Skip to content
Dentry

Privacy Policy

Last updated: 29 June 2026

This Privacy Policy explains how Roques OÜ ("Dentry", "we") processes personal data of users who access the marketing website at https://dentry.app or use the Dentry platform. Dentry is a software-as-a-service (SaaS) dental clinic management platform aimed at dental clinics and studios; it is a business-to-business (B2B) service and is not directed at consumers. We are committed to complying with Regulation (EU) 2016/679 (GDPR).

This Policy is published in English and Italian. The Italian version is the legally authoritative text; in the event of any discrepancy between the two versions, the Italian version prevails.

Data controller

The controller of personal data processed in connection with the Dentry platform and website is:

Roques OÜ Ahtri tn 12 15551 Tallinn (Estonia) Contact / Data Protection Officer: hello.dentry@gmail.com

For personal data that a clinic enters about its own staff (described in the section "Staff data entered by the clinic"), the clinic is the data controller and Dentry acts as a processor on the clinic's behalf under Article 28 GDPR.

Data we process

The personal data we process depends on how you use the website and the platform.

Registration and account data

When a clinic or a clinic user registers and uses an account, we process the user's name, work email address, details of the clinic or practice, and the user's role and user type within the platform (for example DOCTOR, ASSISTANT, or SECRETARY). For paid plans, we also process payment data, which is tokenized and handled by Stripe; Dentry stores only the last digits of the card and never the full card number.

Staff data entered by the clinic

When a clinic uses Dentry to manage its workforce, the clinic enters data about its own staff. The clinic is the data controller of this content and Dentry acts solely as a processor under Article 28 GDPR, processing the data on the clinic's documented instructions and only to provide the contracted service. This content may include:

  • employee profiles and contact details
  • skills, competencies, and assessments
  • professional development plans
  • schedules, shifts, and working-time data
  • room and seat assignments
  • tasks and their status
  • key performance indicators (KPIs) and performance evaluations
  • bonus and incentive data
  • uploaded documents, employee avatars, and clinic logos

Technical data

To ensure the security and operation of the service, we process certain technical data: IP address, access logs, device and browser identifiers, and performance and error logs.

Marketing website (dentry.app)

The marketing website uses Vercel Web Analytics, a privacy-friendly analytics tool that does not use cookies and does not collect personally identifiable information; it reports only aggregated, anonymous usage statistics. If you submit the contact form on the website, we collect your name, work email, clinic, and message, which are sent to us through Resend so that we can reply to your enquiry.

Purposes of processing

  • provide and operate the platform, including scheduling and shift management, seat and room management, employee profiles, tasks, KPIs, performance evaluation, and bonuses
  • create and manage user accounts, including operational communications, technical notifications, and relevant service information
  • process billing and payments when a clinic subscribes to a paid plan
  • respond to enquiries submitted through the website contact form
  • maintain the security, integrity, and performance of the service, including troubleshooting and abuse prevention
  • comply with applicable legal obligations
  • send commercial communications, only where you have given consent or where sending is covered by our legitimate interest in a B2B context

Legal basis for processing

  • Performance of a contract (Art. 6(1)(b) GDPR), when we process data necessary to provide the platform and manage your account
  • Compliance with a legal obligation (Art. 6(1)(c) GDPR), when the law requires us to retain or process certain data
  • Legitimate interest (Art. 6(1)(f) GDPR), to keep the service secure and performant, to respond to enquiries, and for commercial communications in B2B relationships
  • Consent (Art. 6(1)(a) GDPR), when we send non-essential communications; consent can be withdrawn at any time

Disclosure of data and sub-processors

  • Railway — hosting and infrastructure for the platform
  • Vercel — hosting of the marketing website and cookieless, privacy-friendly analytics
  • Resend — delivery of transactional and contact-form email
  • Stripe — payment processing for paid plans

Other disclosures

We may also disclose data to public authorities where we are under a legal obligation to do so, and to a clinic's own authorized users when the clinic grants them access to its workspace. All providers with access to personal data act as processors under Article 28 GDPR and are bound to process data only on our instructions.

International transfers

The servers used to provide the Dentry platform are located within the European Economic Area (EEA), and our sub-processors process data within the EEA. Personal data is not transferred to third countries in the ordinary course of providing the service. Should any provider process data outside the EEA, we will ensure that the transfer is subject to appropriate safeguards under Chapter V GDPR, such as the European Commission's standard contractual clauses (SCCs).

Data retention

We retain personal data for as long as the account is active. After an account is closed, data remains accessible for the period indicated in the Terms and Conditions and is then deleted or blocked, unless a legal obligation requires us to retain it for longer. Staff data entered by a clinic is retained and deleted in accordance with the clinic's instructions and our data processing agreement with the clinic. Technical logs are kept only for as long as necessary for security and operational purposes.

Your rights

  • access your personal data
  • rectify inaccurate or incomplete data
  • erase your data where applicable
  • restrict processing in certain circumstances
  • object to processing based on our legitimate interest
  • data portability
  • withdraw consent at any time, without affecting the lawfulness of processing carried out before withdrawal

How to exercise your rights

To exercise any of these rights, send an email to hello.dentry@gmail.com; we may need to verify your identity before acting on your request. If your request concerns staff data entered by a clinic, where Dentry acts as a processor, we will refer you to the clinic as the data controller or act on the clinic's instructions. You also have the right to lodge a complaint with the competent supervisory authority (in Italy, the Garante per la protezione dei dati personali).

Data security

We apply technical and organizational measures designed to protect personal data against unauthorized access, alteration, disclosure, or loss, including access controls, encryption in transit, and isolation between clinics in our multi-tenant architecture. Although no system can be guaranteed completely secure, we adopt security standards appropriate to the nature of the data we process.

Staff data entered by the clinic (Dentry as processor)

Each clinic is responsible for ensuring that it has a valid legal basis and the necessary authorizations to enter personal data about its staff into the platform, and for providing those individuals with any required information. For this content, Dentry acts solely as a processor under Article 28 GDPR, processing the data on the documented instructions of the clinic and exclusively to provide the contracted service. The terms governing this relationship are set out in the data processing agreement between Dentry and the clinic.

Updates to this Policy

We may update this Privacy Policy when necessary to reflect regulatory, technical, or operational changes. The current version is always the one published at https://dentry.app. Where changes are material, we will take reasonable steps to inform you.