AKPro Privacy Notice

Last updated: 2025-02-15

AKPro (“we”, “us”) provides the AKPro Staff Portal to dental and healthcare practices. This Privacy Notice explains how we collect, use, and protect personal data when delivering the Service. We act as both a Data Controller (for our own business operations) and a Data Processor (handling staff data on behalf of practices) in accordance with UK GDPR.

1. Who we are

AKPro, 13 Raleigh Road, TW9 2DU, United Kingdom. Contact: support@akpro.co.uk.

2. Data we process

  • Account details: name, work email, practice affiliation, role, invitation status.
  • Employment data entered by practices: timesheets, holiday requests, expenses, approvals, notes.
  • Audit data: session logs, device/browser metadata, IP address for security and compliance.
  • Usage data: aggregated feature interactions to improve accuracy and reliability.

3. Legal bases

We rely on the following legal bases when processing personal data:

  • Contractual necessity to provide the Service to your organisation.
  • Legitimate interests for security, analytics, and service improvement.
  • Legal obligations to meet HMRC and employment record-keeping requirements.
  • Consent where organisations enable optional AI or communication features.

4. How we use data

We deliver the portal, manage user authentication, surface requests and approvals, send notifications, generate reports, provide AI-supported summaries (when enabled), and maintain audit trails required for compliance and dispute resolution.

5. Sharing & processors

We share personal data only with trusted providers required to operate the Service:

  • Supabase – managed hosting, database, authentication (EU/EEA data centres).
  • OpenAI – generates AI summaries and chat responses when AI features are used.
  • Email/SMS provider – sends invites and system notifications.
  • Analytics tooling – measures aggregated product usage to improve reliability.

We sign data processing agreements with these providers and require equivalent UK GDPR safeguards. We do not sell personal data.

6. International transfers

Where data is transferred outside the UK or EEA (for example to OpenAI in the United States), we rely on recognised safeguards such as Standard Contractual Clauses and continually assess vendor compliance.

7. Security

We enforce access controls, encryption in transit and at rest (via Supabase), least-privilege administration, and logging of all access attempts. You are responsible for safeguarding your own login credentials.

8. Data retention

Employment records, approvals, and audit logs are retained for seven (7) years to comply with HMRC and employment regulations. After that period data is securely deleted unless a longer retention is legally required.

9. Your rights

Individuals can request access, correction, deletion, restriction, or portability of their data, or object to processing. Submit requests through your practice administrator or email support@akpro.co.uk. We respond within one month.

10. Complaints

You may lodge a complaint with the UK Information Commissioner’s Office (ICO) at ico.org.uk. Please contact us first so we can resolve concerns quickly.

11. Changes

We may update this Notice to reflect changes in law or our services. Material updates will be announced via the portal or email.