Privacy Policy

1. Who We Are

Standby Dental ("we", "us", "our") operates the Standby Dental mobile application and web platform (the "Service"). We are a UK-based dental staffing platform connecting dental practices with qualified dental nurses for on-demand shift bookings.

For data protection enquiries, contact us at: privacy@standbydental.com

2. Information We Collect

Information you provide:

• Account information: Name, email address, phone number, role (nurse or practice)
• Professional information (nurses): GDC registration number, qualifications, DBS certificate, indemnity insurance, years of experience, skills
• Practice information: Practice name, address, number of chairs, specialties, CQC registration
• Payment information: Bank details for payouts (processed securely via Stripe — we never store your full bank details)
• Profile photo: Optional profile image
• Messages: Chat messages between nurses and practices

Information collected automatically:

• Location data: GPS coordinates during shift check-in/check-out for geofence verification (only when actively using the app for shifts)
• Device information: Device type, operating system, app version for crash reporting and analytics
• Usage data: App interactions, shift history, and feature usage (anonymised analytics via Firebase Analytics)
• Push notification tokens: For sending shift notifications and updates

3. How We Use Your Information

• Shift matching: To connect nurses with relevant practice shifts based on location, availability, and qualifications
• Identity verification: To verify GDC registration and professional credentials
• Payments: To process nurse payouts and practice invoices via Stripe
• Communication: To send shift notifications, reminders, and in-app messages
• Safety: Geofence verification to confirm nurse attendance at shift locations
• Improvement: To improve our matching algorithms and user experience
• Legal compliance: To comply with UK employment law, tax regulations, and healthcare staffing requirements

4. Legal Basis for Processing (UK GDPR)

• Contract performance: Processing necessary to provide our shift matching and payment services
• Legitimate interests: Fraud prevention, platform safety, service improvement
• Legal obligation: Tax record keeping, employment law compliance, GDC verification
• Consent: Marketing communications (you can opt out at any time)

5. Data Sharing

We never sell your personal data. We share information only with:

• Stripe: Payment processing (PCI-DSS compliant)
• Firebase (Google): Cloud infrastructure, authentication, push notifications
• GDC: Professional registration verification
• The other party in a shift booking: Nurses see practice details; practices see nurse profiles (limited to professional information)

All third-party processors are GDPR compliant and process data only on our instructions.

6. Data Retention

• Active accounts: Data retained while your account is active
• Shift records: Retained for 7 years (UK tax and employment law requirements)
• Messages: Retained for 2 years after the related shift
• Deleted accounts: Personal data erased within 30 days of account deletion request, except where legal retention applies

7. Your Rights (UK GDPR)

You have the right to:

• Access: Request a copy of your personal data
• Rectification: Correct inaccurate data
• Erasure: Delete your account and personal data ("right to be forgotten")
• Portability: Receive your data in a machine-readable format
• Object: Object to processing based on legitimate interests
• Restrict: Restrict how we process your data
• Withdraw consent: Where processing is based on consent

To exercise any right, use the GDPR Data page in the app (Settings → GDPR & Data) or email privacy@standbydental.com. We respond within 30 days.

8. Data Security

• All data encrypted in transit (TLS 1.3) and at rest
• Firebase Authentication with secure session management
• Stripe PCI-DSS Level 1 certified payment processing
• Role-based access controls on all database collections
• Automated fraud detection and anomaly monitoring
• Regular security audits of Firestore security rules

9. Location Data

We collect precise GPS location only during shift check-in and check-out to verify nurse attendance via geofencing. Location is:

• Collected only when you actively tap "Check In" or "Check Out"
• Not tracked in the background
• Stored as part of the shift record for verification purposes
• Retained with the shift record for the standard retention period

You can deny location permissions, but you will be unable to check in/out of shifts.

10. Children's Privacy

Our Service is not intended for anyone under 18. We do not knowingly collect data from minors. If you believe a minor has provided us data, contact us immediately.

11. Cookies & Analytics

Our web application uses Firebase Analytics (anonymised usage data) and essential session cookies. We do not use advertising cookies or third-party tracking.

12. International Transfers

Your data is processed primarily within the UK and EEA. Where data is processed outside the EEA (e.g., Firebase infrastructure), appropriate safeguards are in place including Standard Contractual Clauses.

13. Changes to This Policy

We may update this policy from time to time. We will notify you of material changes via the app or email. Continued use of the Service after changes constitutes acceptance.

14. Contact Us

For privacy enquiries or to exercise your data rights:

• Email: privacy@standbydental.com
• In-app: Settings → GDPR & Data

If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.