Privacy Policy
Last updated: 1 July 2026
This policy explains how OriFlows ("OriFlows", "we", "us") collects, uses, and protects personal data when you visit this website, book an audit call, or use the automation services we provide to dental practices. We are committed to handling data in line with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
1. Who we are
OriFlows is an automation services provider for UK private dental practices, operated by Mohammed Mostafijur. For any privacy-related question, contact us via the details on our website.
2. What data we collect
Depending on how you interact with us, we may collect:
- Website visitors: name, practice name, email, phone number, and any details you submit through our audit booking form.
- Practice clients: business contact details, and configuration data needed to run your automations (e.g. calendar and call-handling settings).
- Patients of our practice clients: contact details (name, phone, email) and appointment data, processed strictly on behalf of, and under instruction from, the practice — see Section 6.
3. How we use your data
- To respond to audit booking requests and schedule calls
- To set up and run the automation services a practice has engaged us for (missed-call text-back, reminders, recall follow-up)
- To send service-related communications (e.g. setup updates, monthly reporting)
- To improve our website and services
We do not sell or rent personal data to third parties, and we do not use it for purposes beyond what's described here.
4. Legal basis for processing
We process personal data under the following legal bases: consent (e.g. when you submit the audit booking form), contract (to deliver services you've engaged us for), and legitimate interest (e.g. responding to enquiries).
5. Where your data is stored
We also use Formspree (form submission handling) and Cal.com (call scheduling) for the website's audit booking flow. Each of these providers processes data only as needed to deliver that specific function.
6. Practice clients and patient data
Where a dental practice engages OriFlows to run patient-facing automations, the practice is the data controller and OriFlows acts as a data processor, processing patient data only on the practice's documented instructions. Full terms governing this relationship are set out in our Data Processing Agreement (DPA), provided to clients on signup.
7. Data retention
We retain personal data only as long as necessary for the purposes described above, or as required by law. Practice client data is retained for the duration of the service agreement and deleted or returned at termination, as set out in the DPA.
8. Your rights
Under UK GDPR, you have the right to:
- Access the personal data we hold about you
- Request correction of inaccurate data
- Request deletion of your data ("right to be forgotten")
- Object to or restrict certain processing
- Withdraw consent at any time (e.g. unsubscribe from emails/SMS)
- Lodge a complaint with the UK Information Commissioner's Office (ICO)
To exercise any of these rights, contact us directly. If you are a patient of a practice using our services, you can also contact that practice, as they are the data controller for your information.
9. Cookies
This website uses minimal cookies/local scripts required for core functionality (e.g. the booking calendar embed). We do not currently use third-party advertising or tracking cookies.
10. Changes to this policy
We may update this policy from time to time. The "last updated" date at the top of this page will reflect the most recent revision.
11. Contact
For any questions about this policy or how your data is handled, please get in touch via the contact details on our homepage.