Privacy Policy
This policy explains what personal data Lumen (lumenhealth.uk) collects, why, and how it is handled. Lumen is operated by Moxu Ltd. The site includes a quote-request feature that collects and processes personal data — including health-related treatment interest — when you submit an enquiry. If you have privacy questions, contact us atprivacy@lumenhealth.uk.
Who we are
Lumen is a price-transparency service for UK private dentistry. It publishes publicly available price data and clinic information to help patients understand typical costs before booking treatment. The data controller is Moxu Ltd.
What data we collect and why
Hosting and server logs (Cloudflare Pages)
The site is hosted on Cloudflare Pages. When you visit any page, Cloudflare's infrastructure may record standard server-log data including your IP address, the page requested, the date and time, your browser user-agent string, and referrer URL. This data is processed by Cloudflare under their terms of service and privacy policy. Lumen does not directly store or access these logs. The legal basis is legitimate interest (security and network abuse prevention).
Error monitoring (Sentry)
We use Sentry (EU region — ingest.de.sentry.io) to capture JavaScript errors and reliability issues. If a JavaScript error occurs in your browser, Sentry may collect technical data including your IP address, browser type and version, the page URL where the error occurred, and a stack trace. Sentry data is stored on Sentry's EU servers and is used solely to diagnose and fix technical problems. The legal basis is legitimate interest (maintaining the reliability of the service). Sentry's privacy policy is available at sentry.io/privacy.
Analytics (first-party page-view tracking)
The site records anonymous page-view events through a first-party analytics module using Sentry breadcrumbs. This records which pages are visited and, where available, general referrer information. No cross-site tracking or advertising profiles are created. No third-party advertising or marketing trackers are present on this site. The legal basis is legitimate interest (understanding aggregate traffic to improve the service).
Cookies, local storage, and consent
Lumen uses a cookie-consent banner (UK-GDPR / PECR compliant) to give you control over which optional scripts run in your browser. Your choice is stored in your browser's localStorage under the key lumen_consent — not in a cookie — and persists across visits. You can change your preference at any time using the "Cookie settings" button that appears after you have made a choice.
Essential / strictly necessary
- Error monitoring (Sentry) — captures JavaScript errors to help us fix problems. No cookies set;
sendDefaultPii: false; no cross-site tracking. Legal basis: legitimate interest (service reliability, Art. 6(1)(f)). Cannot be turned off via the consent banner. - Cloudflare infrastructure cookies — technical cookies set by Cloudflare (e.g.
__cf_bm) required for security and DDoS mitigation. Governed by Cloudflare's terms of service.
Analytics cookies / scripts (optional — requires consent)
- Cloudflare Web Analytics — aggregated, cookieless page-view analytics. Injected only after you accept analytics cookies. No cross-site tracking; data processed by Cloudflare under their privacy policy. Legal basis: consent (Art. 6(1)(a)).
Advertising cookies / scripts (optional — requires consent)
- No advertising cookies or scripts are currently active. If advertising is enabled in a future release it will be listed here and gated on your ads-consent choice. Google Consent Mode v2 defaults are set to "denied" before any Google tag loads.
Clinic and treatment data
The Lumen database (hosted on Cloudflare D1) stores clinic names, addresses, treatment categories, and price ranges — all of which are publicly available business information. This data does not include personal data about site visitors.
Quote and enquiry data
When you use the "Get matched with clinics" quote form, Lumen collects the following personal data:
- Your name, email address, and phone number (optional)
- Your postcode (used to find nearby clinics)
- Your treatment interest, approximate timeframe, and rough budget
- The date and time you gave consent
Legal basis: We process this data on the basis of your explicit consent (UK GDPR Art. 6(1)(a) and Art. 9(2)(a)). Your treatment interest constitutes special-category health data under UK GDPR Article 9 because it reveals interest in a medical or cosmetic dental procedure. You give explicit consent by ticking the consent checkbox on the quote form before submitting.
Purpose: We use your enquiry data to:
- Assess and score your enquiry against our matching criteria
- Match you with clinics in your area that offer the treatment you are seeking
- Pass your contact details to matched clinics so they can reach you directly
Encryption: Your personal contact data (name, email, phone, postcode) is encrypted at the application layer using AES-256-GCM before being stored in our database, and is transmitted over HTTPS (TLS). Encryption keys are held separately from the data.
Sharing: Your contact details are shared only with clinics that are matched to your enquiry. Clinics receive your name, contact details, and treatment interest for the purpose of following up your enquiry. Each clinic that receives your details is an independent data controller for that contact.
Retention: We retain enquiry data only for as long as is necessary to fulfil the matching and delivery purpose, and in any case no longer than 6 months, after which enquiry records are deleted.
Your right to withdraw consent: You may withdraw your consent and request deletion of your enquiry data at any time by contacting us atprivacy@lumenhealth.uk. Withdrawal of consent does not affect the lawfulness of processing carried out before withdrawal.
Sharing of data
We do not sell or share personal data with third parties for marketing purposes. Data may be shared only with the sub-processors described above (Cloudflare, Sentry) that are necessary to operate the service, or where required by law.
International transfers
Cloudflare operates a global network; server-log data may be processed outside the UK and EEA. Sentry processes error data in the EU region (Germany). Both providers offer UK-GDPR-compliant data processing agreements.
Retention
Server logs held by Cloudflare and error data held by Sentry are subject to those providers' own retention policies.
Enquiry data (quote form submissions) is retained for 6 months from the date of submission and then permanently deleted. This limit reflects the time needed to complete the clinic-matching and follow-up process. An automated purge enforces this limit (see the "Quote and enquiry data" section above).
Your rights under UK GDPR
You have the right to:
- Access — request a copy of any personal data we hold about you.
- Erasure — request deletion of your personal data where we are the data controller.
- Objection — object to processing based on legitimate interest.
- Restriction — request that processing of your data is restricted in certain circumstances.
- Portability — receive your data in a portable format where applicable.
- Complaint — lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk.
To exercise your rights, contact us atprivacy@lumenhealth.uk. We will respond within one month. For enquiry data (quote form submissions), please include the email address you used when submitting the form. For data held solely by Cloudflare or Sentry we will direct you to the relevant provider.
Changes to this policy
This policy will be updated whenever the data processing activities of the site change materially — in particular before any lead-capture or user-account feature launches. The "last updated" date at the top of this page will reflect the most recent revision.
Contact
Questions or requests: privacy@lumenhealth.uk