Compliance
DentyBot is built to meet the data-protection obligations of dental practices across the UK, Ireland, the European Union, Australia, and North America. We operate as your data processor (or Business Associate, in the US) under legally binding agreements.
GDPR (UK, Ireland, EU)
For practices in the UK, Ireland, and the wider EU, DentyBot acts as a data processor under Article 28 of the GDPR. We process patient data strictly on your instructions, for the sole purpose of delivering the Denty chat service. A Data Processing Agreement (DPA) is automatically incorporated into every subscription — you can view it here.
HIPAA (United States)
For US-based dental practices, DentyBot operates as a Business Associate under HIPAA. We sign a Business Associate Agreement (BAA) with any subscribing US practice on request. Email us at hello@dentybot.com with subject line "BAA Request" to receive a signed BAA within 3 business days.
Australian Privacy Principles
For Australian dental practices, DentyBot complies with the Australian Privacy Principles (APPs) under the Privacy Act 1988. We handle patient data with the same technical and organisational measures applied to our GDPR-covered clients.
How DentyBot handles patient data
Patient information that may pass through Denty includes names, contact details, appointment times, and health-related chat messages. We handle this data with the following protections:
All data is encrypted in transit using TLS 1.3 and at rest using AES-256. Patient conversations are never stored in plaintext.
Patient data is accessible only to authorised DentyBot personnel for support and maintenance purposes, under strict need-to-know policies.
All access to patient data is logged and auditable. You can request an access log at any time.
In the event of a data breach, we will notify you within 72 hours as required by GDPR Article 33 and HIPAA's Breach Notification Rule.
Denty only collects the minimum information necessary to fulfil the patient's request. We do not store sensitive clinical data beyond what is required for appointment booking.
Request the right agreement for your region
UK, Irish, and EU practices — our DPA is automatically in force. Download a copy here. US practices — request your BAA below.
Request a BAA or DPA
Email us with your practice name and region. We will send the appropriate signed agreement within 3 business days.
Email compliance →Questions
For any compliance question or concern: hello@dentybot.com