Skip to main content
Stellar Dental Notes Logo STELLAR DENTAL NOTES

Privacy Policy

Last Updated: 3 March 2026

How Stellar AI Ltd collects, uses, and protects personal data when you use our websites, applications, and Stellar Dental Notes services.

1. Who We Are

Stellar AI Ltd ("Stellar AI", "we", "us", "our") develops and provides secure clinical documentation software for dental professionals under the brand Stellar Dental Notes.

We are a company incorporated in England and Wales and are committed to protecting personal data in accordance with:

  • The UK General Data Protection Regulation (UK GDPR)
  • The Data Protection Act 2018
  • Applicable professional and healthcare regulatory standards

This Privacy Policy explains how we collect, use, process, protect and manage personal data when you use our websites, applications, and related services.

Our services are intended solely for qualified dental professionals and authorised practice staff. They are not directed at members of the public or children.

2. Scope of This Policy

This Privacy Policy applies to:

  • Users of the Stellar Dental Notes platform
  • Dental professionals subscribing to our services
  • Individuals interacting with our website
  • Prospective customers
  • Account holders and billing contacts

This Policy covers:

  • Personal data collected directly from you
  • Personal data processed within the software
  • Technical and security data generated through system use

It does not apply to third-party websites or services linked from our platform. Where external links are provided, those providers operate under their own privacy policies.

3. Regulatory Framework and Healthcare Context

Stellar Dental Notes is designed for use within regulated dental environments, including NHS and mixed NHS/private practices.

We recognise that:

  • Dental records constitute health-related information.
  • Health-related information is treated with heightened protection under UK GDPR.
  • Dental practices are subject to regulatory oversight (including CQC and NHS contractual obligations).

For that reason, our systems are built around the principles of:

  • Data minimisation
  • Controlled access
  • Secure processing
  • Defined retention
  • Professional accountability

4. Data Controller and Data Processor Roles

Understanding roles is essential.

4.1 Clinical Documentation

When clinical notes are created within Stellar Dental Notes:

  • The dental practice or clinician determines the purpose and content of the documentation.
  • The dental practice or clinician is therefore the Data Controller.
  • Stellar AI Ltd acts strictly as a Data Processor.

We process clinical data only:

  • On the documented instructions of the Controller.
  • For the purpose of delivering the agreed service.
  • In accordance with applicable data protection law.

We do not determine clinical content, and we do not use clinical content for independent purposes.

4.2 Account and Administrative Data

For the purposes of:

  • Managing subscriptions
  • Billing
  • Customer support
  • Service administration
  • Website management

Stellar AI Ltd acts as an independent Data Controller.

5. Categories of Data We Process

We process the following categories of personal data:

5.1 Professional Identity Data

  • Name
  • Professional title
  • Practice name
  • Business contact details
  • Login credentials

5.2 Clinical Documentation Data

  • Patient initials (where entered by clinician)
  • Clinical observations
  • Treatment notes
  • Appointment summaries
  • Time and usage metadata associated with documentation

We do not collect or store:

  • Full patient names
  • NHS numbers
  • Dates of birth
  • Home addresses

Users are responsible for ensuring identifiable patient information is not entered into the system.

5.3 Technical and Security Data

  • IP address
  • Browser type and version
  • Device information
  • Authentication logs
  • Access timestamps
  • Security audit logs

5.4 Transaction and Billing Data

  • Subscription status
  • Payment confirmation data
  • Transaction identifiers

Payment card information is processed by secure third-party payment providers and is not stored by us.

5.5 Aggregated and Statistical Data

We may generate anonymised, aggregated statistical information relating to system usage, feature adoption, and performance metrics. Such data does not identify individuals and may be retained for service improvement purposes.

6. How Data Is Collected

We collect data through:

  • Direct account registration
  • Subscription purchase
  • Use of the software platform
  • Communication with our support team
  • Automated system logging for security and performance

We do not purchase personal data from data brokers.

7. AI-Assisted Documentation and Transcription

Stellar Dental Notes includes optional AI-assisted functionality to support clinical documentation.

7.1 Audio Processing

Where audio transcription features are used:

  • Audio is processed securely for transcription purposes.
  • Raw audio recordings are not retained by Stellar AI.
  • Audio is not stored in our systems after transcription is completed.

7.2 Transcript Handling

  • Transcripts generated through transcription are stored as part of the clinical record while the account remains active.
  • Intermediate processing data is not retained beyond generation of the final note.

7.3 AI Processing Safeguards

We use secure AI service providers under contractual arrangements that:

  • Prohibit the use of customer data for model training.
  • Require appropriate technical and organisational safeguards.
  • Impose confidentiality and processing restrictions.

AI systems are used solely to structure and format clinician-generated content. They are not used for automated decision-making about patients.

No automated clinical decisions are made by the system.

8. Purpose of Processing

We process personal data to:

  • Deliver clinical documentation functionality
  • Maintain user accounts
  • Provide transcription services
  • Manage subscriptions and billing
  • Provide customer support
  • Maintain system security
  • Monitor performance and prevent misuse
  • Comply with legal obligations

We do not sell personal data.

9. Lawful Bases for Processing

Under UK GDPR, we rely on the following lawful bases:

  • Article 6(1)(b) – Performance of a contract
  • Article 6(1)(f) – Legitimate interests (security, service integrity)
  • Article 6(1)(c) – Compliance with legal obligations

Health-related data is processed under the authority of the Data Controller (the dental practice or clinician).

10. Security and Access Controls

We implement appropriate technical and organisational measures including:

  • Encryption in transit
  • Encryption at rest
  • Controlled access to production systems
  • Mandatory multi-factor authentication for administrative access
  • Role-based access controls
  • Access logging and monitoring
  • Secure backup management
  • Automated account deletion processes

Access to personal data is restricted to authorised personnel with a defined operational need.

11. Data Minimisation and System Design Principles

Stellar Dental Notes has been designed to minimise unnecessary data collection.

Key principles include:

  • No storage of raw audio recordings
  • No storage of full patient identifiers
  • Separation of clinical content from billing data
  • Limited retention of technical logs
  • Strict deletion controls

12. Data Retention and Deletion

We retain personal data only for as long as necessary to fulfil contractual and legal obligations.

12.1 Active Accounts

Clinical documentation and transcripts are retained while the subscription remains active.

12.2 Account Closure

Upon confirmed account closure:

  • All clinical note content and associated transcripts are permanently deleted within 30 days.
  • System backups are overwritten within 7 days in accordance with secure backup cycles.
  • Fully anonymised, non-identifiable statistical data may be retained.

Deletion processes are automated and do not require manual intervention once triggered.

13. Data Sharing Principles

We may share personal data with:

  • Service providers acting as processors for IT, hosting, security, or payment services
  • Professional advisers (legal, accounting, insurance)
  • Regulatory authorities where legally required
  • Successor entities in the event of corporate restructuring

All third parties are required to process data only in accordance with our instructions and applicable law.

14. International Data Transfers

Where personal data is transferred outside the United Kingdom or European Economic Area, we ensure appropriate safeguards are in place in accordance with UK GDPR, including legally recognised transfer mechanisms.

15. Individual Rights

Under UK data protection law, individuals may have the right to:

  • Access their personal data
  • Request correction
  • Request deletion
  • Restrict processing
  • Object to processing
  • Request data portability
  • Withdraw consent where applicable

Requests may be made by contacting us at privacy@stellarai.co.uk.

We will respond within one month, subject to verification of identity.

16. Complaints

If you believe your data protection rights have been breached, you may contact us in the first instance.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO): www.ico.org.uk

17. Data Processing Agreement

A Data Processing Agreement compliant with Article 28 UK GDPR is available to dental practices upon request.

18. Changes to This Policy

We may update this Privacy Policy from time to time. The latest version will always be available on our website with the effective date stated above.

19. Contact Details

Stellar AI Ltd
Email: privacy@stellarai.co.uk