Privacy Policy

1. Who We Are

Denverse Ltd ("we", "us", "our") is the data controller responsible for your personal information. We are registered in England and Wales (Company No. 17146294) and operate the educational platform at dentalverse.app.

For privacy-related questions, contact our Data Protection contact: info@dentalverse.app

2. Information We Collect

Account information: Name (display name), email address, phone number, university, year of study, country, and date of birth provided during registration and onboarding.

Phone number: Your phone number is collected during onboarding for identity verification via SMS. Phone verification is mandatory to prevent spam and multi-account abuse. Each phone number can only be linked to one account. Your phone number is stored securely in our database and is not shared with any third party other than Twilio (our SMS verification provider).

Usage data: Pages visited, features used, AI interactions, study progress, quiz attempts, and session duration. This is used to personalise your learning experience and improve the Platform.

AI credit usage: For Pro subscribers, we track the computational cost of each AI interaction to calculate credit consumption against your monthly budget. This data includes the number of credits used per feature and is viewable in Settings → AI Usage. Credit tracking begins from the date your Pro subscription is activated and is calculated from your billing period start date. Free plan users do not have AI credit tracking.

User-generated content: Notes, timestamped video study notes, uploaded files (PDFs, documents), saved items, and messages you send through the Platform. Notes you write must not contain patient-identifying information (the Platform is not a clinical record system).

Video library usage: Your watch progress (how far through each video you have watched), completion status, last-watched timestamps, and timestamped notes are stored in our database linked to your account so that you can resume where you left off and access your notes across devices. This data is private to your account and is not shared with any other user or with the video creators.

Dose calculator inputs: Weight, age, ASA class, medical-condition flags, and any other values you enter into the educational dose calculators are processed in your browser session only. We do not store, log, or transmit calculator inputs to our servers. Inputs reset when you close or reload the calculator page.

Payment information: Billing is handled entirely by Stripe. We receive only a payment confirmation token and the last 4 digits of your card. We never store full card details.

Technical data: IP address, browser type, device information, and cookies. See our Cookie Policy for details.

3. How We Use Your Information

• To provide, operate, and maintain the Platform and its features
• To process subscription payments and send billing receipts
• To personalise your study experience based on progress and usage patterns
• To send important service notifications (billing, policy updates, security alerts)
• To respond to support requests and enquiries
• To improve Platform content and AI model performance (in anonymised, aggregated form)
• To comply with our legal obligations under UK and EU law

We do not sell your personal data to third parties. We do not use your data for advertising purposes.

4. Legal Basis for Processing (UK GDPR)

• Contract: Processing necessary to provide the service you subscribed to
• Legitimate interests: Improving our Platform, preventing fraud, and ensuring security
• Legal obligation: Retaining records as required by UK law (e.g. financial records for 7 years)
• Consent: For optional communications such as newsletters or marketing emails

5. Data Sharing and Third Parties

We share data only with trusted service providers necessary to operate the Platform:

• Supabase: Database and authentication infrastructure (EU-based servers)
• Stripe: Payment processing. Stripe's privacy policy applies to payment data
• Twilio: SMS verification for phone number validation during onboarding. Twilio receives your phone number solely to deliver a one-time verification code. See Twilio's Privacy Policy
• AI Service Providers: Power AI study features including Teach Me, Quiz Me, AI Chat, and related tools. Content submitted to AI features may be processed by our AI providers under their respective data processing agreements. All content is processed solely to deliver educational responses and is not used to train third-party models on your personal data
• PostHog: Product analytics to understand how features are used and improve the Platform. PostHog processes anonymised usage data (pages visited, features used, session duration) and is hosted in the EU (Frankfurt). Data is linked to your account only while you are logged in. See PostHog's Privacy Policy
• Vercel: Platform hosting, deployment infrastructure, and anonymised analytics (page views and performance metrics)
• YouTube (Google LLC): The video library embeds YouTube videos via YouTube's privacy-enhanced iframe player (youtube-nocookie.com). No cookies are set and no data is transferred to YouTube until you actively initiate playback. Once you press play, YouTube may receive your IP address, the video ID, browser information, and — if you are signed in to a Google account in the same browser — identifiers linked to that account. Dentalverse does not transmit your account details to YouTube. Admin playlist imports use the YouTube Data API v3 server-side only (no user data is sent). See Google's Privacy Policy

All third-party providers are required to process data securely and only for specified purposes.

6. Data Retention

We retain your account data for as long as your account is active. If you delete your account, we will delete your personal data within 30 days, except where we are required to retain it by law (e.g. financial transaction records are retained for 7 years as required by UK law).

7. Your Rights

Under UK GDPR, you have the right to:

• Access a copy of the personal data we hold about you
• Rectify inaccurate or incomplete data
• Erase your personal data ("right to be forgotten")
• Restrict processing of your data in certain circumstances
• Port your data to another service
• Object to processing based on legitimate interests
• Withdraw consent at any time for consent-based processing

To exercise any of these rights, contact info@dentalverse.app. We will respond within 30 days.

You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk.

8. Data Security

We implement industry-standard security measures including encrypted data transmission (TLS), row-level security on our database, hashed passwords via Supabase Auth, and access controls. Despite these measures, no system is completely secure. Please use a strong, unique password and contact us immediately if you suspect a security breach.

9. International Transfers

Your data may be processed in countries outside the UK (including the United States, where some of our service providers are based). Where we transfer data internationally, we ensure adequate safeguards are in place as required by UK GDPR.

10. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes by email or a prominent notice on the Platform. The "Last updated" date at the top of this page reflects the most recent revision.

11. Contact