Legal

Privacy Policy

Last updated: 1 January 2026

Data controller: Dentree Ltd, Company No. 11734826, registered in England and Wales. Questions? Email privacy@denbot.co.uk

1. Who we are

Denbot is a product of Dentree Ltd. We provide an automated patient enquiry widget for UK healthcare clinics. This policy explains how we collect, use, and protect personal data when you interact with a Denbot widget on a clinic's website, or when you use our dashboard as a clinic user.

2. Data we collect

When a website visitor interacts with a Denbot widget, we may collect:

Name, email address, and phone number (when voluntarily provided)
Enquiry type and conversation transcript
UTM parameters and referring URL
Anonymous session identifier (stored in sessionStorage, not a cookie)
Approximate timestamp and time zone

When a clinic user logs into the Denbot dashboard, we collect:

Email address (used for magic-link authentication)
Login timestamps and IP address (for security)
Actions taken within the dashboard (audit log)

3. How we use data

To deliver captured lead details to the relevant clinic
To provide the Denbot dashboard and reporting features
To send transactional emails (magic links, lead notifications)
To process subscription billing via Stripe
To improve the service and detect misuse

4. Legal basis for processing

We process visitor data on the basis of legitimate interests — specifically, to facilitate the clinic's lawful business enquiry process. Clinic users' data is processed on the basis of contract performance. We do not rely on consent for standard operational processing.

5. Data sharing

We share data only as necessary to deliver the service:

Clinics: Lead data is delivered to the clinic whose widget the visitor interacted with
Supabase: Database hosting (EU region, West Europe)
SendGrid (Twilio): Transactional email delivery
Stripe: Payment processing
Anthropic: AI processing for free-text responses only (no personal data is included in AI prompts)

We do not sell personal data. We do not share data with third parties for marketing purposes.

6. Data retention

Conversation data and lead records are retained for 12 months by default. Clinic users may request deletion of their data at any time. Billing records are retained for 7 years as required by UK tax law.

7. Your rights

Under UK GDPR, you have the right to:

Access the personal data we hold about you
Request correction of inaccurate data
Request deletion of your data
Object to processing
Data portability
Lodge a complaint with the ICO (ico.org.uk)

To exercise any of these rights, email privacy@denbot.co.uk. We will respond within 30 days.

8. Cookies and tracking

The Denbot widget does not set cookies. It uses sessionStorage to maintain a temporary anonymous session ID that is cleared when the browser tab is closed. No persistent tracking identifiers are set by Denbot.

9. Security

All data in transit is encrypted via TLS. Data at rest is encrypted by our infrastructure provider. Access to personal data is restricted to authorised Dentree staff. We conduct regular security reviews.

10. Changes to this policy

We may update this policy from time to time. Material changes will be communicated to clinic account holders by email. The current version is always available at denbot.co.uk/privacy.

11. Contact

Dentree Ltd
Email: privacy@denbot.co.uk
Company No. 11734826 (England and Wales)