Privacy Policy

1. Data controller

The data controller is CareProof Ltd, registered in England and Wales. CareProof is registered with the Information Commissioner's Office (ICO).

Contact: privacy@careproof.co.uk

2. What data we collect

From family users (account holders)

• •Name and email address
• •Password (stored as a secure hash, never in plain text)
• •Property addresses where care is provided
• •Care recipient names
• •Subscription and payment details (processed by Stripe — we do not store card numbers)
• •Notification and theme preferences

From carers (no account required)

Carers do not create accounts. We collect data when they use a check-in link or scan a QR code:

• •GPS coordinates at check-in and check-out
• •Timestamps of arrival and departure
• •Device type and browser information
• •QR scan records

Collected automatically

• •Authentication session cookies
• •Browser type and IP addresses

3. Why we collect it and our legal basis

4. Third-party processors

We use the following third-party services to operate CareProof. All processors are GDPR compliant and data processing agreements are in place.

5. Data retention

• •Active accounts: data is retained while your account is active.
• •After cancellation: visit data and carer location data are retained for 12 months, then permanently deleted.
• •Payment records: retained as required by UK tax law (typically 6 years).
• •You may request earlier deletion by emailing privacy@careproof.co.uk.

6. Your rights under UK GDPR

You have the following rights regarding your personal data:

• •Right of access — request a copy of the data we hold about you
• •Right to rectification — ask us to correct inaccurate data
• •Right to erasure — ask us to delete your data
• •Right to restrict processing — ask us to limit how we use your data
• •Right to data portability — receive your data in a portable format
• •Right to object — object to our processing of your data

To exercise any of these rights, email privacy@careproof.co.uk. We will respond within 30 days.

7. Data security

• •All data is encrypted in transit using TLS and at rest.
• •Access controls are enforced via Supabase Row Level Security (RLS).
• •Passwords are securely hashed and never stored in plain text.

8. Children

CareProof is not intended for anyone under the age of 18. We do not knowingly collect data from children.

9. International transfers

Some of our third-party processors may process data outside the UK. Where this occurs, we ensure that appropriate safeguards are in place, including standard contractual clauses and adequacy decisions, to protect your data in accordance with UK GDPR.

10. Cookies

CareProof uses only essential authentication cookies to keep you signed in. We do not use advertising or tracking cookies.

11. Changes to this policy

We may update this privacy policy from time to time and will notify you by email when we do.

12. Contact and complaints

For any questions or concerns about your data, email privacy@careproof.co.uk.

If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.