Legal
Privacy Policy
Updated April 2026
1. Introduction
This Privacy Policy explains how JY TECH LTD, trading as Monai Tech (“Monai Tech”, “we”, “us”, or “our”), collects, uses, stores, protects, and otherwise processes personal data through our website, software platform, AI-powered features, integrations, and related services (together, the “Service”).
We are committed to protecting personal data and complying with applicable data protection laws, including the UK General Data Protection Regulation (“UK GDPR”) and the Data Protection Act 2018.
By accessing or using the Service, you acknowledge the practices described in this Privacy Policy.
2. Scope of This Privacy Policy
This Privacy Policy applies to personal data processed by Monai Tech in connection with:
- visitors to our website;
- individuals who contact us with enquiries;
- users of the Monai Tech platform;
- business representatives of dental and healthcare practices;
- billing and account contacts;
- individuals whose personal data may appear in uploaded or connected records processed through the Service.
This Privacy Policy does not apply to third-party websites, platforms, banks, or services that you may access through integrations or links. Where you choose to use a third-party integration, including an optional open banking connection, your interaction with that third party may also be governed by that third party’s own privacy policy and terms.
3. Monai Tech’s Role: When We Act as Controller and When We Act as Processor
3.1 When Monai Tech acts as Data Controller
Monai Tech acts as a data controller in relation to personal data that we process for our own business purposes, including:
- website visitor data;
- sales, enquiry, and onboarding data;
- account registration and user profile data;
- billing and subscription administration data;
- support communications;
- platform usage, security, and audit data;
- marketing and business relationship data.
Where Monai Tech acts as controller, we decide the purposes and means of processing and are responsible for complying with applicable data protection law in relation to that processing.
3.2 When Monai Tech acts as Data Processor
Where our business customers use the Service to upload, connect, store, analyse, or process data relating to their own staff, contractors, suppliers, associates, or other individuals, the customer acts as data controller and Monai Tech acts as data processor on that customer’s behalf.
This may include personal data contained within:
- invoices;
- payslips;
- supplier records;
- payroll records;
- bank statements;
- transaction data;
- uploaded documents;
- financial and operational records.
In those circumstances, Monai Tech processes that personal data only in accordance with the customer’s instructions and the applicable contractual documentation, including the Data Processing Agreement.
3.3 Rights requests where Monai Tech acts as processor
Where Monai Tech processes personal data on behalf of a customer, the relevant customer is usually the primary point of contact for requests relating to access, rectification, erasure, restriction, portability, and objection.
If you are an individual whose personal data is included in records processed by one of our customers, you should normally contact that customer directly in the first instance.
4. Personal Data We Collect and Process
We may collect and process the following categories of personal data.
4.1 Account and profile data
- name;
- job title;
- business or practice name;
- email address;
- telephone number;
- account login details;
- account preferences and settings.
4.2 Billing and subscription data
- billing contact details;
- subscription status;
- invoice and payment records;
- transaction references;
- limited payment-related information provided by payment processors.
Monai Tech does not store full payment card details directly where payments are handled by third-party processors.
4.3 Support and communications data
- emails, messages, and correspondence sent to us;
- meeting notes and support tickets;
- feedback, survey responses, and onboarding communications;
- records of product or account queries.
4.4 Uploaded document and workspace data
- uploaded invoices, payslips, statements, reports, and other financial or operational files;
- information extracted from uploaded files;
- file metadata;
- user prompts, inputs, and workspace interactions;
- reports, dashboards, and outputs generated within the Service.
4.5 Integration and connected system data
Where enabled by the customer or authorised user, we may receive data from connected systems, such as practice management, accounting, financial, or related business systems.
4.6 Optional bank connection data
Where you choose to enable an optional open banking or bank aggregation feature, we may receive bank-related data through an authorised third-party provider, such as:
- transaction records;
- dates;
- amounts;
- currencies;
- payee or merchant descriptors;
- transaction reference strings;
- account identifiers where applicable;
- balance information where applicable.
Bank connections may expire and require periodic re-authorisation, including at least every 90 days where applicable.
4.7 Usage and analytics data
- pages viewed;
- feature usage;
- interaction history;
- session information;
- platform events;
- general product usage patterns.
4.8 Security and login data
We may collect and use technical and security-related information, including:
- IP address;
- login timestamps;
- browser type and version;
- device and operating system information;
- audit logs;
- access history;
- authentication events;
- security event records.
We use this data for authentication, access control, fraud prevention, auditability, platform security, and detection of suspicious or unauthorised activity. We do not use this category of data for unrelated advertising or behavioural profiling.
4.9 Cookies and similar technologies
We may collect information through cookies and similar technologies. Please see our Cookie Policy for further details.
5. How We Collect Personal Data
We collect personal data:
- directly from you when you contact us, create an account, subscribe, or use the Service;
- from your organisation or colleagues where they provide your details for account, support, billing, or onboarding purposes;
- from uploaded or connected records processed through the Service;
- from authorised third-party integrations;
- from payment processors and infrastructure providers;
- automatically through platform usage, security systems, logs, cookies, and similar technologies.
6. Purposes of Processing and Lawful Bases
Under UK GDPR, we rely on one or more lawful bases depending on the type of processing involved.
6.1 Contractual necessity
We process personal data where necessary to enter into, perform, administer, and support our contract with you or your organisation, including to:
- create and manage accounts;
- provide access to the Service;
- operate platform features;
- process uploaded or connected data;
- provide customer support;
- manage subscriptions and billing;
- communicate in relation to service delivery.
6.2 Legitimate interests
We process personal data where necessary for our legitimate interests, provided those interests are not overridden by your rights and freedoms. This includes processing for:
- operating, maintaining, and improving the Service;
- platform security, fraud prevention, and abuse monitoring;
- system administration, troubleshooting, and audit logging;
- internal reporting and business administration;
- service optimisation and product development;
- customer relationship management;
- defending or establishing legal claims;
- preserving data in restricted archived form to support customer reactivation, continuity, auditability, and dispute resolution;
- generating and using aggregated, anonymised, de-identified, and non-personal data for benchmarking, analytics, product improvement, quality assurance, research, and system performance improvement.
6.3 Consent
We rely on consent where required by law, including for:
- non-essential cookies;
- certain marketing communications;
- other processing activities where consent is legally required.
Where processing is based on consent, you may withdraw consent at any time, although this will not affect the lawfulness of processing carried out before withdrawal.
6.4 Legal obligation
We may process personal data where necessary to comply with legal or regulatory obligations, including obligations relating to:
- tax and accounting compliance;
- fraud prevention;
- law enforcement requests;
- court orders;
- regulatory or statutory requirements.
7. More Detailed Purpose-by-Purpose Processing Summary
For clarity, Monai Tech commonly processes personal data for the following purposes and on the following legal bases:
7.1 Website, account creation, and service delivery
Purpose: To register users, provide access to the Service, authenticate users, operate accounts, and deliver platform functionality.
Lawful basis: Contractual necessity and legitimate interests.
7.2 Billing and subscription administration
Purpose: To administer subscriptions, payments, invoices, renewals, and account management.
Lawful basis: Contractual necessity, legitimate interests, and legal obligation where applicable.
7.3 Customer support and service communications
Purpose: To respond to enquiries, provide support, send administrative notices, and manage account-related communications.
Lawful basis: Contractual necessity and legitimate interests.
7.4 Security, access control, and fraud prevention
Purpose: To secure the Service, verify access, monitor suspicious activity, maintain audit logs, and protect users, data, and systems.
Lawful basis: Legitimate interests and legal obligation where applicable.
7.5 Uploaded and connected data processing
Purpose: To extract, analyse, classify, summarise, and present information through dashboards, KPIs, benchmarks, reports, and AI-supported features.
Lawful basis: Contractual necessity where Monai Tech acts as controller for its own customer relationship data, and processor instructions where Monai Tech acts on behalf of customers.
7.6 Optional bank aggregation feature
Purpose: To retrieve and process bank transaction data where the user or customer elects to enable an optional bank connection feature.
Lawful basis: Contractual necessity in delivering the chosen feature, legitimate interests in operating the platform, and processor instructions where applicable.
7.7 Product improvement and internal analytics
Purpose: To improve the Service, assess functionality, optimise workflows, support benchmarking, improve system quality, and evaluate performance.
Lawful basis: Legitimate interests. Where possible, this is carried out using aggregated, anonymised, de-identified, or non-personal data.
7.8 Marketing and business development
Purpose: To send lawful marketing communications, maintain business contact records, and engage with prospective or existing business customers.
Lawful basis: Legitimate interests and/or consent where required by law.
7.9 Legal, regulatory, and claims-related processing
Purpose: To comply with law, respond to legal requests, and establish, exercise, or defend legal claims.
Lawful basis: Legal obligation and legitimate interests.
8. AI and Automated Processing
Monai Tech uses AI and automated systems to support analysis, extraction, classification, summarisation, and generation of financial and operational outputs.
This may include:
- calculating KPIs and metrics;
- analysing uploaded or connected records;
- producing summaries, trends, and benchmark comparisons;
- generating AI-assisted outputs and commentary within the Service.
Identifiable personal data is not used to train AI models for general-purpose model training.
Any data used for internal system improvement, model evaluation, quality assurance, analytics, or performance tuning is intended to be used in aggregated, anonymised, de-identified, or otherwise non-personal form so as to prevent identification of individuals and, where intended, specific customer businesses.
AI-generated outputs are indicative only and do not constitute legal, tax, accounting, investment, or professional advice.
9. Anonymised, Aggregated, and De-Identified Data
Monai Tech may generate, use, retain, disclose, and commercialise aggregated, anonymised, de-identified, and non-personal data derived from use of the Service for purposes including:
- benchmarking;
- analytics;
- market and industry insights;
- internal reporting;
- product and feature improvement;
- quality assurance;
- research and development;
- model evaluation;
- system tuning and performance improvement.
Where data has been anonymised or de-identified for these purposes, it is intended not to identify any individual, customer, practice, or specific business as such.
Aggregated, anonymised, or de-identified data that no longer constitutes personal data may be retained indefinitely.
10. Sharing of Personal Data
We may share personal data where necessary with:
- service providers and subprocessors that support hosting, infrastructure, payments, analytics, document processing, AI-supported features, customer support, or integrations;
- banks or open banking providers where you choose to enable an optional bank connection feature;
- professional advisers, auditors, insurers, or legal advisers;
- regulators, law enforcement bodies, courts, or competent authorities where required by law;
- prospective purchasers, investors, or restructuring parties in connection with a business transaction, subject to appropriate confidentiality protections.
We do not sell or rent personal data.
Where Monai Tech acts as processor, any sharing is carried out only in accordance with customer instructions, the relevant contractual documentation, and applicable law.
11. International Data Transfers
Where personal data is transferred outside the United Kingdom, we take steps to ensure that appropriate safeguards are in place in accordance with applicable data protection law.
These safeguards may include:
- adequacy regulations;
- the UK International Data Transfer Addendum;
- Standard Contractual Clauses; and
- additional technical and organisational safeguards where appropriate.
12. Data Retention
Monai Tech retains personal data only for as long as reasonably necessary for the purposes for which it was collected, including service provision, account administration, customer support, legal compliance, platform security, customer reactivation, and protection of our legitimate business interests.
Where an account is closed or becomes inactive, Monai Tech may retain relevant customer data in a restricted-access archived state for a period of up to three (3) years in order to:
- support account reactivation;
- preserve continuity of historical analysis;
- maintain auditability;
- support dispute resolution; and
- establish, exercise, or defend legal claims.
Users may request deletion of personal data, subject to legal obligations, technical constraints, and our legitimate interests where applicable.
Aggregated, anonymised, or de-identified data that no longer constitutes personal data may be retained indefinitely for benchmarking, analytics, research, quality assurance, and product improvement.
13. Security Measures
We implement appropriate technical and organisational measures to protect personal data, including measures such as:
- encryption in transit and at rest where appropriate;
- role-based access controls;
- audit logging;
- infrastructure monitoring;
- access restrictions;
- staff confidentiality obligations;
- security review and testing procedures.
No system is completely secure. Users remain responsible for maintaining the confidentiality of their credentials and for using the Service securely.
14. Your Data Protection Rights
Where Monai Tech acts as controller, and subject to applicable law, you may have the right to:
- request access to your personal data;
- request rectification of inaccurate or incomplete data;
- request erasure;
- request restriction of processing;
- request data portability;
- object to processing based on legitimate interests;
- withdraw consent where processing is based on consent;
- lodge a complaint with the Information Commissioner’s Office.
Where Monai Tech acts as processor on behalf of a customer, the relevant customer is usually responsible for responding to such requests in relation to that data.
Requests may be sent to hello@monai.tech.
15. Marketing Communications
We may send marketing communications where permitted by law.
You may opt out of marketing communications at any time by using unsubscribe mechanisms or contacting us directly.
Service, billing, security, legal, and account-related communications are not marketing communications and may still be sent where necessary.
16. Children’s Privacy
The Service is intended for business users and is not directed at children. We do not knowingly collect personal data from children.
17. Updates to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in law, technology, the Service, or our processing practices.
The latest version will be made available through our website or platform. Where required, we will notify users of material changes.
18. Contact and Complaints
For questions about this Privacy Policy or personal data processing, please contact:
Data Protection Contact
Email: hello@monai.tech
Address: JY TECH LTD, 41 Town Street, Batley Carr, Dewsbury, United Kingdom, WF13 2HQ
You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO).
© 2026 JY TECH LTD. All rights reserved.