This Privacy Policy explains how So Dental Ltd ("So Dental", "we", "us", "our") collects, uses, stores, and shares personal information about you when you use the So Dental mobile application and any related services (the "Service"). It also tells you about your rights under the UK GDPR and Data Protection Act 2018.
So Dental is a closed professional network for UK General Dental Council ("GDC")-registered dentists and the practices that employ them. It is not a patient-facing service and is not a clinical record system.
If you have any questions about this Policy, contact us at privacy@sodentalnetwork.com.
1. Who we are
So Dental Ltd is a company registered in England and Wales. We are the "data controller" for the personal information described in this Policy.
- Contact: privacy@sodentalnetwork.com
2. What information we collect
2.1 Information you give us when you sign up
- Your full name
- Your professional email address
- Your password (stored as a one-way salted hash — we cannot see it)
- Your account type (dentist or practice representative)
2.2 Information required to verify your professional status
So Dental is a verified-only network. To prove you are a registered dentist you must give us:
- Your GDC registration number
- Confirmation that we may check this number against the public GDC register at gdc-uk.org
We do not store a copy of your GDC certificate or any other document; we only store your number and the verification result.
2.3 Information you choose to share on your profile
- Profile photo and cover photo (optional)
- Display name and biographical text
- Specialism, qualifications, year of qualification
- Workplace history and current practice
- Languages spoken
- Areas of interest and CPD topics
- Connections, followers, and the lists you create
2.4 Information generated by your use of the Service
- Posts, comments, replies, images you upload, and other content you create
- Direct messages you send and receive
- Forums you join, posts you bookmark, jobs you save or apply to
- Practices you follow and dentists you follow
- Reactions (likes, saves) and reports you submit
- Search queries you make inside the app
2.5 Information collected automatically when you use the Service
- Device type, operating system version, and language
- IP address (used for security and to detect abuse)
- Crash reports and diagnostic information (via Sentry — see §5)
- Usage analytics (via PostHog — see §5)
- Push-notification tokens (if you grant push permission)
2.6 Information about applications you submit to jobs
If you apply for a job through So Dental we collect:
- Your CV / résumé (PDF, optional)
- Your cover note text
- The job you applied to
- The date and time of your application
The practice that posted the job sees your application and may contact you.
2.7 What we never collect
- Patient identifiable information. So Dental is not a clinical record system. You agree (in our Terms) not to upload anything that identifies a patient. We run automated face detection and EXIF stripping on every image you upload and reject anything that fails our checks.
- Payment card details. v1 of the Service does not process payments. If we add payments later we will use a PCI-DSS-certified processor and card details will never reach our servers.
3. How we use your information
We process your personal information for the following purposes and on the following legal bases:
| Purpose | Legal basis |
|---|---|
| Provide the Service to you | Performance of our contract |
| Verify your GDC registration | Performance of our contract |
| Authenticate you when you sign in | Performance of our contract |
| Show you relevant content, jobs, and connections | Performance of our contract |
| Send you transactional emails (sign-up, alerts) | Performance of our contract |
| Send you push notifications (if you opt in) | Consent |
| Improve the Service and fix bugs | Legitimate interests |
| Detect and prevent abuse, spam, and fraud | Legitimate interests |
| Comply with legal and regulatory obligations | Legal obligation |
| Send you marketing emails (if you opt in) | Consent |
You can withdraw consent at any time in the app's Settings → Notifications and Settings → Privacy screens.
4. Who we share your information with
We do not sell your personal information to anyone. We share it only with:
4.1 Other users of the Service
- Your profile, posts, comments, and reactions are visible to other verified members of So Dental.
- Your direct messages are visible only to you and the recipient.
- The contents of private forums you join are visible only to members of that forum.
4.2 Service providers we rely on (processors)
| Provider | Purpose | Location |
|---|---|---|
| Supabase | Database, authentication, storage | EU (Frankfurt) |
| Resend | Transactional email | EU / US (SCCs in place) |
| Expo / EAS | Mobile app builds and updates | US (SCCs in place) |
| Sentry | Crash and error reporting | US (SCCs in place) |
| PostHog | Product analytics | EU (Frankfurt) |
| Apple / Google | Push-notification delivery | US (SCCs in place) |
| Cloudflare | CDN and DDoS protection | Global |
Each of these providers acts on our written instructions and is contractually bound to keep your data confidential, secure, and to delete it when we ask.
Where data leaves the UK or the EEA we rely on the UK International Data Transfer Agreement or the EU Standard Contractual Clauses to protect it.
4.3 The GDC (verification only)
We query the public GDC register at gdc-uk.org with your GDC number to confirm that the number corresponds to a registered dentist. The GDC does not receive any personal information from us beyond the query itself.
4.4 Practices that you interact with
If you apply for a job, the practice that posted the job sees your application (your name, profile, CV if uploaded, and cover note).
4.5 Authorities, where required by law
We may disclose your information to the police, regulators, or other authorities where we are legally required to do so or where we believe in good faith that disclosure is necessary to comply with the law or to prevent serious harm.
5. Analytics and crash reporting
We use Sentry to collect crash reports and PostHog to collect anonymous usage analytics so we can find and fix bugs and understand how people use the app.
We have configured both services to strip:
- Message bodies, post content, and image URLs
- Email addresses, full names, and GDC numbers
- Any free-text the user has typed
We log only event names, screen names, and stable user IDs. You can opt out of analytics in Settings → Privacy.
6. How long we keep your information
| Information | Retention |
|---|---|
| Active account data | Until you delete account |
| Deleted-account data (soft delete) | 30 days, then hard-deleted |
| Crash and analytics events | 90 days |
| Server logs (IP, request paths) | 30 days |
| Job applications | 2 years from submission |
| Information we are required to keep by law | Whatever the law requires |
When you delete your account from Settings → Account → Delete account, we mark it as deleted immediately. Other users can no longer see your profile, posts, or messages. After 30 days we hard-delete the underlying data, except where we are legally required to keep it for longer.
7. Your rights
Under the UK GDPR you have the right to:
- Access the personal information we hold about you
- Correct information that is inaccurate or incomplete
- Delete your account and have us erase your personal information
- Restrict or object to certain processing
- Receive a copy of your information in a portable format
- Withdraw consent at any time (where we rely on consent)
- Complain to the Information Commissioner's Office (ico.org.uk)
To exercise any of these rights, email privacy@sodentalnetwork.com or use the in-app shortcuts in Settings → Account:
- "Download my data" generates a JSON export of everything we hold.
- "Delete my account" starts the deletion process described in §6.
We will respond within one calendar month. We may ask for proof of identity before acting on a request.
8. Security
We protect your information with:
- HTTPS / TLS 1.2+ for every connection between the app and our servers
- Encryption at rest for all stored data (AES-256)
- Tokens stored in your phone's secure keychain, never in plain storage
- Row-level security policies that enforce who can read or write each row
- Re-authentication with biometrics before sensitive actions (change email, delete account, export data)
- Server-side rate limiting and abuse detection
- Regular security audits and penetration tests
No system is perfectly secure. If you believe your account has been compromised, contact us immediately at security@sodentalnetwork.com.
9. Children
So Dental is restricted to GDC-registered dentists and the practice staff who employ them. The Service is not directed to or intended for children. We do not knowingly collect information from anyone under 18. If you believe a child has provided us with information, contact us and we will delete it.
10. International users
The Service is intended for use in the United Kingdom only. The verification process relies on the UK GDC register and we do not currently support international registration bodies. If you use the Service from outside the UK, you do so at your own risk.
11. Cookies and similar technologies
The mobile app does not use cookies. It uses secure on-device storage for session tokens, push-notification tokens, and your saved preferences. You can clear this storage by deleting and reinstalling the app.
12. Changes to this Policy
We will update this Policy when our practices change or when the law requires us to. The "Last updated" date at the top tells you when the current version came into effect. Material changes will also be announced in the app and by email at least 14 days before they take effect.
13. Contact us
- General questions: hello@sodentalnetwork.com
- Privacy questions: privacy@sodentalnetwork.com
- Security disclosures: security@sodentalnetwork.com
- Postal: [Registered office address — to be added before launch]
If you are unhappy with how we have handled your information, you can also complain to the Information Commissioner's Office:
- Website: ico.org.uk
- Helpline: 0303 123 1113
- Address: Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF