FeaturesPricingResources
Log in Start Free Trial

Privacy Policy

Last updated: December 2024

Introduction

CarerNotes Ltd ("we", "our", "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your personal data when you use our care documentation service.

We are registered in England and Wales (Company Number: [TBC]) and our registered address is [TBC].

Data Controller

CarerNotes Ltd is the data controller for the personal data we collect from you. For data about care recipients (clients), you or your organisation are the data controller and we act as a data processor on your behalf.

What Data We Collect

Account Information

  • Name and email address
  • Organisation name
  • Password (encrypted)
  • Payment information (processed by Stripe)

Care Documentation Data

  • Voice recordings of care visit notes
  • Transcripts of recordings
  • AI-generated care notes
  • Client names (encrypted at rest)

Usage Data

  • Log data (IP address, browser type, pages visited)
  • Feature usage statistics
  • Error reports

How We Use Your Data

We use your data to:

  • Provide the CarerNotes service
  • Process voice recordings and generate care notes
  • Process payments and manage your subscription
  • Send important service notifications
  • Improve our service and fix issues
  • Comply with legal obligations

Legal Basis for Processing

We process your data based on:

  • Contract: To provide the service you've signed up for
  • Legitimate interests: To improve our service and prevent fraud
  • Legal obligation: To comply with applicable laws
  • Consent: For marketing communications (you can opt out anytime)

Data Retention

  • Voice recordings: Automatically deleted after 90 days
  • Transcripts and notes: Retained while your account is active
  • Account data: Retained for 7 years after account closure for legal compliance
  • Payment records: Retained for 7 years for tax purposes

Data Security

We implement military-grade security measures including:

  • 256-bit TLS encryption for data in transit
  • AES-256 encryption for data at rest
  • Deterministic encryption for client names
  • Regular security audits and penetration testing
  • Role-based access controls
  • Multi-factor authentication available

AI and Your Data

Your recordings and transcripts are never used to train AI models. They are processed solely to provide the service and are never shared with third parties for any other purpose.

Data Sharing

We use the following service providers to deliver CarerNotes:

  • Transcription provider: Processes audio to text (audio is not retained by the provider)
  • AI provider: Generates structured notes (data is not used for training)
  • Stripe: For payment processing
  • AWS: For cloud infrastructure
  • Resend: For transactional emails

We do not sell your data or share it with third parties for marketing purposes.

International Transfers

Some of our service providers are based in the US. Where data is transferred internationally, we ensure appropriate safeguards are in place including Standard Contractual Clauses (SCCs) and equivalent protections.

Your Rights

Under UK GDPR, you have the right to:

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate data
  • Erasure: Request deletion of your data
  • Restriction: Restrict how we process your data
  • Portability: Receive your data in a portable format
  • Object: Object to certain processing

To exercise these rights, contact us at hello@carernotes.uk.

Children's Privacy

CarerNotes is not intended for use by anyone under 18. We do not knowingly collect data from children.

Changes to This Policy

We may update this policy from time to time. We will notify you of significant changes by email or through the service.

Contact Us

For privacy-related questions or to exercise your rights, contact us at:

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.