third-party providers are required to process data securely and only for specified purposes.
6. Data Retention
We retain your account data for as long as your account is active. If you delete your account, we will delete your personal data within 30 days, except where we are required to retain it by law (e.g. financial transaction records are retained for 7 years as required by UK law).
Your study log and clinic records (planned days, case threads, reflections, revision cards, anonymous study profiles) are kept for as long as your account exists so your portfolio remains available across your studies — you can delete any individual entry, or everything, at any time from within the Platform. They are deleted with your account. If an account remains inactive for 24 months after a subscription lapses, we may delete or irreversibly anonymise its study records after emailing you at least 30 days in advance.
7. Your Rights
Under UK GDPR, you have the right to:
- Access a copy of the personal data we hold about you
- Rectify inaccurate or incomplete data
- Erase your personal data ("right to be forgotten")
- Restrict processing of your data in certain circumstances
- Port your data to another service
- Object to processing based on legitimate interests
- Withdraw consent at any time for consent-based processing
To exercise any of these rights, contact info@dentalverse.app. We will respond within 30 days.
You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk.
8. Data Security
We implement industry-standard security measures including encrypted data transmission (TLS), row-level security on our database, hashed passwords via Supabase Auth, and access controls. Despite these measures, no system is completely secure. Please use a strong, unique password and contact us immediately if you suspect a security breach.
9. International Transfers
Your data may be processed in countries outside the UK (including the United States, where some of our service providers are based). Where we transfer data internationally, we ensure adequate safeguards are in place as required by UK GDPR.
10. Changes to This Policy
We may update this Privacy Policy periodically. We will notify you of material changes by email or a prominent notice on the Platform. The "Last updated" date at the top of this page reflects the most recent revision.
11. Contact
Denverse Ltd — Data Protection
128 City Road, London, EC1V 2NX, United Kingdom
Email: info@dentalverse.app