Privacy Policy

Last updated: April 2026

1. Who we are

SuiteGrowth is operated by the team behind Yorkshire Dental Suite and Smile White. When we say "we", "us", or "SuiteGrowth", we mean the entity responsible for processing your data. Our registered address is available on request via our contact page.

2. What data we collect

We collect data in two contexts:

From practice owners (our clients):

  • Practice name, contact name, email address, and phone number submitted via our contact form
  • Number of clinics and any details shared in your message

From patients (via our platform):

  • First name and mobile number (provided by the practice's existing patient management system)
  • WhatsApp message content exchanged with our automated follow-up system
  • Sentiment data derived from those conversations (e.g. happy, neutral, unhappy)

We do not collect medical records, treatment details, clinical notes, or any health data. Our system only handles post-appointment follow-up communication.

3. How we use your data

  • To send automated WhatsApp follow-ups after appointments on behalf of the practice
  • To classify patient sentiment and route feedback appropriately
  • To generate Google review links for satisfied patients
  • To alert practices about unhappy patients so they can respond directly
  • To respond to enquiries submitted through our contact form
  • To improve our service based on aggregated, anonymised usage patterns

4. Legal basis for processing

We process data under the following legal bases as defined by UK GDPR:

  • Legitimate interests: Post-appointment follow-ups and feedback collection serve the legitimate interests of dental practices in improving patient experience
  • Contractual necessity: Processing client data to deliver the SuiteGrowth service
  • Consent: Where required, patients can opt out of further messages at any time by replying STOP

5. Data sharing

We do not sell your data. We share data only with:

  • The dental practice that the patient is registered with (sentiment alerts, feedback summaries)
  • WhatsApp / Meta: Messages are delivered via the WhatsApp Business API
  • AI providers: Conversation content is processed by our AI system to generate natural responses. No patient data is stored by these providers beyond the immediate request
  • Hosting providers: Our infrastructure is hosted on secure, UK/EU-based or GDPR-compliant servers

6. Data retention

Contact form submissions are retained for as long as the enquiry is active. Patient conversation data is retained for a maximum of 12 months from the date of the last interaction, after which it is automatically deleted. Practices may request earlier deletion at any time.

7. Your rights

Under UK GDPR, you have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your data
  • Object to processing based on legitimate interests
  • Withdraw consent at any time (where processing is based on consent)
  • Lodge a complaint with the Information Commissioner's Office (ICO)

To exercise any of these rights, contact us via our contact page.

8. Security

We use industry-standard security measures including encryption in transit (TLS), secure API key management, rate limiting, and access controls. We regularly review our security practices and limit access to personal data to authorised personnel only.

9. Cookies

Our website uses essential cookies only. We do not use tracking cookies, advertising cookies, or third-party analytics that track individual users. No cookie consent banner is required as we only use strictly necessary cookies.

10. Changes to this policy

We may update this policy from time to time. Material changes will be communicated to active clients via email. The "last updated" date at the top of this page will always reflect the most recent version.