This Privacy Policy explains how So Dental Ltd ("So Dental", "we", "us", "our") collects, uses, stores, and shares personal information about you when you use the So Dental mobile application and any related services (the "Service"). It also tells you about your rights under the UK GDPR and Data Protection Act 2018.

So Dental is a closed professional network for UK General Dental Council ("GDC")-registered dentists and the practices that employ them. It is not a patient-facing service and is not a clinical record system.

If you have any questions about this Policy, contact us at privacy@sodentalnetwork.com.


1. Who we are

So Dental Ltd is a company registered in England and Wales. We are the "data controller" for the personal information described in this Policy.


2. What information we collect

2.1 Information you give us when you sign up

2.2 Information required to verify your professional status

So Dental is a verified-only network. To prove you are a registered dentist you must give us:

We do not store a copy of your GDC certificate or any other document; we only store your number and the verification result.

2.3 Information you choose to share on your profile

2.4 Information generated by your use of the Service

2.5 Information collected automatically when you use the Service

2.6 Information about applications you submit to jobs

If you apply for a job through So Dental we collect:

The practice that posted the job sees your application and may contact you.

2.7 What we never collect


3. How we use your information

We process your personal information for the following purposes and on the following legal bases:

Purpose Legal basis
Provide the Service to you Performance of our contract
Verify your GDC registration Performance of our contract
Authenticate you when you sign in Performance of our contract
Show you relevant content, jobs, and connections Performance of our contract
Send you transactional emails (sign-up, alerts) Performance of our contract
Send you push notifications (if you opt in) Consent
Improve the Service and fix bugs Legitimate interests
Detect and prevent abuse, spam, and fraud Legitimate interests
Comply with legal and regulatory obligations Legal obligation
Send you marketing emails (if you opt in) Consent

You can withdraw consent at any time in the app's Settings → Notifications and Settings → Privacy screens.


4. Who we share your information with

We do not sell your personal information to anyone. We share it only with:

4.1 Other users of the Service

4.2 Service providers we rely on (processors)

Provider Purpose Location
Supabase Database, authentication, storage EU (Frankfurt)
Resend Transactional email EU / US (SCCs in place)
Expo / EAS Mobile app builds and updates US (SCCs in place)
Sentry Crash and error reporting US (SCCs in place)
PostHog Product analytics EU (Frankfurt)
Apple / Google Push-notification delivery US (SCCs in place)
Cloudflare CDN and DDoS protection Global

Each of these providers acts on our written instructions and is contractually bound to keep your data confidential, secure, and to delete it when we ask.

Where data leaves the UK or the EEA we rely on the UK International Data Transfer Agreement or the EU Standard Contractual Clauses to protect it.

4.3 The GDC (verification only)

We query the public GDC register at gdc-uk.org with your GDC number to confirm that the number corresponds to a registered dentist. The GDC does not receive any personal information from us beyond the query itself.

4.4 Practices that you interact with

If you apply for a job, the practice that posted the job sees your application (your name, profile, CV if uploaded, and cover note).

4.5 Authorities, where required by law

We may disclose your information to the police, regulators, or other authorities where we are legally required to do so or where we believe in good faith that disclosure is necessary to comply with the law or to prevent serious harm.


5. Analytics and crash reporting

We use Sentry to collect crash reports and PostHog to collect anonymous usage analytics so we can find and fix bugs and understand how people use the app.

We have configured both services to strip:

We log only event names, screen names, and stable user IDs. You can opt out of analytics in Settings → Privacy.


6. How long we keep your information

Information Retention
Active account data Until you delete account
Deleted-account data (soft delete) 30 days, then hard-deleted
Crash and analytics events 90 days
Server logs (IP, request paths) 30 days
Job applications 2 years from submission
Information we are required to keep by law Whatever the law requires

When you delete your account from Settings → Account → Delete account, we mark it as deleted immediately. Other users can no longer see your profile, posts, or messages. After 30 days we hard-delete the underlying data, except where we are legally required to keep it for longer.


7. Your rights

Under the UK GDPR you have the right to:

To exercise any of these rights, email privacy@sodentalnetwork.com or use the in-app shortcuts in Settings → Account:

We will respond within one calendar month. We may ask for proof of identity before acting on a request.


8. Security

We protect your information with:

No system is perfectly secure. If you believe your account has been compromised, contact us immediately at security@sodentalnetwork.com.


9. Children

So Dental is restricted to GDC-registered dentists and the practice staff who employ them. The Service is not directed to or intended for children. We do not knowingly collect information from anyone under 18. If you believe a child has provided us with information, contact us and we will delete it.


10. International users

The Service is intended for use in the United Kingdom only. The verification process relies on the UK GDC register and we do not currently support international registration bodies. If you use the Service from outside the UK, you do so at your own risk.


11. Cookies and similar technologies

The mobile app does not use cookies. It uses secure on-device storage for session tokens, push-notification tokens, and your saved preferences. You can clear this storage by deleting and reinstalling the app.


12. Changes to this Policy

We will update this Policy when our practices change or when the law requires us to. The "Last updated" date at the top tells you when the current version came into effect. Material changes will also be announced in the app and by email at least 14 days before they take effect.


13. Contact us

If you are unhappy with how we have handled your information, you can also complain to the Information Commissioner's Office: