Data protection

Medical records are sensitive. We treat them that way.

Families often worry about uploading records before a CHC review. This page explains the practical safeguards behind CareAdvocate in plain English. It complements, but does not replace, our formal privacy policy.

Read the privacy policy Ask a question

UK/EU data handling

Medical records are stored in AWS London and processed only in UK/EU regions used by the Evidence Engine workflow.

Encryption and access controls

Files are transferred over HTTPS, encrypted at rest, and accessed only by the reviewer or operational process needed for your case.

No advertising use

Medical data is not sold, shared for advertising, or used to train public AI models.

Retention limits

Medical records and case data are normally deleted 90 days after report delivery unless a legal or operational reason requires a different retention period.

The short version

These are the safeguards families most often ask about before uploading records.

Medical records are stored in AWS London and processed in UK/EU regions.
Files are encrypted at rest and transferred over HTTPS.
Access is limited to the reviewer handling your case.
Medical records and case data are normally deleted 90 days after report delivery.
Your medical data is not sold, shared for advertising, or used to train public AI models.

See how data is protected Read the privacy policy Ask a data-protection question

What this means in practice

Medical records are stored in AWS London and processed in UK/EU regions.
Files are encrypted at rest and transferred over HTTPS.
Access is limited to the reviewer handling your case.
Medical records and case data are normally deleted 90 days after report delivery.
Your medical data is not sold, shared for advertising, or used to train public AI models.