GDPR Compliance

Last Updated: 1st March 2026

Fluora Ltd is fundamentally designed from the ground up to comply strictly with the Data Protection Act 2018 and the UK General Data Protection Regulation (UK GDPR). As a service running within the UK healthcare sector, data minimisation and security are our highest mandates.

1. Our Role: Data Processor

Under UK GDPR, the dental practice using Fluora acts as the Data Controller. You determine the purposes and means of processing personal data (e.g., patient phone numbers). Fluora acts strictly as the Data Processor, acting exclusively on your documented instructions.

2. UK Data Sovereignty

All patient communication data handled by Fluora—including SMS logs, voice transcripts, and dashboard analytics—is physically stored in AWS data centres located within London, UK (eu-west-2). We do not offshore your patient database.

3. Right to Erasure (Automated Opt-Out)

Fluora handles patient opt-outs completely automatically. If a patient replies to any Fluora SMS with the word "STOP", "UNSUBSCRIBE", or "CANCEL", our system instantly redacts their number and completely blocks all future outbound texts to that number, strictly adhering to ICO guidelines for direct marketing and transactional messaging.

4. Data Retention Policies

We practice strict data minimisation. Call logs and conversational transcripts are retained only for the duration specified in your specific clinic's Data Processing Agreement (typically 30, 60, or 90 days), after which they are permanently and irrecoverably purged from our active databases.

Data Protection Officer (DPO)

For any SARs (Subject Access Requests) or compliance queries, your designated technical contact point is our UK-based DPO, reachable at dpo@fluora.co.uk. We legally respond to all regulatory enquiries within 72 hours.