Security for Practices

We keep your patient data safe

We are a trusted software supplier to dental practices and healthcare organisations, with ISO27001 accreditation.

Find out more about why our customers trust us below.

How we protect your data

  • All staff received training in best practices for data handling.
  • We encrypt your data and store it in a secure data centre.
  • We are externally audited as part of our ISO27001 accreditation

Policies and certificates


FollowApp software makes it easier for your dentist to communicate with you. Dentists use our technology to:

  • share information with patients (e.g. to send post-appointment care guides), or
  • to collect information from patients (e.g. through surveys) or
  • to chat with patients (e.g. to respond to an alert raised from a survey response).

Communications can be initiated manually, or triggered automatically; but you are in control of the communications patients receive.

You (or your dental practice / healthcare organisation) are a data controller. Patients are data subjects. And FollowApp is a data processor.

Under the terms of a Data Processing Agreement, FollowApp (a data processor) can be given permission by you (a data controller), to process your patients data for the purpose of providing the specific service outlined in the Data Processing Agreement.

FollowApp has ISO27001 certification, and received annual external audits as part of this accreditation.

We consider safety and security at every stage of our software development. Data Protection Impact Assessments (DPIAs) are complete or updated as new features are developed. This helps us fully consider the impact of all the activities we do on data and security.

All data is stored in a secure Microsoft Azure data centre, in your local geographic location.

Not necessarily. For transactional messages, the opt-in rules are a little less stringent. FollowApp has a ‘legitimate interest’ legal basis for sending our transactional messages.

However, should you wish to use FollowApp to promote products and services (i.e. for promotional SMS); then explicit patient consent will be required. If you need, we can help you to collect the appropriate patient consent as part of the patient experience.

FollowApp has been designed with protections built in to ensure adherence to GDPR requirements and to prevent any mis-use of our software.

Patients can update their communications preferences through FollowApp. This includes managing consent, or opting out of communications entirely.

Patient messages are sent as SMS, or as emails. We use Twilio or Infobip to send SMS and Mandrill (Mailchimp) to send emails.