← Back to SmileAgent

Privacy Policy

Last updated: 22 February 2026

1. Who We Are

SmileAgent is a dental triage and booking platform operated from Dublin, Ireland. We connect patients with dental clinics for emergency care, cosmetic treatments, and routine checkups.

Data Controller: SmileAgent, Dublin, Ireland
Contact: info@smileagent.ie

2. Health Data — Special Category

SmileAgent processes health-related data including dental symptoms, pain levels, and clinical photographs. Under GDPR Article 9, this is classified as special category data and receives additional protection.

We process health data only with your explicit consent (GDPR Article 9(2)(a)), which you provide when you submit a triage assessment or booking request. You may withdraw consent at any time by contacting us.

3. Information We Collect

We collect only what is necessary to provide the service you have requested:

Emergency Triage Flow

  • Name (optional) and phone number
  • Contact preference (call or SMS)
  • Red flag symptoms selected
  • Pain level (1–10), whether pain is worsening, sleep disruption
  • Chief complaint (free-text description of symptoms)
  • Symptom duration
  • Payment type (private, Medical Card, PRSI)
  • Medical Card last 4 digits (if applicable)
  • Approximate location (for clinic matching — via browser geolocation with your permission, or a default area)

Cosmetic Booking Flow

  • Full name, phone number, email address
  • Home address
  • PPS Number (for Med 2 tax relief form generation only)
  • Treatment selection and selected time slot
  • Dental photograph (optional, for AI smile analysis)
  • Tax eligibility details (who is paying, tax status)
  • Payer details if someone else is paying (name, PPSN, address, relationship)

Automatically Collected

  • IP address (for rate limiting and consent logging)
  • Browser user agent (truncated, for consent records)
  • Geolocation coordinates (only with your explicit browser permission)

We do not collect: date of birth, payment card details, financial account information, or any data from children under 18.

4. How and Why We Use Your Data

Purpose Legal Basis (GDPR)
Emergency triage assessment and clinic referral Explicit consent (Art. 9(2)(a)) for health data; Consent (Art. 6(1)(a)) for personal data
Cosmetic treatment booking and clinic matching Consent (Art. 6(1)(a))
Med 2 tax relief form pre-fill and PDF generation Consent (Art. 6(1)(a))
Generating dentist-ready clinical briefs Explicit consent (Art. 9(2)(a))
GDPR consent record-keeping Legal obligation (Art. 6(1)(c))
Rate limiting and abuse prevention Legitimate interest (Art. 6(1)(f))

5. Who We Share Your Data With

Dental clinics you select. When you submit a booking request or emergency referral, we send a clinical brief to the clinic you chose. This brief contains the information you provided (symptoms, pain level, contact details, payment type). We only share with the specific clinic you selected — never with other clinics or third parties.

Revenue Commissioners. If you use the Med 2 feature, a pre-filled Med 2 form is generated for you to submit to Revenue yourself. SmileAgent does not submit anything to Revenue on your behalf.

We do not sell, rent, or share your data with advertisers, data brokers, analytics providers, or any other third parties.

6. PPS Number Protection

Your PPS Number is collected solely for generating your Med 2 tax relief form. It is:

  • Encrypted at rest using Fernet symmetric encryption (AES-128-CBC)
  • Validated using the Irish modulus-23 check digit algorithm before storage
  • Never shared with clinics — it appears only on the Med 2 PDF that you download
  • Never used for identification, marketing, or any purpose other than Med 2 generation

7. Dental Photographs

If you upload a smile photo for AI analysis, it is stored temporarily on our server for processing. Photos are used only to generate your treatment recommendation and are included with your booking if you proceed. You can choose not to upload a photo — it is entirely optional and does not affect your ability to book.

8. How Long We Keep Your Data

Data Type Retention Period
Booking records 2 years from booking date
Emergency triage briefs 1 year from creation
GDPR consent logs 6 years (legal requirement)
Dental photographs 90 days, or until booking is complete
Med 2 PDFs Available for download for 30 days
Digital signatures 6 years (tax record requirement)

You may request deletion of your data at any time by emailing us. We will delete it within 30 days unless we are legally required to retain it.

9. Your Rights Under GDPR

As a data subject in the EU/EEA, you have the right to:

  • Access — request a copy of the personal data we hold about you
  • Rectification — correct inaccurate or incomplete data
  • Erasure — request deletion of your data ("right to be forgotten")
  • Restrict processing — limit how we use your data
  • Data portability — receive your data in a structured, machine-readable format
  • Object — object to processing based on legitimate interest
  • Withdraw consent — at any time, without affecting the lawfulness of prior processing

To exercise any of these rights, email info@smileagent.ie. We will respond within 30 days.

10. Complaints

If you are not satisfied with how we handle your data, you have the right to lodge a complaint with the Irish Data Protection Commission:

Data Protection Commission
21 Fitzwilliam Square South, Dublin 2, D02 RD28
Website: www.dataprotection.ie
Phone: +353 1 765 0100 / 1800 437 737

11. Cookies and Tracking

SmileAgent does not use cookies, tracking pixels, or third-party analytics services. We do not track your browsing behaviour. The only data we collect is what you explicitly submit through our forms.

12. Security Measures

We take the security of your data seriously. Our measures include:

  • Fernet symmetric encryption (AES-128-CBC) for PII fields at rest
  • HTTPS-only connections (TLS in transit)
  • Content Security Policy headers restricting resource loading
  • Rate limiting to prevent abuse
  • Input validation including PPSN check-digit verification
  • XSS protection via HTML escaping of all user-generated content
  • CORS restricted to authorised domains

No system is 100% secure. If you believe your data has been compromised, contact us immediately at info@smileagent.ie.

13. Children

SmileAgent is not intended for use by anyone under the age of 18. We do not knowingly collect data from minors. If you believe a child has submitted data through our service, please contact us and we will delete it promptly.

14. Changes to This Policy

We may update this policy from time to time. Changes take effect when posted on this page. For material changes affecting how we process health data, we will make reasonable efforts to notify users (e.g. via a notice on the homepage). We recommend checking this page periodically.

15. Contact Us

For any questions about this policy or your personal data:

Email: info@smileagent.ie
Location: Dublin, Ireland

© 2026 SmileAgent. All rights reserved.