Legal

Privacy Policy

Effective: 22nd April 2026Version: Beta v1.0

Maze Dental Calm (“we”, “our”, “us”) is committed to protecting your privacy and handling your personal data transparently and securely. This Privacy Policy explains how we collect, use, and protect your information when you use the Maze Dental Calm mobile application (“the App”).

1Who we are

Maze Dental Calm is operated by Maze Interactive Health Ltd, a UK-based digital health company. We act as a Data Controller for the personal data processed through the App.

Contact

info@mazeinteractivehealth.com

5 South Charlotte Street, Edinburgh, EH2 4AN

2What this App does

Maze Dental Calm is a self-help and preparation support tool designed to help users manage dental anxiety through guided experiences, education, and behavioural techniques.

It is not a medical device and does not replace professional dental or clinical advice.

3What data we collect

We follow a data minimisation and pseudonymisation approach.

A. Account Information

Email address (used for login and account recovery only)
Encrypted password
Unique user ID (UUID)
Generated display name (e.g. "Patient #A7K2")

Your email is never shared with dental practices unless you choose to share it.

If you give consent, your email may be shared with your selected practice so they can contact you directly. You can withdraw this at any time.

B. Optional profile information

Real name (optional)
Preferences (optional)

You control what you choose to share.

C. Health & usage data

Modified Dental Anxiety Scale scores
Responses to app modules (e.g. fears, comfort levels)
Progress and interaction data within the app
Session activity (e.g. completed journeys, time spent)

This data is stored against your UUID, not your identity.

D. Practice link data (Optional)

If you choose to connect to a dental practice:

Your UUID
Display name
MDAS scores and assessment history

Practices do not receive your email or login details.

E. Technical data

Device type and operating system
App version
Basic analytics (crash logs, performance)

4How we use your data

We process your data to:

Provide and operate the app
Deliver personalised experiences and progress tracking
Allow you to complete and store MDAI assessments
Enable optional connection with dental practices
Improve app functionality and user experience
Ensure security and prevent misuse

5Lawful basis for processing (UK GDPR)

We rely on the following lawful bases:

Purpose	Lawful Basis
App functionality	Contract (Article 6(1)(b))
Analytics & improvements	Legitimate Interest (Article 6(1)(f))
Health-related data	Explicit Consent (Article 9(2)(a))
Practice linking	Explicit Consent

6Pseudonymisation & Privacy by Design

We are designed with privacy at the core:

Users are identified by UUID, not name
Email is separated from health data
Practices only see pseudonymous data
Minimal personal data is collected

This aligns with GDPR Article 25 – Privacy by Design and Default.

7Sharing your data

We do not sell your data.

We only share data in the following cases:

A. With Dental Practices (Optional)

Only when you:

Scan a QR code or enter a join code
Provide explicit consent

Shared data:

Display name
MDAS scores
Assessment history

B. Service providers

We may use trusted providers for:

Cloud hosting
Analytics
Authentication services

All providers comply with UK GDPR standards.

C. Legal obligations

We may disclose data if required by law or regulatory authorities.

8Your rights

Under UK GDPR, you have the right to:

Access your data

Correct inaccurate data

Delete your data

Restrict processing

Object to processing

Data portability

9Managing your data in the App

You can:

Export your data (JSON/PDF)
Unlink from a dental practice at any time
Delete your account directly in the app

10Data retention

We retain data only as long as necessary:

Account data: Until deletion
Health data: Retained for 3 years or until deletion
Practice-linked data: Removed immediately upon unlinking

Upon account deletion:

Email is deleted
Health data is anonymised or deleted

11Data security

We implement industry-standard security measures:

Encryption in transit (HTTPS)
Secure storage of credentials
Token-based authentication
Access controls and monitoring

12Children's privacy

Maze Dental Calm is not intended for children under 13. Where required, parental/guardian consent must be obtained.

13International data transfers

If data is processed outside the UK, we ensure appropriate safeguards are in place (e.g. Standard Contractual Clauses).

14Beta disclaimer

This is a Beta version of the app.

While we take all reasonable steps to protect your data:

Features may evolve
Functionality may change

Your feedback helps us improve both the product and its safeguards.

15Changes to this Policy

We may update this Privacy Policy from time to time. You will be notified of significant changes via:

In-app notification
Updated policy date

16Contact us

If you have any questions or concerns about this Privacy Policy:

info@mazeinteractivehealth.com

5 South Charlotte Street, Edinburgh, EH2 4AN

Your data is private, secure, and under your control.

You decide what to share, and with whom.