Privacy Policy

1. Who We Are

Dentalverse Ltd ("we", "us", "our") is the data controller responsible for your personal information. We are registered in England and Wales and operate the educational platform at dentalverse.app.

For privacy-related questions, contact our Data Protection contact: info@dentalverse.app

2. Information We Collect

Account information: Name (display name), email address, university, year of study, country, and date of birth provided during registration.

Usage data: Pages visited, features used, AI interactions, study progress, quiz attempts, and session duration. This is used to personalise your learning experience and improve the Platform.

User-generated content: Notes, uploaded files (PDFs, documents), saved items, and messages you send through the Platform.

Payment information: Billing is handled entirely by Stripe. We receive only a payment confirmation token and the last 4 digits of your card. We never store full card details.

Technical data: IP address, browser type, device information, and cookies. See our Cookie Policy for details.

3. How We Use Your Information

• To provide, operate, and maintain the Platform and its features
• To process subscription payments and send billing receipts
• To personalise your study experience based on progress and usage patterns
• To send important service notifications (billing, policy updates, security alerts)
• To respond to support requests and enquiries
• To improve Platform content and AI model performance (in anonymised, aggregated form)
• To comply with our legal obligations under UK and EU law

We do not sell your personal data to third parties. We do not use your data for advertising purposes.

4. Legal Basis for Processing (UK GDPR)

• Contract: Processing necessary to provide the service you subscribed to
• Legitimate interests: Improving our Platform, preventing fraud, and ensuring security
• Legal obligation: Retaining records as required by UK law (e.g. financial records for 7 years)
• Consent: For optional communications such as newsletters or marketing emails

5. Data Sharing and Third Parties

We share data only with trusted service providers necessary to operate the Platform:

• Supabase: Database and authentication infrastructure (EU-based servers)
• Stripe: Payment processing. Stripe's privacy policy applies to payment data
• AI Service Providers: Power AI study features including Teach Me, Quiz Me, AI Chat, and related tools. Content submitted to AI features may be processed by our AI providers under their respective data processing agreements. All content is processed solely to deliver educational responses and is not used to train third-party models on your personal data
• Vercel: Platform hosting, deployment infrastructure, and anonymised analytics (page views and performance metrics)
• Cloudflare: DNS resolution and network security infrastructure. Cloudflare may process IP addresses and request metadata to protect the Platform from abuse

All third-party providers are required to process data securely and only for specified purposes.

6. Data Retention

We retain your account data for as long as your account is active. If you delete your account, we will delete your personal data within 30 days, except where we are required to retain it by law (e.g. financial transaction records are retained for 7 years as required by UK law).

7. Your Rights

Under UK GDPR, you have the right to:

• Access a copy of the personal data we hold about you
• Rectify inaccurate or incomplete data
• Erase your personal data ("right to be forgotten")
• Restrict processing of your data in certain circumstances
• Port your data to another service
• Object to processing based on legitimate interests
• Withdraw consent at any time for consent-based processing

To exercise any of these rights, contact info@dentalverse.app. We will respond within 30 days.

You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk.

8. Data Security

We implement industry-standard security measures including encrypted data transmission (TLS), row-level security on our database, hashed passwords via Supabase Auth, and access controls. Despite these measures, no system is completely secure. Please use a strong, unique password and contact us immediately if you suspect a security breach.

9. International Transfers

Your data may be processed in countries outside the UK (including the United States, where some of our service providers are based). Where we transfer data internationally, we ensure adequate safeguards are in place as required by UK GDPR.

10. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes by email or a prominent notice on the Platform. The "Last updated" date at the top of this page reflects the most recent revision.

11. Contact