Early Adopter Offer — Limited Places. Sign up before June 2026 and use MDConnect for free until September.  Find out more

MDConnect Acceptable Use Policy

MDBUDDY UK LTD

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Effective date: 1 January 2026

Last reviewed: 4 April 2026

Next review due: 4 April 2027

1. Purpose and Scope

1.1 This Acceptable Use Policy ("AUP") sets out the rules governing how Authorised Users may access and use the MDConnect platform. It applies to all individuals who have been granted access to MDConnect, including Admin Users and Setting Users.

1.2 This AUP is incorporated into the MDConnect Terms and Conditions by reference. A breach of this AUP by an Authorised User constitutes a breach of the Agreement between MDBUDDY UK LTD and the Customer.

1.3 The purpose of this policy is to protect the security and integrity of the MDConnect platform, protect the personal data of all users and data subjects, maintain the professional standards expected within NHS-commissioned and local authority-commissioned programme delivery, and ensure that MDConnect is used for its intended purpose.

1.4 MDBUDDY UK LTD ("we", "us", "our") operates MDConnect. Our registered address is 427 Kings Road, Stretford, Manchester, M32 8LN. Questions about this policy should be directed to mdconnect@mydentalbuddy.com.

2. Definitions

Terms used in this AUP have the same meaning as in the MDConnect Terms and Conditions. In addition:

Authorised User: Any individual granted access to MDConnect by the Customer, including Admin Users (with programme-wide access) and Setting Users (with access limited to their own Setting).

Content: Any data, text, files, images, or other material entered into, uploaded to, or transmitted through MDConnect by an Authorised User. This includes free-text fields in contact logs, incident reports, audit observations, stock request notes, and any other user-generated input.

Customer: The Local Authority, Programme Provider, or other organisation that has entered into a subscription agreement with MDBUDDY UK LTD to use MDConnect.

3. Acceptable Use

3.1 MDConnect may be used only for the management of supervised toothbrushing programmes and related public health activities. This includes managing Settings, tracking brushing sessions, fulfilling stock requests, generating programme reports, recording and resolving incidents, delivering training, conducting quality assurance audits, and communicating with Settings about programme delivery.

3.2 Authorised Users must use MDConnect in a manner that is lawful, professional, and consistent with the standards expected within NHS-commissioned and local authority-commissioned programme delivery.

3.3 Authorised Users must comply with all applicable laws and regulations when using MDConnect, including the UK GDPR, the Data Protection Act 2018, the Computer Misuse Act 1990, and any relevant professional codes of conduct.

4. Account Security

4.1 Each Authorised User is responsible for maintaining the security of their own login credentials. Credentials must not be shared with any other person, including colleagues within the same organisation.

4.2 Authorised Users must choose passwords that meet the minimum complexity requirements set by the platform and must not use passwords that are easily guessable or that have been used for other services.

4.3 Authorised Users must log out of MDConnect at the end of each session, particularly when using shared or public devices. Sessions left unattended on unlocked devices risk unauthorised access to programme data.

4.4 If an Authorised User suspects that their account has been compromised or that their credentials have been disclosed to an unauthorised person, they must notify their organisation's administrator and MDBUDDY immediately at mdconnect@mydentalbuddy.com.

4.5 The Customer is responsible for promptly deactivating the accounts of staff who leave the organisation, change roles, or no longer require access to MDConnect. MDBUDDY is not responsible for unauthorised access that results from the Customer's failure to manage user accounts.

5. Prohibited Conduct

Authorised Users must not use MDConnect to do, or attempt to do, any of the following.

5.1 Security and Technical Prohibitions

5.1.1 Access or attempt to access data belonging to another Customer, another programme, or another Setting outside the user's authorised access scope.

5.1.2 Attempt to circumvent, disable, or interfere with any security features of the platform, including access controls, authentication mechanisms, or data isolation measures.

5.1.3 Introduce any virus, malware, ransomware, trojan, worm, or other malicious code into the platform, including through file uploads.

5.1.4 Use automated scripts, bots, crawlers, or other automated means to access MDConnect or extract data from the platform, unless expressly authorised in writing by MDBUDDY.

5.1.5 Reverse-engineer, decompile, disassemble, or otherwise attempt to derive the source code of any part of the platform.

5.1.6 Attempt to overload, disrupt, or impair the performance of the platform or its underlying infrastructure.

5.1.7 Use MDConnect to send unsolicited communications, spam, or bulk messages to Setting Users or any other recipients.

5.2 Data and Content Prohibitions

5.2.1 Enter personal data into MDConnect that is not necessary for the management of the supervised toothbrushing programme. MDConnect is designed for programme management, not for storing general personnel records, health records, or other data unrelated to programme delivery.

5.2.2 Enter individually identifiable children's data (such as names, dates of birth, or health records) into MDConnect through any feature other than the safeguarding incident reporting function, where such data is strictly necessary to report a safeguarding concern.

5.2.3 Enter any data into MDConnect that is defamatory, discriminatory, harassing, threatening, obscene, or otherwise unlawful or inappropriate for a professional programme management context.

5.2.4 Upload files that infringe any third party's intellectual property rights, contain inappropriate or offensive material, or are unrelated to programme delivery.

5.2.5 Use MDConnect data for any commercial purpose other than the management of the supervised toothbrushing programme, including selling, licensing, or otherwise distributing data obtained through the platform.

5.2.6 Export data from MDConnect and use it in a manner that breaches the UK GDPR, the Data Protection Act 2018, or any other applicable law.

5.3 Operational Prohibitions

5.3.1 Use another Authorised User's account or allow another person to use your account.

5.3.2 Create user accounts for individuals who are not authorised by the Customer to access MDConnect.

5.3.3 Use MDConnect for any purpose other than the management of supervised toothbrushing programmes and related public health activities.

6. Content Standards

6.1 MDConnect includes several features where Authorised Users enter free-text content, including contact log notes, incident and feedback report descriptions, audit observations, stock request notes, and file upload descriptions. All content entered into these fields must meet the standards set out in this section.

6.2 Professional standards. All content must be professional, factual, and relevant to programme delivery. Content should be written in a manner appropriate for a record that may be reviewed by commissioners, auditors, or regulators.

6.3 Data minimisation. Content should include only the information necessary for the purpose of the entry. Authorised Users should avoid including unnecessary personal data, particularly about children, parents, or Setting staff.

6.4 Safeguarding reports. When reporting a safeguarding concern through the incident reporting feature, the description should include sufficient detail for the concern to be understood and acted upon, but should not include more personal data than is necessary. Safeguarding reports are subject to restricted access within the platform and enhanced security measures. Authorised Users should be aware that these reports may contain Special Category Data under the UK GDPR.

6.5 File uploads. Files uploaded to MDConnect (such as audit evidence photographs, documents, and PDFs) must be relevant to programme delivery and must not contain malicious code. Photographs should not include identifiable images of children unless strictly necessary for safeguarding or audit purposes and the Customer has ensured appropriate consent or lawful basis.

6.6 Accuracy. Authorised Users must take reasonable care to ensure that data entered into MDConnect is accurate and up to date. Inaccurate programme data affects reporting quality, government returns, and programme management decisions.

7. Customer Responsibilities

7.1 The Customer is responsible for ensuring that all its Authorised Users are aware of and comply with this AUP. The Customer should provide a copy of this policy to all Authorised Users before they access MDConnect for the first time.

7.2 The Customer is responsible for managing Authorised User accounts, including creating accounts for new staff, deactivating accounts for staff who leave or change roles, and reviewing user access periodically to ensure it remains appropriate.

7.3 The Customer is responsible for investigating and addressing any breach of this AUP by its Authorised Users, including taking appropriate disciplinary or remedial action in accordance with the Customer's own internal policies.

7.4 If the Customer becomes aware of any use of MDConnect that may breach this AUP, the Customer should notify MDBUDDY promptly at mdconnect@mydentalbuddy.com.

8. Monitoring and Audit Trails

8.1 MDConnect automatically records an audit trail of user activity, including login timestamps, data entries, status changes, and other actions performed within the platform. This audit trail is maintained for programme integrity, quality assurance, and security purposes.

8.2 MDBUDDY does not routinely monitor the content of data entered by Authorised Users. However, we reserve the right to review Content where we have reasonable grounds to believe that this AUP has been breached, that the platform is being used unlawfully, or that a security incident has occurred.

8.3 Audit trail data is available to the Customer's Admin Users within their programme. Admin Users can see which user made changes, when changes were made, and the nature of the changes. This supports the Customer's own information governance and quality assurance processes.

9. Consequences of Breach

9.1 If an Authorised User breaches this AUP, MDBUDDY may take one or more of the following actions, depending on the nature and severity of the breach.

9.2 User-level action. We may suspend or disable the individual Authorised User's account, either temporarily while the breach is investigated or permanently if the breach is serious.

9.3 Customer notification. We will notify the Customer of the breach and the action taken. The Customer is responsible for taking appropriate internal action in relation to the Authorised User.

9.4 Account-level action. In serious or repeated cases, or where the Customer fails to address a breach after notification, we may suspend the Customer's access to the platform in accordance with section 15.5 of the MDConnect Terms and Conditions.

9.5 Termination. A material or persistent breach of this AUP constitutes a material breach of the Agreement and may result in termination in accordance with section 15.3 of the MDConnect Terms and Conditions.

9.6 MDBUDDY will act proportionately and will always notify the Customer before taking action that affects the Customer's access to the platform, except where immediate action is necessary to protect the security of the platform or the data of other Customers.

10. Reporting Concerns

10.1 If an Authorised User becomes aware of any activity on MDConnect that may breach this AUP, may constitute a security risk, or may involve the misuse of personal data, they should report it to their organisation's administrator and to MDBUDDY at mdconnect@mydentalbuddy.com.

10.2 Reports will be treated confidentially to the extent possible, consistent with the need to investigate and address the concern.

10.3 MDBUDDY will not take adverse action against any Authorised User for making a good-faith report of a suspected breach of this AUP or a security concern.

11. Changes to This Policy

11.1 We may update this AUP from time to time to reflect changes in the platform's features, applicable law, or best practice. When we make material changes, we will notify Customers through the platform and update the effective date at the top of this document.

11.2 Continued use of MDConnect after a change to this AUP constitutes acceptance of the revised policy.

12. Contact

For questions about this Acceptable Use Policy or to report a concern, please contact us.

Email: mdconnect@mydentalbuddy.com

Address: MDBUDDY UK LTD, 427 Kings Road, Stretford, Manchester, M32 8LN

© MDBUDDY UK LTD 2026. All rights reserved.

Features
Stock ManagementSession MonitoringAutomationFeedback and IncidentsResources and TrainingSettings ManagementReport and Metrics
About
ContactPricing
Legal & security
Terms & ConditionsPrivacy policyCookie policyData Processing AgreementAcceptable Use PolicyData Security Overview
Copyright © 2026 MDConnect. MDBuddy UK Ltd.
MDConnect is proudly brought to you by MDBuddy UK Ltd | mydentalbuddy.com