Privacy Policy

Our Privacy Policy outlines how we collect, use, and protect your personal information. Your privacy and security are our priorities.

Last Updated: November 20, 2025

Information We Collect

Dev-Haus Limited ("we," "us," "our") is committed to protecting the privacy and security of your personal information. This Privacy Policy explains how we collect, use, store, and protect information when you use our dental practice management software and services (the "Services").

Company Details

  • Dev-Haus Limited
  • Registered in England and Wales
  • Company Number: 16808964
  • Registered Office: 32 Park Place LS1 2SP
  • Data Protection Officer: Saba Arif
  • Email: privacy@dev-haus.com
  • Phone: 07956776114

Practice Information

  • Practice name, address, and contact details
  • Practice owner and staff member information
  • Professional registration numbers (GDC numbers)
  • Payment and billing information

Patient Information (Processed on Behalf of Your Practice)

  • Personal identifiers (name, date of birth, NHS number, address, contact details)
  • Medical and dental history
  • Clinical notes, treatment plans, and consent forms
  • Dental radiographs, photographs, and 3D scans
  • Appointment history and communications
  • Financial records related to dental treatment
  • Patient comfort preferences and special requirements

Technical Information

  • IP addresses and device information
  • Browser type and version
  • Usage data and analytics (anonymized where possible)
  • Cookies and similar tracking technologies

Legal Basis for Processing

We process personal data under the following legal bases:

  • Contract Performance: To provide our Services to dental practices
  • Legitimate Interests: To improve our Services, prevent fraud, and ensure security
  • Legal Obligation: To comply with UK GDPR, Data Protection Act 2018, NHS regulations
  • Consent: Where specifically obtained for marketing communications or optional features

How We Use Your Information

Service Provision

  • Operate and maintain the Dev-Haus platform
  • Enable appointment scheduling, task management, CRM, and document storage
  • Process payments and billing
  • Provide customer support and training

Service Improvement

  • Analyze usage patterns to enhance functionality
  • Develop new features based on user feedback
  • Conduct research and analytics (using anonymized data)

Communications

  • Send service updates, security alerts, and technical notices
  • Provide customer support responses
  • Send marketing communications (with consent, opt-out available)

Legal and Security

  • Comply with legal obligations and regulatory requirements
  • Detect, prevent, and address fraud, security issues, and technical problems
  • Enforce our Terms of Service

Data Storage and Security

Storage Location

  • Primary Data Storage: AWS (Amazon Web Services) data centers located in London, UK (eu-west-2)
  • Backup Storage: Geo-redundant backup in Dublin, Ireland (eu-west-1) for disaster recovery
  • Data Residency: All patient and practice data remains within the UK and EU at all times

Security Measures

  • Encryption: AES-256 encryption for data at rest, TLS 1.3 for data in transit
  • Access Control: Role-based access control (RBAC), multi-factor authentication (MFA)
  • Infrastructure: ISO 27001 certified cloud infrastructure with 99.9% uptime SLA
  • Backup: Daily automated backups with 30-day retention, tested quarterly
  • Audit Trails: Comprehensive logging of all data access and modifications
  • Penetration Testing: Annual third-party security audits
  • Staff Training: All employees receive GDPR and data security training
  • Physical Security: Data centers with 24/7 monitoring, biometric access controls

Data Retention

  • Active Practice Data: Retained for duration of subscription plus 30 days
  • Archived Data: Retained as required by UK dental record-keeping regulations (11 years from last treatment or until patient reaches age 25, whichever is longer)
  • Backups: Retained for 30 days, then securely deleted
  • Marketing Data: Retained until consent is withdrawn or 3 years of inactivity

Data Sharing and Disclosure

We do NOT sell, rent, or trade your personal information. We may share data only in the following circumstances:

Service Providers

  • AWS (Cloud Hosting): Infrastructure and data storage
  • Stripe (Payment Processing): Secure payment transactions
  • Twilio (Communications): SMS and email delivery
  • SendGrid (Email): Transactional and marketing emails
  • Google Analytics: Anonymized usage analytics

All third-party providers are bound by Data Processing Agreements (DPAs) ensuring GDPR compliance.

Legal Requirements

  • When required by law, court order, or regulatory authority (NHS BSA, CQC, ICO)
  • To protect our rights, property, or safety
  • In connection with legal proceedings

Business Transfers

  • In the event of merger, acquisition, or sale of assets, data may be transferred (with notice to users)

Your Rights Under UK GDPR

Right of Access

  • Request a copy of personal data we hold about you (Subject Access Request)

Right to Rectification

  • Correct inaccurate or incomplete data

Right to Erasure ("Right to be Forgotten")

  • Request deletion of your data (subject to legal retention requirements)

Right to Restriction of Processing

  • Limit how we use your data in certain circumstances

Right to Data Portability

  • Receive your data in a structured, machine-readable format (CSV, JSON)

Right to Object

  • Object to processing based on legitimate interests or direct marketing

Right to Withdraw Consent

  • Withdraw consent at any time (where processing is based on consent)

Right to Lodge a Complaint

  • Complain to the Information Commissioner's Office (ICO)
  • Website: ico.org.uk | Phone: 0303 123 1113
  • To Exercise Your Rights: Email privacy@dev-haus.com
  • Or write to our Data Protection Officer. We will respond within 30 days.

Cookies and Tracking Technologies

Essential Cookies

  • Required for platform functionality (authentication, session management)

Analytics Cookies

  • Google Analytics (anonymized) to understand usage patterns

Marketing Cookies

  • Used for targeted advertising (with consent)

Cookie Management: You can control cookies via browser settings. Disabling essential cookies may impact functionality.

International Data Transfers

While we store data exclusively in the UK/EU, some service providers may access data from outside the EU:

  • Safeguards: Standard Contractual Clauses (SCCs), adequacy decisions, and DPAs
  • Your Control: You may object to international transfers; we will assess alternative arrangements

Children's Privacy

Dev-Haus is not intended for use by individuals under 18 without parental/guardian consent. Dental practices are responsible for obtaining appropriate consent when treating minors.

Data Breach Notification

In the event of a data breach affecting your personal information:

  • We will notify you and the ICO within 72 hours (where legally required)
  • We will provide details of the breach, potential impact, and remediation steps
  • Emergency contact: security@dev-haus.com

Changes to This Privacy Policy

We may update this Privacy Policy periodically. Changes will be posted at dev-haus.com/privacy with an updated "Last Updated" date. Continued use of Services constitutes acceptance of changes.

Contact Us

For Privacy Inquiries:

  • Email: privacy@dev-haus.com
  • Phone: 07956776114
  • Address: Dev-Haus Limited, 32 Park Place LS1 2SP
  • Email: sabah.arif29@gmail.com, dpo@dev-haus.com