Last updated: 4 July 2026
Who we are
DentalPing is a product of Dental IT Ltd, a company registered in England and Wales (company number 05785120), with its registered office at 3A Abbeydale Road South, Sheffield, S7 2QL, United Kingdom. DentalPing connects a dental practice's Dentally practice management system to WhatsApp so the practice can send appointment reminders and recall invitations, exchange two-way messages with patients, and have appointment confirmations written back into Dentally automatically.
You can contact us about anything in this policy at support@dentalit.ltd.uk or on 01433 377 977.
Our role: who is responsible for your data
DentalPing is used by dental practices, who are our customers. If you are a patient, your dental practice decides what messages are sent to you and why; in data protection terms the practice is the data controller for your information. Dental IT Ltd operates DentalPing as a data processor, which means we handle patient information only on the practice's behalf and only on its instructions, under a written data processing agreement.
In plain terms: your relationship is with your dental practice. We provide the plumbing that carries the messages, and we do not use your information for our own purposes.
For practice staff who hold DentalPing accounts, Dental IT Ltd is the controller of the account details described below.
What data we process
Practice staff account details. Name and work email address, used to sign in to DentalPing and manage the practice's inbox and settings.
Patient contact details. Name and mobile phone number, drawn from the practice's Dentally system, used to address and send messages.
Appointment and recall information. Appointment date and time, the practitioner, the appointment or recall status, and related booking details drawn from Dentally, used to compose reminders and recall invitations and to update Dentally when a patient confirms.
Message content. The content of WhatsApp messages exchanged between the practice and its patients, including inbound patient replies, held so the practice can view and respond to conversations in its DentalPing inbox.
Where the data comes from
Patient and appointment data comes from the practice's own Dentally account, accessed through the Dentally API with the practice's explicit authorisation. Each practice connects its own Dentally account and its own WhatsApp Business number; data is kept separate for each practice. Inbound message content comes from patients themselves when they reply over WhatsApp.
How we use the data
We use the data solely to provide the DentalPing service to the practice, specifically to:
- send appointment reminders and recall invitations to patients over WhatsApp;
- deliver patient replies into a shared inbox, where they are handled by practice staff or, where the practice has enabled it, an automated assistant;
- write appointment confirmations and status updates back into the practice's Dentally system;
- operate, secure, troubleshoot and improve the service.
We do not sell personal data. We do not use patient data for advertising or marketing of any kind, and we do not use it to train models unrelated to providing the service.
Third parties and sub-processors
To deliver the service we use a small number of sub-processors:
- WhatsApp and Meta. Messages are delivered through the WhatsApp Business Platform, operated by Meta. Message delivery is therefore also subject to Meta's own terms and privacy policy, available from Meta.
- Hosting. DentalPing is hosted with Fly.io, with application hosting in the London (lhr) region. Object storage and backups are provided by Cloudflare R2. Data is hosted in the United Kingdom and EU.
- SMS fallback. Where a message cannot be delivered over WhatsApp and the practice has enabled SMS fallback, messages are sent through a third party SMS provider.
We maintain a current list of sub-processors and will provide it to practices on request. Sub-processors are bound by written agreements that impose data protection obligations equivalent to our own.
Lawful basis
We process patient data on the documented instructions of the practice, as the practice's processor, under Article 28 of the UK GDPR and a written data processing agreement. The lawful basis for messaging patients (for example legitimate interests, or consent where required) is determined by the practice as controller, and it is the practice's responsibility to establish it. For practice staff account data, our lawful basis is the performance of our contract with the practice and our legitimate interests in running and securing the service.
How long we keep data
Message content and appointment data are retained only for as long as needed to provide the service to the practice, or as the practice instructs, and are then deleted. By default, message history is retained for 24 months. When a practice leaves DentalPing, its data is deleted or returned in line with our data processing agreement, normally within 30 days of termination.
Security
We apply appropriate technical and organisational measures, including encryption of data in transit, access controls so that each practice can only see its own data, authentication for all staff access, logging and monitoring, and hosting in the United Kingdom and EU. Our internal access to patient data is restricted to what is necessary to operate and support the service.
Your rights
If you are a patient and want to exercise your rights under UK data protection law, including access, correction, deletion, restriction or objection, please contact your dental practice, as the data controller. We support practices in responding to these requests, and if a request reaches us directly we will pass it promptly to the relevant practice. You also have the right to complain to the Information Commissioner's Office (ico.org.uk).
Practice staff wishing to exercise rights over their account data can contact us directly using the details above.
International transfers
DentalPing stores its data in the United Kingdom and EU. Where any transfer outside the UK or EEA is required, for example because message delivery passes through Meta's WhatsApp infrastructure or SMS fallback is delivered through a third party SMS provider, it takes place under appropriate safeguards such as the UK Addendum to the EU Standard Contractual Clauses or an adequacy decision.
Changes to this policy
We may update this policy from time to time. The latest version will always be published at this address, and the date at the top shows when it last changed. Where a change materially affects how we process data for practices, we will notify our practice customers directly.
Governing law
This policy, and any dispute arising from it, is governed by the law of England and Wales.