Privacy Policy
Summary: ClinBridge Health Ltd collects only the personal data necessary to operate the Med-Guide platform for UK care homes. We do not sell your data. We do not use it for advertising. You have the right to access, correct, and delete your data at any time.
1. Who We Are
ClinBridge Health Ltd operates the ClinBridge Med-Guide platform at app.clinbridgehealth.co.uk and the marketing site at clinbridgehealth.co.uk.
Data Controller: ClinBridge Health Ltd
Contact: ssekar@outlook.com
This policy applies to all users of our platform and website, including care home staff, clinical leads, administrators, and visitors.
2. Data We Collect
| Data | Purpose | Basis |
|---|---|---|
| Name and email address | Account creation and communications | Contract performance |
| Organisation name | Institutional account management | Contract performance |
| Username and password hash | Authentication and access control | Contract performance |
| Login timestamps and session data | Security, audit trail, session management | Legitimate interest |
| Medication search queries | Gap analysis to improve the database | Legitimate interest |
| Subscription and payment records | Billing and account management | Contract performance |
| IP address and browser type | Security and fraud prevention | Legitimate interest |
We do not collect special category data (e.g. health data about residents). The platform is a reference tool; resident information should never be entered into it.
3. Legal Basis for Processing
Under UK GDPR, we process personal data on the following lawful bases:
- Contract performance — processing necessary to provide the Med-Guide service you have subscribed to
- Legitimate interests — improving the platform, preventing fraud, maintaining security, and analysing usage patterns
- Legal obligation — where required by UK law or regulation
- Consent — for any optional communications you opt into
4. How We Use Your Data
- To create and manage your account
- To provide access to the Med-Guide medication database and AI assistant
- To process payments and manage subscriptions
- To send account-related communications (e.g. login alerts, subscription renewals)
- To improve the medication database based on anonymised search patterns
- To maintain security and prevent unauthorised access
- To comply with legal and regulatory obligations
5. Data Sharing
We do not sell, rent, or trade your personal data. We may share data with:
- Supabase Inc — our database provider (servers in EU/UK); privacy policy
- Cloudflare Inc — our hosting and CDN provider; privacy policy
- Anthropic PBC — powers the AI Clinical Assistant (Tier 2 and 3 only); queries are not stored by Anthropic beyond the session; privacy policy
- Legal authorities — where required by law, court order, or regulatory requirement
All processors are bound by data processing agreements and subject to UK GDPR standards.
6. Data Retention
- Active account data — retained for the duration of your subscription plus 12 months
- Audit and security logs — retained for 12 months then deleted
- Search logs (anonymised) — retained for 24 months for database improvement
- Billing records — retained for 7 years (legal requirement)
7. Your Rights Under UK GDPR
You have the right to:
- Access — request a copy of the personal data we hold about you
- Rectification — correct inaccurate or incomplete data
- Erasure — request deletion of your data (subject to legal obligations)
- Restriction — limit how we process your data in certain circumstances
- Portability — receive your data in a machine-readable format
- Objection — object to processing based on legitimate interests
- Withdraw consent — for any consent-based processing
To exercise any of these rights, contact us at ssekar@outlook.com. We will respond within 30 days.
You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk or by calling 0303 123 1113.
8. Cookies and Tracking
The Med-Guide platform uses sessionStorage (cleared when you close your browser tab) to maintain your login session. We do not use persistent tracking cookies or third-party advertising cookies.
The marketing site (clinbridgehealth.co.uk) uses Cloudflare for performance — Cloudflare may set a security cookie (__cf_bm) that expires within 30 minutes.
9. Security
We implement the following security measures:
- All data transmitted over TLS (HTTPS)
- Passwords hashed using SHA-256 with a unique salt; never stored in plain text
- Role-based access control — users only access data appropriate to their tier
- Session expiry after 45 minutes of inactivity
- Audit logging of all login events and administrative actions
- Account lockout after 5 failed login attempts
10. Children
The Med-Guide platform is intended for healthcare professionals aged 18 and over. We do not knowingly collect data from individuals under 18.
11. GDPR Notice
For our full GDPR Notice, including our lawful basis register and data subject request procedures, please see our GDPR Notice page.
12. Changes to This Policy
We may update this Privacy Policy periodically. Material changes will be communicated by email to registered users and by a notice on the platform. The "Last updated" date at the top of this page indicates when it was last revised.
13. Contact
For any privacy queries, data subject requests, or complaints:
Email: ssekar@outlook.com
ClinBridge Health Ltd — UK registered company