We use cookies as described in this policy. Where required by law, we will obtain your consent before placing non-essential cookies on your device.
Our Privacy Policy includes the following provisions, and you can jump to each by selecting the links below:
We are committed to safeguarding the privacy of our website visitors; this policy sets out how we will treat your personal information.
We collect information in two ways: Information we get from your use of our Services, and information you provide to us directly.
Personal information submitted to us through our website will be used for the purposes specified in this policy or on the relevant pages of the website.
We process personal information where necessary to perform a contract with you, to comply with our legal obligations, and where we have a legitimate interest in operating, securing and improving the Smilenotes Services.
Where we rely on legitimate interests, these include operating and improving our Services, ensuring platform security, preventing misuse, and communicating with users about service-related matters.
We also process personal information in connection with billing, email communications and service notifications using third-party service providers acting on our behalf.
We collect basic account information such as your name, email address, username and password. This helps us secure and provide you with access to our Services.
Profile and use information is collected about you for example if you choose to tell us your occupation, activity (including the date and time you last logged in).
You can use Smilenotes to record notes and profile information about your clients/patients (such as date of birth, name, address). By submitting such data, you confirm that you have the authority to use such information. You are responsible for ensuring that you have a lawful basis to collect, use and share such information, and that you provide appropriate privacy information to your clients or patients in accordance with applicable data protection laws.
We collect information from your browser, computer, or mobile device, which provides us with technical information when you access or use the Services. This technical information includes device and network information, cookies, log files and analytics information.
We store your note template data to assist you with note writing.
We may use your personal information to:
If you submit personal information for publication on our website (such as on our blog), we will publish and otherwise use that information in accordance with the licence you grant to us.
We will not, without your express consent, supply your personal information to any third party for the purpose of their or any other third party's direct marketing.
All our website financial transactions are handled through our payment services provider, Stripe.com You can review the provider's privacy policy at https://stripe.com/gb/privacy We will share information with our payment services provider only to the extent necessary for the purposes of processing payments you make via our website, refunding such payments and dealing with complaints and queries relating to such payments and refunds.
If you are a registered user of our Services and have supplied us with your email address, we may occasionally send you an email to tell you about new features, ask for your feedback, or keep you up to date with what's going on with the Services. If we do send you information that you did not expressly request, we will provide you with a way to opt-out or unsubscribe from further communications.
You can use the controls on our website to subscribe or unsubscribe to our communications email list.
We may disclose your personal information to any of our employees, officers, insurers, professional advisers, agents, suppliers or subcontractors insofar as reasonably necessary for the purposes set out in this policy.
We may disclose your personal information to any member of our group of companies (this means our subsidiaries, our ultimate holding company and all its subsidiaries) insofar as reasonably necessary for the purposes set out in this policy.
We may disclose your personal information:
to the extent that we are required to do so by law;
in connection with any ongoing or prospective legal proceedings;
in order to establish, exercise or defend our legal rights (including providing information to others for the purposes of fraud prevention and reducing credit risk);
Third party service providers who are appointed on our behalf (such as web hosting providers, payment service providers and email service providers), including:
These third-party providers act as data processors and process personal information only on our instructions.
We only share personal information with these providers to the extent necessary for the provision of their services, and we require appropriate contractual safeguards to protect personal information.
to the purchaser (or prospective purchaser) of any business or asset that we are (or are contemplating) selling; and
Except as provided in this policy, we will not provide your personal information to third parties.
Where we act as a data processor on behalf of our customers, we process personal information only in accordance with their documented instructions.
For the purposes of data protection law, Smilenotes acts as a data controller in respect of personal information relating to website visitors, account holders, billing and marketing communications. Smilenotes acts as a data processor in respect of client or patient data uploaded to the Services by customers.
Information that we collect may be stored and processed in and transferred between any of the countries in which we operate in order to enable us to use the information in accordance with this policy.
Information that we collect about your clients/patients (such as notes, name, address, date of birth, telephone number) may be transferred within the European Economic Area.
Where we transfer personal information outside the United Kingdom or European Economic Area, we will ensure that appropriate safeguards are in place to protect the information in accordance with applicable data protection laws.
Some of our third-party service providers (such as payment and email service providers) may process personal information outside the United Kingdom or European Economic Area. Where this occurs, we ensure that appropriate safeguards are in place in accordance with applicable data protection laws.
Such safeguards may include the use of approved standard contractual clauses or other lawful transfer mechanisms recognised under applicable data protection laws.
Personal information that you publish on our website or submit for publication on our website or blog may be available, via the internet, around the world. We cannot prevent the use or misuse of such information by others.
This Section sets out our data retention policies and procedure, which are designed to help ensure that we comply with our legal obligations in relation to the retention and deletion of personal information.
Personal information that we process for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.
Without prejudice to the above paragraph, we will usually delete personal data falling within the categories set out below at the date/time set out below:
On termination of your Smilenotes subscription, and at the request of the customer, your data (including patient/client data and templates) will be completely removed from the live production database and backups within 45 days.
Your patient/client data (including all notes, name, address details, date of birth, telephone number and email address) may be permanently deleted from our servers after 90 days if you do not have a paid subscription plan.
Notwithstanding the other provisions of this Section, we will retain documents (including electronic documents) containing personal data:
We will take reasonable technical and organisational precautions to prevent the loss, misuse or alteration of your personal information.
We will store all the personal information you provide on our secure (password- and firewall-protected) servers.
All electronic financial transactions entered into through our website will be protected by encryption technology and handled by our provider Stripe.com
You acknowledge that the transmission of information over the internet is inherently insecure, and we cannot guarantee the security of data sent over the internet.
We restrict access to personal information to our employees, contractors and agents who need that information in order to use and develop our software application and services.
Smilenotes production services are hosted on Digital Ocean web servers. We store data on physical servers located in London (LON1) and Amsterdam (AMS2). Further information on the security of LON1 and AMS2 data centres is available directly from Digital Ocean: digitalocean.com/security
Smilenotes uses Stripe to manage subscription payments which is PCI compliant.stripe.com/docs/security
Smilenotes is not itself ISO27001 or SOC certified— however our cloud provider has the following server certifications:
LON1 facility: SOC 1 Type II, ISO 27001, and PCI-DSS certified.
AMS2 facility: SOC 1 Type II, ISO 27001, and PCI-DSS certified.
You are responsible for keeping the password you use for accessing our website confidential; we will not ask you for your password (except when you log in to our website).
When logging in to Smilenotes using a username or email and password, Smilenotes requires a minimum of 8 characters. Repeated failed login attempts trigger a 30 second lock before a user can retry.
Where available, you may enable two-factor authentication using a third-party authenticator application to provide additional protection for your account.
Passwords are stored in a hashed form and will never be sent via email—upon account creation and password reset, Smilenotes will send a link to the email associated with the account that will enable the user to create a new password.
For security we advise making your password longer than 12 characters using a mix of upper and lower case letters, numbers and symbols.
We are committed to the safe and responsible use of artificial intelligence (AI). If we introduce AI-assisted features, they are designed to support administrative or workflow tasks and are not intended to provide medical, clinical, diagnostic or professional advice. Smilenotes does not use AI to make automated clinical decisions about individuals. Where AI is used, appropriate safeguards will be applied, including human oversight, data minimisation and security controls. We do not use your client/patient content to train general-purpose AI models.
We do not use artificial intelligence for automated decision-making that produces legal or similarly significant effects on individuals.
We may update this policy from time to time by publishing a new version on our website.
You should check this page occasionally to ensure you are happy with any changes to this policy.
We may notify you of changes to this policy by email.
You may instruct us to provide you with any personal information we hold about you; provision of such information will be subject to appropriate evidence of your identity, where necessary.
We will not charge a fee for responding to a request unless it is manifestly unfounded or excessive. We may withhold personal information that you request to the extent permitted by law.
You may instruct us at any time not to process your personal information for marketing purposes.
In practice, you will usually either expressly agree in advance to our use of your personal information for marketing purposes, or we will provide you with an opportunity to opt out of the use of your personal information for marketing purposes.
If you are not satisfied with our response, you have the right to lodge a complaint with the UK Information Commissioner’s Office.
Our website includes hyperlinks to, and details of, third party websites.
We have no control over, and are not responsible for, the privacy policies and practices of third parties.
Please let us know if the personal information that we hold about you needs to be corrected or updated.
A cookie is a file containing an identifier (a string of letters and numbers) that is sent by a web server to a web browser and is stored by the browser. The identifier is then sent back to the server each time the browser requests a page from the server.
Cookies may be either "persistent" cookies or "session" cookies: a persistent cookie will be stored by a web browser and will remain valid until its set expiry date, unless deleted by the user before the expiry date; a session cookie, on the other hand, will expire at the end of the user session, when the web browser is closed.
Cookies do not typically contain any information that personally identifies a user, but personal information that we store about you may be linked to the information stored in and obtained from cookies.
Cookies can be used by web servers to identity and track users as they navigate different pages on a website and identify users returning to a website.
We use both session and persistent cookies on our website.
we use cookies on our website to recognise a computer when a user visits the website / track users as they navigate the website / enable the use of a shopping cart on the website / improve the website's usability / analyse the use of the website / administer the website / prevent fraud and improve the security of the website / personalise the website for your needs / target advertisements which may be of particular interest to specific users / determine if you are logged in or not / save your preferences
We use Google Analytics to analyse the use of our website.
Our analytics service provider generates statistical and other information about website use by means of cookies.
We may also use email campaign analytics provided by third-party email service providers to understand whether communications have been opened or interacted with.
Our analytics service provider's privacy policy is available at: http://www.google.com/policies/privacy/.
Our website also uses third party cookies to enable certain functions. Disabling these cookies from these third parties will likely prevent these functions working.
We also use third-party marketing and analytics tools, such as Meta Pixel, to help measure and improve our marketing activities.
Most web browsers allow you to control cookies through their settings. You can usually:
You can find information about managing cookies for common browsers by visiting the browser’s help or support pages.
Please note that if you block or delete cookies, some features of our website may not function correctly.
You may also be able to manage cookies using operating system or device-level privacy controls.
You can delete cookies that are already stored on your device using your browser settings. The method for doing this varies depending on the browser and device you use.
For up-to-date instructions, please refer to the help or support pages provided by your browser provider.
Deleting cookies may have a negative impact on the usability of some websites, including ours.
You can manage your cookie preferences through your browser settings and, where available, through our cookie consent controls.
We are registered as a data controller with the UK Information Commissioner's Office.
Our data protection registration number is ZA109116
Our Data Protection Officer is Lee McMeeking
We conduct internal audits of our compliance with this privacy policy, including an annual self-assessment.
This website is owned and operated by Smile Notes Ltd
We are registered in England and Wales under registration number 9447490 and our registered office is at 40 Fisher Hill Way, Cardiff, CF15 8DR.
If you have any questions about this policy or our site in general, you can contact us by writing to the business address given above, by using our website contact form or
If you have any concerns or complaints about how you think we've handled your personal information, please contact our Data Protection Officer at the address above or
We will work hard to investigate and resolve any complaints you might have.
January 2026 – Updated to reflect new features, security controls and AI governance. View policy
May 2018 – View policy
Try Smilenotes with no commitment and no card details.