Privacy Policy

BosseyAI LTD is a company registered in England and Wales. Our registered address is 86–90 Paul Street, London, EC2A 4NE. We are registered with the Information Commissioner's Office (ICO) under registration number C1894087. We provide AI-powered patient management software to dental clinics, including our AI voice receptionist, Sarah. This Privacy Policy explains how we collect, use, and protect personal data in connection with our services.

We collect and process the following categories of personal data: • Patient name and contact details (first name, last name, phone number) • Appointment information (date, time, treatment type) • Call recordings and transcripts generated by our AI system • Clinic staff information provided during onboarding • Technical data such as IP addresses and usage logs We collect this data directly from patients during AI-assisted calls, and from clinic partners during account setup.

We use personal data for the following purposes: • To book and confirm dental appointments on behalf of clinic partners • To send SMS appointment confirmations to patients • To provide and improve our AI voice receptionist service • To comply with legal obligations • To communicate with clinic partners about their account Our lawful bases under UK GDPR are: legitimate interests (providing the service), contract performance (for clinic partners), and legal obligation (for compliance purposes).

We do not sell or share patient data with any third parties for marketing purposes. Data may be shared with: • Our technology sub-processors (such as cloud hosting and telephony providers) under strict data processing agreements • Clinic partners who are the data controllers for their patients' information • Regulatory authorities where required by law All sub-processors are bound by contractual obligations to protect your data in line with UK GDPR.

We retain personal data only for as long as necessary: • Call recordings and transcripts: 12 months from date of call • Appointment records: 24 months from appointment date • Clinic partner account data: duration of contract plus 6 years (for legal compliance) After these periods, data is securely deleted or anonymised.

Under UK GDPR, you have the right to: • Access the personal data we hold about you • Request correction of inaccurate data • Request deletion of your data (right to erasure) • Object to or restrict our processing of your data • Receive your data in a portable format • Lodge a complaint with the ICO at ico.org.uk To exercise any of these rights, please contact us at info@bosseyai.com. We will respond within 30 days.

We take the security of personal data seriously. BosseyAI uses: • Encryption in transit (TLS) and at rest • Access controls limiting data access to authorised personnel only • Regular security reviews and monitoring • Secure cloud infrastructure with 99.9% uptime guarantees In the event of a data breach that poses a risk to individuals, we will notify the ICO within 72 hours and affected individuals without undue delay.

Our website (bosseyai.com) uses only essential cookies required for the site to function. We do not use tracking or advertising cookies without your explicit consent. You can control cookie preferences through your browser settings at any time.

For any privacy-related questions, data subject requests, or to reach our Data Protection contact: Email: info@bosseyai.com Address: BosseyAI LTD, 86–90 Paul Street, London, EC2A 4NE ICO Registration: C1894087 This Privacy Policy was last updated on 26 March 2026.