Privacy Policy
How we collect, use and protect personal data, and the rights you have over it, in line with UK data protection law.
Last updated: [DATE TO BE SET ON PUBLICATION]
1. Who we are
SmartCareApps Ltd ("we", "us", "our") is the data controller for the personal data described in this policy. We are registered in England and Wales (company number 17256668), with our registered office at 124 City Road, London, EC1V 2NX. For any privacy question, contact our data protection point of contact at hello@smartcareapps.co.uk.
2. Our two roles
It helps to separate two things:
- Where we are the controller. For our website visitors, people who enquire or start a trial, and our customers' account and billing details, we decide how that data is used — this policy covers it.
- Where we are the processor. For the personal data our customers enter into the service about the people they support and their staff, the customer is the controller and we process that data on their instructions to run the service. That processing is governed by our agreement with the customer, not by this policy.
3. What we collect
Website visitors
Our website is deliberately lightweight. We do not use tracking or advertising cookies. Our hosting provider keeps standard server logs (including IP addresses) to keep the site secure and running.
Enquiries and trial requests
When you use our contact or trial form, we collect the details you give us: your name, organisation, email address, phone number (if you provide it), the number of CQC registrations, and your message.
Customers
When you subscribe, we hold account details (such as names and email addresses of your users), login security information (passwords are stored only in encrypted/hashed form, together with multi-factor authentication settings), and billing information needed to take payment.
4. How & why we use it, and our lawful basis
- To respond to enquiries and run trials — on the basis of our legitimate interests in answering you and taking steps at your request before a contract.
- To provide and administer the service to customers — on the basis of performing our contract with you.
- To take payment and keep accounting records — to perform our contract and to meet our legal obligations.
- To keep the service secure, prevent misuse, and improve it — on the basis of our legitimate interests.
- To send you service-related messages (such as security or billing notices) — to perform our contract. We will not send you marketing without a lawful basis to do so.
5. Cookies
The marketing website does not set tracking, analytics or advertising cookies. The application uses a single strictly-necessary cookie to keep you securely signed in; it is not used to track you. Our fonts are served by Google Fonts, which means your browser requests them from Google and Google receives your IP address as part of that request.
6. Who we share it with
We do not sell your personal data. We use a small number of trusted service providers ("processors") who process data on our behalf under appropriate data protection terms:
- IONOS — hosting of our servers.
- Backblaze (B2) — encrypted off-site backups, stored in the EU.
- SMTP2GO — sending transactional and notification emails.
- Microsoft 365 — our business email.
- GoDaddy — domain and DNS services.
- Google Fonts — serving website fonts (receives IP addresses of site visitors).
We may also disclose personal data where we are legally required to, or to protect our rights or the safety of others.
7. International transfers
We aim to keep personal data within the UK and EU. Our hosting and backups are kept in the UK/EU. Some providers (such as Microsoft and Google) may transfer limited data outside the UK; where they do, they rely on safeguards recognised under UK data protection law, such as the UK International Data Transfer Agreement or addendum to the EU Standard Contractual Clauses.
8. How long we keep it
We keep personal data only as long as we need it:
- Enquiry and trial data — for up to [12 months] after our last contact, then deleted, unless you become a customer.
- Customer account data — for the duration of your subscription and for [a reasonable period, e.g. 6 months] afterwards, except where we must keep records (such as accounting records) for longer to meet a legal obligation.
- Billing and accounting records — for [6 years] to meet tax and accounting requirements.
9. How we protect it
We take security seriously. Data is hosted on UK/EU infrastructure, passwords are stored only in hashed form, we require multi-factor authentication, access is role-based so people see only what they need, traffic is encrypted in transit, and we take encrypted, off-site nightly backups that we periodically test by restoring.
10. Your rights
Under UK data protection law you have the right to ask us to give you access to the personal data we hold about you; correct it if it is wrong; delete it; restrict or object to how we use it; and provide it in a portable format. To exercise any of these, email hello@smartcareapps.co.uk. We will respond within one month. If your request relates to data we process on a customer's behalf (as their processor), we will direct you to that customer, who is the controller for it.
11. Vulnerable people & children
Our website and service are aimed at care organisations and their staff, not at the general public or children. Where the service is used to record information about the people a customer supports — who may be vulnerable adults or, in some services, children — that information is provided and controlled by the customer, and we process it only as their processor under our agreement with them, with the safeguards described above.
12. Changes
We may update this policy from time to time. We will post the current version here and update the "last updated" date. If we make a significant change, we will take reasonable steps to let affected people know.
13. Contact & complaints
For any privacy question or to exercise your rights, contact us at hello@smartcareapps.co.uk, or write to SmartCareApps Ltd, 124 City Road, London, EC1V 2NX.
If you are unhappy with how we have handled your personal data, you have the right to complain to the Information Commissioner's Office (ICO), the UK's data protection regulator, at ico.org.uk or on 0303 123 1113. We would appreciate the chance to address your concern first.