Privacy Notice
Last updated: January 2026
1. Who We Are
Alert Action Draft ("we", "us", "our") is a service that helps dental practices manage stock alerts by transforming them into actionable drafts.
Data Controller: Alert Action Draft
Contact: privacy@alertactiondraft.co.uk
2. What Data We Collect
We collect and process the following categories of personal data:
- Contact Information: Your email address (to send Action Draft emails)
- Business Data: Product names, stock quantities, supplier information (from Denven alerts)
- Usage Data: Your confirmation choices and timestamps
- Technical Data: IP addresses and error logs (for security and debugging)
3. How We Use Your Data
We process your data for the following purposes:
| Purpose | Legal Basis |
|---|---|
| Providing our core service (parsing alerts, generating drafts, sending emails) | Contract performance |
| Storing your decision history to improve future suggestions | Legitimate interests |
| Security monitoring and error tracking | Legitimate interests |
4. Data Retention
We retain your data for the following periods:
- Action Drafts: 90 days from creation
- Confirmation Records: 1 year
- Error Logs: 30 days
After these periods, your data is automatically deleted.
5. Data Sharing
We share your data with the following third-party service providers:
- Supabase (database hosting) - EU/UK data centres
- Resend (email delivery) - with EU Standard Contractual Clauses
- Sentry (error monitoring) - EU data centre option
All our service providers are bound by Data Processing Agreements that ensure your data is protected.
6. International Transfers
Where your data is transferred outside the UK, we ensure appropriate safeguards are in place, including EU Standard Contractual Clauses approved by the ICO.
7. Your Rights
Under UK GDPR, you have the following rights:
- Right of Access: Request a copy of your data
- Right to Rectification: Correct inaccurate data
- Right to Erasure: Request deletion of your data
- Right to Restrict Processing: Limit how we use your data
- Right to Data Portability: Receive your data in a portable format
- Right to Object: Object to certain processing activities
To exercise any of these rights, please contact us at privacy@alertactiondraft.co.uk.
You can also export or delete your data directly using our self-service tools:
- Export your data: POST /api/data/export
- Delete your data: POST /api/data/delete
8. Data Security
We implement appropriate technical and organisational measures to protect your data, including:
- Encryption in transit (HTTPS/TLS)
- Secure authentication tokens
- Row-level security in our database
- Regular security monitoring
9. Complaints
If you are unhappy with how we handle your data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):
Website: https://ico.org.uk/
Telephone: 0303 123 1113
10. Changes to This Notice
We may update this privacy notice from time to time. We will notify you of any significant changes by email or through our service.