Privacy Notice
This notice explains how Fluora Ltd ("Fluora", "we") collects, uses and protects personal data when you visit fluora.co.uk, sign up to our service, or interact with us. We are committed to processing personal data lawfully, fairly and transparently in accordance with the UK GDPR and the Data Protection Act 2018.
1. Who we are
Fluora Ltd is a company registered in England and Wales (company number 17044783) with registered office at Suite A, 82 James Carter Road, Mildenhall, Bury St. Edmunds, IP28 7DE. We are registered with the UK Information Commissioner's Office (ICO), registration number ZC095058.
For privacy questions, contact our Data Protection contact at privacy@fluora.co.uk.
2. Two roles, two notices
Fluora plays two distinct roles depending on whose data is being processed:
- Controller for data of website visitors, dental-practice prospects, our subscribers and their staff (the focus of this notice).
- Processor for patient data handled on behalf of our dental-practice subscribers. That role is governed by our Data Processing Notice.
3. What data we collect (as controller)
| Category | Examples | Source |
|---|---|---|
| Identity & contact | Name, work email, phone, practice name, role | You give us this when enquiring or signing up |
| Account & subscription | Plan tier, billing dates, payment status | Generated by your use of our portal & GoCardless |
| Communications | Emails, SMS messages, support tickets | Direct correspondence |
| Technical & usage | IP address, browser type, pages visited, referrer | Automatically when you visit fluora.co.uk |
| Marketing | Whether you opted into our newsletter or follow-up sequences | Your consent |
4. Why we use it & lawful basis
| Purpose | Lawful basis (UK GDPR Art. 6) |
|---|---|
| Responding to enquiries & demos | Legitimate interests (running our business) |
| Providing the Service to subscribers | Contract performance |
| Billing & financial records | Legal obligation (HMRC) & contract |
| Service improvements (analytics, error logs) | Legitimate interests, balanced against your rights |
| Marketing communications | Consent (you can withdraw at any time) |
| Fraud prevention & security | Legitimate interests & legal obligation |
5. How we use AI
Our voice agent uses large language models (LLMs) and text-to-speech models from ElevenLabs to handle inbound calls. Audio is streamed to ElevenLabs' US servers in real time, transcribed, and a response is generated and spoken back to the caller. We do not use call data to train any third-party model. Call transcripts are retained for 90 days and then deleted (the transcript field is nulled; the call record itself is kept for audit and billing purposes). Audio recordings are not stored by Fluora.
The LLM is constrained by a strict system prompt to: (a) book appointments, (b) answer common practice FAQs from a knowledge base supplied by the practice, (c) escalate clinical or emergency questions to the practice's human staff. It does not give clinical advice.
6. Cookies & similar technologies
Our website uses a small number of cookies and similar storage. You will see a cookie notice on first visit allowing you to accept or reject non-essential cookies. Categories:
| Category | Purpose | Set by | Retention |
|---|---|---|---|
| Strictly necessary | Cookie-consent state, session security | Fluora | 1 year |
| Performance | Anonymised page-view analytics (Google Analytics 4 — when activated) | 14 months | |
| Functional | Form-progress preservation | Fluora | 30 days |
You can change your cookie preferences anytime by clearing your browser's localStorage or contacting privacy@fluora.co.uk.
7. Sharing & sub-processors
We share data with carefully vetted service providers who help us deliver the Service. Each is bound by data-processing agreements requiring at least the same protections as this notice.
For the current, authoritative list of sub-processors we use, see our Sub-processors page. We will notify all customers at least 30 days before any change.
We do not sell or rent personal data to anyone.
8. International transfers
Where any sub-processor processes data outside the UK or EEA, we rely on the UK International Data Transfer Addendum or appropriate Standard Contractual Clauses. We carry out a Transfer Risk Assessment for each such transfer.
9. How long we keep it
| Data type | Retention |
|---|---|
| Enquiry / lead data (no signup) | 12 months from last contact |
| Subscriber account & billing records | Active period + 6 years (HMRC) |
| Marketing email subscribers | Until withdrawal of consent |
| Website analytics (anonymised) | 14 months |
| Support emails | 3 years |
10. Your rights
Under UK GDPR you have the right to:
- Access the personal data we hold about you;
- Request correction of inaccurate data;
- Request erasure (where applicable);
- Restrict or object to certain processing;
- Receive your data in a portable format;
- Withdraw consent at any time (without affecting processing already carried out);
- Lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.
To exercise any right, email privacy@fluora.co.uk. We respond within one calendar month.
11. Security
We implement organisational and technical measures including TLS encryption in transit, encryption at rest for all databases, role-based access control, automated audit logging, and time-limited retention of sensitive content (e.g. call transcripts purged after 90 days). Passwords are hashed; secrets are stored in encrypted vaults. We carry out regular security reviews of our infrastructure.
12. Changes to this notice
We may update this notice when our practices change. The "Effective" date at the top reflects the latest version. Material changes are notified to active subscribers by email at least 14 days before they take effect.
13. Contact
Privacy questions: privacy@fluora.co.uk
General contact: hello@fluora.co.uk
Postal: Fluora Ltd, Suite A, 82 James Carter Road, Mildenhall, Bury St. Edmunds, IP28 7DE