← Back to Homepage

Privacy Policy

Last updated: April 2026

1. Who We Are

BosseyAI LTD ("BosseyAI", "we", "us", "our") is a company registered in England and Wales.

  • Company No: 17105662
  • ICO Registration: ZC108524
  • Registered address: 128 City Road, London, EC1V 2NX
  • Contact: hello@bosseyai.com

2. What Data We Collect

When you interact with our website or services, we may collect:

  • Contact information — name, email address, phone number, and clinic name when you submit our contact form or book a consultation.
  • Usage data — pages visited, time on site, and referral source (via analytics cookies, with your consent).
  • Technical data — IP address, browser type, device type, and operating system collected automatically when you visit our site.
  • Communications — any information you send us via email or contact form.

For dental clinics using BosseyAI services, we process patient data solely as a data processor on behalf of the clinic (the data controller). A Data Processing Agreement (DPA) is signed before any patient data is processed.

3. Why We Collect It (Legal Basis)

  • Legitimate interest — to respond to your enquiries and provide our services.
  • Contract performance — to deliver services to clients who have signed an agreement with us.
  • Legal obligation — to comply with applicable laws and regulations.
  • Consent — for analytics and non-essential cookies (you can withdraw consent at any time).

4. Cookies

We use two types of cookies:

  • Essential cookies — required for the site to function. These cannot be turned off.
  • Analytics cookies — help us understand how visitors use our site (e.g. which pages are most viewed). These are only set with your explicit consent via the cookie banner.

You can withdraw consent for analytics cookies at any time by clearing your browser's local storage or contacting us at hello@bosseyai.com.

5. How We Share Data

We do not sell your data. We share data only where necessary:

  • Service providers — infrastructure partners (cloud hosting, database, SMS delivery) who process data on our behalf under strict data processing agreements.
  • Legal requirements — where required by law, court order, or regulatory authority.

All third-party processors are GDPR-compliant and, where applicable, covered by the UK adequacy decision or Standard Contractual Clauses for international transfers.

6. How Long We Keep Data

  • Contact form enquiries: up to 2 years or until you request deletion.
  • Client contract data: 6 years (UK legal requirement for business records).
  • Analytics data: 26 months (standard retention period).

7. Your Rights

Under UK GDPR, you have the right to:

  • Access — request a copy of personal data we hold about you.
  • Rectification — ask us to correct inaccurate data.
  • Erasure — ask us to delete your data ("right to be forgotten").
  • Restriction — ask us to restrict how we process your data.
  • Portability — receive your data in a structured, machine-readable format.
  • Object — object to processing based on legitimate interest.
  • Withdraw consent — where processing is based on consent, you can withdraw it at any time.

To exercise any of these rights, email hello@bosseyai.com. We will respond within 30 days.

You also have the right to lodge a complaint with the ICO at ico.org.uk.

8. Security

We implement appropriate technical and organisational measures to protect your data against unauthorised access, loss, or disclosure. All data in transit is encrypted using TLS. Access to systems containing personal data is restricted to authorised personnel only.

9. Changes to This Policy

We may update this policy from time to time. The date at the top of this page will always reflect the most recent version. Significant changes will be communicated via email to active clients.

10. Contact Us

For any privacy-related questions, data subject requests, or complaints:

BosseyAI LTD | Company No: 17105662 | ICO: ZC108524