Privacy Policy

Last updated: 6 February 2026

This Privacy Policy explains how Alevian Health (“we”, “us”, “our”) collects and uses personal information when you use our services, including:

• OUCH — a patient-facing service to help arrange emergency dental appointments.
• DAN (Dental Access Network) — a practice-facing portal used by dental practices to manage emergency cases and bookings.

Who we are

Alevian Health is the controller of personal data processed through OUCH and DAN. “Controller” means we decide how and why your personal data is used.

Contact: info@alevianhealth.com

What we collect

Patients (OUCH)

When you use OUCH, we may collect:

• Identity and contact details you provide
• Location details such as postcode (to route you to nearby care)
• Information about your dental problem (symptoms and optional images)
• Appointment and booking details (offered slot times and confirmations)
• Technical information necessary to operate the service (for example session/security data)

Practices (DAN)

When a dental practice uses DAN, we may collect:

• Practice and user details (name, address, contact details)
• Account and login details (managed via our authentication provider)
• Availability and capacity information (to support routing)
• Operational information (case status, timestamps, and audit records)

Special category data (health information)

Some information collected through OUCH may be health information (for example symptom descriptions or images). Health information is “special category” data under UK GDPR and is treated with additional protections.

How we use your information

We use personal information to:

• Provide OUCH and DAN (including routing, booking and communications)
• Enable dental practices to review and accept assigned cases
• Maintain the safety, security, and integrity of the platform
• Handle support requests and resolve issues
• Meet legal, regulatory, and accounting requirements

Lawful bases for processing

Under UK GDPR we rely on the following lawful bases where applicable:

• Contract — where processing is necessary to provide the service you request (for example arranging an appointment).
• Legitimate interests — where necessary to operate and protect the service (for example security and fraud prevention), balanced against your rights.

For special category (health) data we rely on an additional condition, such as processing necessary for the provision of health care and management of health services, and/or where you choose to provide health information to arrange care.

Who we share information with

We may share information with:

• Assigned dental practices — patient information is shared only with the practice that accepts the appointment, and only as needed to deliver care.
• Payment providers — payments are processed by Stripe. We do not store full card details.
• Infrastructure providers — hosting, databases, monitoring and email delivery used to run the service.
• Authorities and advisers — where required by law or to protect rights and safety.

International transfers

Some service providers may process data outside the UK. Where this happens, we use appropriate safeguards (such as contractual protections) to protect your information.

Security

We use technical and organisational measures designed to protect personal information. This includes encryption in transit (HTTPS/TLS), encryption at rest where supported by providers, role-based access controls, and audit logging of key actions.

Data retention

We keep personal information only as long as necessary for the purposes described above, including supporting appointments, handling support queries, and meeting legal and accounting requirements.

Your rights

You may have rights under UK GDPR including the right to access, correct, delete, restrict, or object to processing of your personal information, and the right to data portability. You also have the right to complain to the Information Commissioner’s Office (ICO).

To exercise your rights, contact us at info@alevianhealth.com.

Cookies

We use cookies and similar technologies where necessary to operate the service (for example for session management and security). We do not use cookies for advertising purposes.

Changes to this policy

We may update this policy from time to time. If we make material changes, we will update the “Last updated” date above.