Data Processing

How OpenDentist processes, stores, and protects patient data throughout the clinical note generation workflow.

Data Protection Impact Assessment (DPIA)

A comprehensive DPIA has been completed and is kept under ongoing review, covering all processing activities including audio capture, speech-to-text transcription, AI-assisted clinical note generation, and encrypted data storage.

The DPIA was approved by the Data Protection Officer and identifies risks and mitigations for processing special category health data using innovative AI technology. All identified risks have been mitigated to Low or Very Low residual risk levels.

Data Flow

Audio Capture

Consultation audio captured via lapel microphone, encrypted at source with TLS 1.3

Transcription

Speech-to-text conversion via encrypted API call to transcription provider (zero data retention)

AI Note Generation

Transcript processed by AI to produce structured clinical notes (zero data retention)

Clinician Review

Mandatory review, editing, and approval by the treating clinician before finalisation

Record Export

Approved clinical notes available for export to practice management system (PMS)

Note: Audio recordings are automatically deleted as soon as the transcript has been processed. Audio is not permanently retained unless the clinician explicitly elects to keep it in their account settings.

Lawful Basis for Processing

Art 6(1)(e)Public interest — processing necessary for the provision of healthcare

Art 9(2)(h)Healthcare provision — processing of special category health data with appropriate safeguards

The dental practice acts as the Data Controller. OpenDentist acts as a Data Processor under a signed Data Processing Agreement (DPA).

Data Retention

Data Type	Retention Period	Basis
Approved clinical notes	11 years (adults) / 25 years (children)	NHS Records Management Code of Practice 2021
Consultation transcripts (default)	Same as clinical notes	Part of the clinical record
Consultation transcripts (opt-out)	Deleted after 7 days	Clinician preference
Audio recordings (default)	Deleted once transcript is processed	Automated secure deletion immediately after transcript creation
Audio recordings (clinician-elected)	11 years (adults) / 25 years (children)	NHS RMCOP
Audit logs	12 months minimum	Security monitoring
Billing records	6 years	HMRC statutory requirement

Sub-processors

Sub-processor	Function	Data Accessed	Location
AWS	Cloud hosting, database, and encrypted storage	All platform data (encrypted at rest and in transit)	United Kingdom (eu-west-2, London)
Stripe	Payment processing and subscription management	Billing data only (no health data)	United Kingdom / EEA
Cloudflare	DDoS protection, WAF, and CDN	Network traffic metadata	United Kingdom edge nodes
AI providers	Speech-to-text transcription and clinical note generation	Consultation data (zero data retention)	Available on request under NDA

Full sub-processor list including AI provider details is available on request under NDA. All sub-processors are governed by signed Data Processing Agreements. Contact us.

International Data Transfers

All patient health data is stored within the United Kingdom (AWS eu-west-2, London)

AI processing involves encrypted API calls to providers under UK International Data Transfer Agreements (IDTA) or UK Addendum to EU Standard Contractual Clauses (SCCs)

Zero data retention agreements mean no patient data is stored outside the UK by any AI provider

Full details of international data transfer safeguards are available on request under NDA. Contact us.