Legal

Privacy Policy

This policy explains how CareUnveil collects, uses, stores and protects personal information.

Last updated: 15 July 2026

1. Introduction

CareUnveil (“CareUnveil”, “we”, “our” or “us”) is committed to protecting your privacy and handling personal data responsibly.

This Privacy Policy explains how we collect, use, store and protect personal information when you:

  • visit our website;
  • request a demonstration;
  • contact us;
  • use the CareUnveil platform or mobile application; or
  • otherwise interact with our services.

We aim to process personal information in accordance with the UK General Data Protection Regulation, the Data Protection Act 2018 and other applicable data protection laws.

2. Our role when processing personal data

The role CareUnveil performs depends on how personal information is collected and used.

When we collect information directly through our website, sales enquiries, account administration or business communications, CareUnveil may act as the data controller.

When a care provider uses CareUnveil to record and manage information about residents, service users, staff members or care delivery, the care provider will usually act as the data controller and CareUnveil will act as its data processor.

In those circumstances, the relevant care provider determines why the personal information is processed and is responsible for responding to requests from residents, service users, staff members and other data subjects.

3. Information we collect

Information you provide directly

We may collect information including:

  • your name;
  • email address;
  • telephone number;
  • organisation name;
  • job title;
  • messages submitted through contact forms;
  • demo or sales enquiry details; and
  • communications you send to us.

Account and user information

When an organisation uses CareUnveil, we may process:

  • staff names and contact details;
  • user account information;
  • roles and permissions;
  • authentication and login information;
  • account activity; and
  • audit and security logs.

Care and service-user information

Our customers may use the CareUnveil platform to store and manage information such as:

  • resident or service-user details;
  • care notes and daily records;
  • incident and accident reports;
  • assessments and care plans;
  • medication-related records;
  • health and wellbeing information;
  • attachments and supporting documents; and
  • audit histories.

This information may include special category personal data, including health information. It is entered into the platform by our customers and remains under their control.

Technical information

When you use our website or services, we may automatically collect:

  • IP address;
  • browser type and version;
  • device type;
  • operating system;
  • pages visited;
  • dates and times of access;
  • application logs; and
  • diagnostic and security information.

4. How we use personal information

We may use personal information to:

  • provide and operate our services;
  • create and manage user accounts;
  • authenticate users and control access;
  • respond to enquiries and demo requests;
  • provide customer support and onboarding;
  • maintain the security of our services;
  • investigate errors and technical issues;
  • improve the performance and usability of CareUnveil;
  • communicate service-related information;
  • prevent fraud, misuse and unauthorised access;
  • comply with legal and regulatory obligations; and
  • establish, exercise or defend legal claims.

5. Lawful bases for processing

Where CareUnveil acts as a data controller, we may rely on one or more of the following lawful bases:

  • Contract: where processing is necessary to provide our services or take steps at your request before entering into a contract.
  • Legitimate interests: where processing is necessary for our legitimate business interests and those interests are not overridden by your rights.
  • Consent: where you have given us clear permission for a particular purpose.
  • Legal obligation: where processing is necessary for us to comply with the law.

Where CareUnveil acts as a data processor, the relevant customer is responsible for identifying the lawful basis and any additional condition required for processing special category data.

6. Website analytics and cookies

We may use analytics tools, including Google Analytics, to understand how visitors interact with our website.

Analytics information may include:

  • pages visited;
  • browser and device information;
  • approximate location;
  • referral source;
  • time spent on pages; and
  • general website interaction information.

We may also use cookies and similar technologies to operate the website, remember preferences, maintain security and analyse website usage.

Where required, non-essential cookies will only be used after you have provided consent. You may also control cookies through your browser settings.

7. How we share personal information

We do not sell personal information.

We may share information with carefully selected third-party service providers that support the operation of CareUnveil, including:

  • cloud infrastructure and hosting providers;
  • website analytics providers;
  • email and communication providers;
  • technical support providers;
  • security and monitoring providers;
  • professional advisers; and
  • regulators or public authorities where required by law.

Service providers are only permitted to process personal information for the agreed purpose and are required to protect it appropriately.

We may also disclose information as part of a business sale, merger, restructuring or transfer, subject to appropriate confidentiality and data protection safeguards.

8. International data transfers

Some of our service providers may process information outside the United Kingdom.

Where personal information is transferred internationally, we take steps to ensure appropriate safeguards are in place. These may include adequacy regulations, approved contractual protections or other lawful transfer mechanisms.

9. Data security

We use appropriate technical and organisational measures designed to protect personal information against unauthorised access, accidental loss, alteration, disclosure or destruction.

These measures may include:

  • encrypted connections using HTTPS;
  • authenticated user access;
  • role-based permissions;
  • audit and activity logging;
  • secure cloud infrastructure;
  • access restrictions;
  • security monitoring; and
  • regular software and security updates.

No electronic transmission or storage system can be guaranteed to be completely secure. However, we regularly review our safeguards and work to reduce security risks.

10. Data retention

We retain personal information only for as long as reasonably necessary for the purpose for which it was collected, including to:

  • provide our services;
  • maintain business and transaction records;
  • comply with legal obligations;
  • resolve disputes;
  • maintain security and audit records; and
  • establish or defend legal claims.

Our customers are responsible for determining appropriate retention periods for care records and other information they control within the CareUnveil platform.

When a customer account ends, information will be handled in accordance with our contractual agreement, legal obligations and applicable retention procedures.

11. Your data protection rights

Depending on the circumstances and applicable law, you may have the right to:

  • request access to your personal information;
  • request correction of inaccurate information;
  • request deletion of your information;
  • request restriction of processing;
  • object to processing;
  • request data portability;
  • withdraw consent where processing relies on consent; and
  • complain to a data protection authority.

These rights are not absolute and may be limited in certain circumstances.

Where your information has been entered into CareUnveil by a care provider, employer or other customer, you should normally contact that organisation first. As the data controller, it is usually responsible for responding to your request.

12. Children's information

The CareUnveil website is intended for care organisations and professionals and is not intended for children to use independently.

CareUnveil may process information relating to a child where that information is entered by an authorised care provider. In those circumstances, the care provider is responsible for ensuring the processing is lawful and appropriate.

13. Third-party websites

Our website may contain links to third-party websites or services. We do not control those websites and are not responsible for their privacy practices.

We recommend reviewing the privacy policy of any third-party service before providing personal information.

14. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes to our services, legal obligations or data-handling practices.

The latest version will be published on this page with the date it was last updated.

15. Contact us

For questions about this Privacy Policy or how CareUnveil processes personal information, contact:

CareUnveil

Email: dev@careunveil.com

Website: careunveil.com

You also have the right to raise a concern with the Information Commissioner’s Office if you believe your personal information has been handled unlawfully.