Privacy Policy

Praxis is an analytics and finances tool for UK associate dentists, operated by Dr Syed Ali (“Praxis”, “we”, “us”). You can contact us at info@praxisdental.co.uk. This policy explains what data we handle and how. It is written to align with UK GDPR and the EU GDPR.

(To be completed before public launch: registered legal entity / trading name and ICO registration number.)

For your own account — your name, email, GDC number and the income and expenses you record — Praxis is the data controller.

For patient-related data drawn from your practice’s Dentally system, the practice/associate is the controller and Praxis acts only as a data processor, on your documented instructions and under a Data Processing Agreement.

Your account: full name, email, GDC number, a securely hashed password, and subscription details.

Your finances: the income and expense entries you create, and any receipts or pay statements you upload.

Your practice connection: your Dentally API credentials, stored encrypted.

Patient-related data (kept to a minimum): for your performance metrics we process the Dentally patient identifier, date of birth, and appointment and payment history (dates, types, amounts, status). We do not store patient names — they are fetched live from Dentally only when a screen needs them, and not retained. We do not store clinical notes, and any AI-drafted letters are generated on demand and never saved.

Your account and billing data is processed to provide the service you’ve signed up for (contract — Article 6(1)(b)). Patient-related data is processed on behalf of you, the associate, for the management of healthcare (Article 9(2)(h)), under our processor agreement with you. We do not use your data for advertising and we never sell it.

Data is stored in the EU (Supabase, Ireland) and the app is served via Vercel; data is encrypted in transit (TLS) and at rest. We apply database-level Row Level Security so each user can only ever access their own data, encrypt your Dentally credentials, restrict access, and keep an audit trail of sensitive actions. Praxis is read-only from Dentally — we never write back to your practice system.

We use a small number of trusted providers to run the service: Supabase (database & file storage, EU), Vercel (hosting), Resend (transactional email), and your practice’s Dentally account as the source of practice data. Each acts under its own data-processing terms.

Account and financial records are kept while your account is active; if you delete your account it is purged after a short grace period. Patient-related data is kept while your practice connection is active and removed shortly after a practice is disconnected or a patient is deleted in Dentally. Audit logs are kept for about one year.

You can access, correct, export, or delete your account data, and object to or restrict certain processing. You can delete your account yourself at any time in Settings → Danger zone, or email us at info@praxisdental.co.uk. Patients exercise their rights through the practice (via Dentally), which holds the system of record; Praxis surfaces nothing directly to patients.

We use a single essential cookie to keep you signed in. We do not use advertising or third-party tracking cookies.

We’ll update this policy as the product evolves and note the date above. Questions? Email info@praxisdental.co.uk.