Privacy Policy

Introduction

CareAdvocate is committed to protecting your privacy and handling your personal data responsibly. This privacy policy explains what data we collect, how we use it, and your rights under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Data Controller

The data controller for this website is CareAdvocate, operated by Matthew Hosking.

Registered address: CareAdvocate, 71-75 Shelton Street, Covent Garden, London, WC2H 9JQ, United Kingdom.

For any questions about this policy or to exercise your data rights, please contact us at hello@careadvocate.co.uk.

What Data We Collect

Information You Provide

• Email address — If you subscribe to our newsletter or contact us via email, we collect and store your email address.
• Name — If you provide your name when contacting us or subscribing, we collect and store it.
• Message content — If you contact us with a question or feedback, we retain the content of your message.
• Medical records and health information — If you use our Evidence Engine service, you submit medical records (as PDF documents) for analysis. This constitutes special category data (health data) under UK GDPR. See the "Evidence Engine" section below for full details of how this data is collected, processed, stored, and retained.
• Patient details — When creating a case in the Evidence Engine, you provide the patient's name, date of birth, and your relationship to the patient. This information is stored alongside your case data.
• Family context — You may optionally provide free-text observations about the patient's care needs that may not be captured in their medical records. This information is stored as part of your case.
• Payment information — If you purchase a product, your payment is processed by Stripe. We do not store your card details — Stripe handles payment processing as our payment processor. We receive confirmation of your purchase and create a durable purchase record in our own database. See "Purchase records" below.
• Purchase records — When you complete a purchase, we create and store a record containing: your user account ID, email address, the Stripe checkout session identifier, the product purchased (name and ID), the amount charged, the currency, the delivery method, the date of purchase, and the status of your delivery confirmation email. This record is linked to your CareAdvocate account. Authorised CareAdvocate staff and administrators can access all purchase records for customer support, financial reconciliation, and operational purposes. You can view your own purchase history at any time via the My Purchases page in your dashboard.

Information Collected Automatically

• Analytics data — We use Google Analytics to understand how visitors use our website. This includes information such as pages visited, time spent on the site, referring websites, browser type, device type, and approximate geographic location. This data is collected using cookies and is processed in aggregate form.
• Cookies — We use cookies to support analytics and to ensure the website functions correctly. See the Cookies section below for further details.

How We Use Your Data

We use the personal data we collect for the following purposes:

• Newsletter delivery — To send you email updates about new guides, articles, and care funding news. We use Resend as our email delivery service.
• Responding to enquiries — To reply to messages you send us via email or any contact form on the website.
• Website improvement — To understand how visitors use our website so we can improve its content, structure, and performance. This is done through Google Analytics.
• Evidence Engine analysis — To analyse medical records you submit through the Evidence Engine and produce a structured advocacy report to support your NHS Continuing Healthcare (CHC) funding application. See the "Evidence Engine" section below for full details.
• Payment processing — To process purchases of our paid products via Stripe and deliver your purchase (download links, access tokens, or confirmation emails).

We do not use your data for marketing on behalf of third parties, and we do not sell or rent personal data to anyone.

Lawful Basis for Processing

Under UK GDPR, we process your personal data on the following lawful bases:

• Consent (Article 6(1)(a)) — For sending you newsletter emails. You can withdraw your consent at any time by clicking the unsubscribe link in any email or by contacting us directly.
• Explicit consent for special category data (Article 9(2)(a)) — For processing special category health data through the Evidence Engine. Before submitting medical records, you are informed that your documents will be processed by AI, reviewed by staff, and stored securely, and you provide explicit consent. You may withdraw this consent at any time — see "Your Rights Regarding Medical Records" below.
• Contract (Article 6(1)(b)) — For processing payments and delivering purchased products. This processing is necessary for the performance of a contract between you and CareAdvocate.
• Legitimate interest (Article 6(1)(f)) — For website analytics, and for certain screener lead data: storing the screener eligibility tier to understand how well the screener serves users, and storing IP addresses for abuse prevention and rate-limiting. This processing is proportionate and does not override your rights or freedoms.

Evidence Engine

The Evidence Engine is our core service that uses artificial intelligence to analyse medical records and care documentation to support NHS Continuing Healthcare (CHC) funding applications.

What data is collected

When you use the Evidence Engine, we collect and process:

• Medical records — PDF documents you upload containing medical records, care plans, nursing notes, hospital discharge summaries, and other clinical documentation. This constitutes special category data (health data) as defined under UK GDPR Article 9.
• Patient details — The patient's name, date of birth, and your relationship to them.
• Family context — Optional free-text observations you provide about the patient's care needs that may not be captured in their medical records.

How the data is processed

Your case is processed through a multi-stage pipeline:

1. Document upload and storage — Your PDF documents are uploaded to encrypted storage (AWS S3) in the eu-west-2 (London) region via a secure, time-limited pre-signed URL.
2. Optical Character Recognition (OCR) — Document text is extracted from your PDFs using AWS Textract, running in the eu-west-2 (London) region.
3. Triage and classification — The extracted text is organised and classified against the 12 CHC assessment domains.
4. AI analysis — The classified evidence is analysed by AI models (Anthropic Claude and Google Gemini, both via Google Cloud Vertex AI) to identify strengths, gaps, and patterns across the 12 domains. All AI processing takes place in European data centres covered by the UK GDPR adequacy decision (europe-west1 Belgium for Claude, europe-west4 Netherlands for Gemini).
5. Checklist descriptor analysis (Checklist Evidence Pack only) — For Checklist Evidence Pack purchases, the AI additionally maps evidence against the official NHS Checklist A/B/C descriptors for all 11 domains, assigns a level (A, B, or C) to each domain, and generates written assessment narratives. These narratives are stored in our database as domain_narratives and constitute special category data processed under Article 9(2)(a) explicit consent. Assessment narratives are AI-generated, then reviewed and may be edited by a CareAdvocate team member before release. Narrative data is covered by the same 90-day retention period as other case data and is automatically deleted when the case is deleted (CASCADE delete).
6. Staff review (Human-in-the-Loop) — Before your report is released, a trained CareAdvocate staff member reviews the AI-generated analysis for accuracy, completeness, and quality. For Checklist Evidence Pack cases, staff additionally review and may edit the A/B/C level assignments and assessment narratives. This review takes place within the CareAdvocate staff portal.
7. Report delivery — Once reviewed, your structured advocacy report is made available in your dashboard and can be exported as a PDF or DOCX document.

Where your data is stored

• Medical record files (PDFs) — Stored in AWS S3 in the eu-west-2 (London) region. Files are encrypted at rest using AES-256 server-side encryption and encrypted in transit via HTTPS. Access is controlled via time-limited pre-signed URLs — there is no direct public access to the storage bucket.
• Case data, patient details, and analysis results — Stored in Supabase (EU-hosted PostgreSQL database) with row-level security policies ensuring only you and authorised CareAdvocate staff can access your data.

Data retention for Evidence Engine

• Medical record files and case data — Retained for 90 days from the date your report is delivered, then automatically deleted.
• Early deletion — You may request deletion of all your medical records and case data at any time before the 90-day period expires by emailing hello@careadvocate.co.uk or by submitting a deletion request through your dashboard.

Your rights regarding medical records

In addition to your general data rights (see "Your Rights" below), you have the following rights specific to medical records processed through the Evidence Engine:

• Right to withdraw consent — You may withdraw your consent to the processing of your medical records at any time. Upon withdrawal, we will cease processing and delete your medical records and case data. Withdrawal does not affect the lawfulness of processing carried out before you withdrew consent.
• Right to request deletion — You may request the deletion of all medical records, patient details, family context, and analysis results associated with your case at any time by emailing hello@careadvocate.co.uk.
• Right to obtain a copy — You may request a copy of all data we hold in connection with your case, including uploaded documents, extracted text, analysis results, and your final report.
• How to exercise these rights — Contact us at hello@careadvocate.co.uk. We will respond to your request within one month.

Data minimisation

• Only documents relevant to the CHC assessment are processed.
• AI models are instructed to analyse clinical content only and to disregard irrelevant personal information.
• Staff access is restricted to authorised personnel via role-based access controls.
• Pre-signed URLs for document access expire after a short time period.

Data Protection Impact Assessment

A Data Protection Impact Assessment (DPIA) has been conducted for the Evidence Engine in accordance with UK GDPR Article 35, as the service involves automated processing of special category health data. A copy of the DPIA is available on request by contacting hello@careadvocate.co.uk.

CHC Eligibility Screener

The CHC Eligibility Screener is a free interactive tool that helps families assess whether their relative may be eligible for NHS Continuing Healthcare funding.

What data is collected

When you use the screener and choose to receive an action plan by email, we collect and store:

• Email address — used to send your personalised action plan.
• Screener result (eligibility tier) — whether your assessment indicates "likely eligible", "possible eligibility", or similar outcome category. This is used to personalise the content of your action plan and to understand how well the screener serves different types of users.
• Postcode district — the outward code only (e.g. "EX1"), not your full postcode. Used to identify your NHS Integrated Care Board (ICB) and to include ICB-specific approval rate data in your results. Stored as an ICB slug identifier.
• Marketing consent flag — whether you opted in to receive ongoing CHC guidance updates.
• IP address — your IP address is collected for the purpose of abuse prevention and rate-limiting. This is processed under legitimate interest (Article 6(1)(f)) and is not used for any other purpose.

What is NOT collected or stored

• Individual question answers or domain-level responses — these are held in your browser only and are never transmitted to our servers.
• Your full postcode, name, or any identifying information about the relative being assessed.
• Special category health data — the screener does not collect or store clinical data about the person being assessed.

Lawful basis for processing

• Consent (Article 6(1)(a)) — for sending the action plan email and any subsequent marketing emails where you have opted in. You can withdraw consent at any time via the unsubscribe link in any email.
• Legitimate interest (Article 6(1)(f)) — for storing the screener result (eligibility tier) to understand which users benefit from CHC guidance, and for storing the IP address for abuse prevention and rate-limiting.

Action plan email

If you request an action plan, your domain-level results (abstracted outcome summaries, not raw clinical data or individual question answers) are transmitted to Resend, our email delivery provider, solely to construct and send your personalised action plan email. The email may also include information relevant to your NHS region and signposting to our paid services.

Data retention for screener leads

• Screener lead records — retained for 24 months from the date of collection, or until you unsubscribe from all emails plus 30 days, whichever is sooner.

Third-party processors for screener data

• Resend — used to deliver the action plan email and any subsequent marketing emails. Resend receives your email address and email content. No medical data is transmitted.
• Supabase — stores screener lead records (email, eligibility tier, postcode district, consent flag, IP address) in EU-hosted infrastructure.
• Vercel — hosts the screener application and processes access logs, including IP addresses, as part of standard web hosting.

Data Sharing and Third-Party Processors

We share personal data only with the following third-party service providers, and only to the extent necessary to deliver our services. Each acts as a data processor on our behalf:

• Supabase (database and authentication) — Stores user accounts, case data, patient details, analysis results, and purchase records. Hosted in the EU.
• Amazon Web Services (AWS) — Provides S3 storage for uploaded medical record files (eu-west-2, London) and Textract OCR for document text extraction (eu-west-2, London). All AWS processing occurs within the UK (London) region.
• Google Cloud (Vertex AI) — Hosts all AI model processing, including Anthropic Claude (europe-west1, Belgium) for evidence classification and domain assessment, and Google Gemini (europe-west4, Netherlands) for evidence extraction and cross-domain intelligence. All processing occurs in EU regions covered by the UK GDPR adequacy decision. Neither Anthropic nor Google retains your data after processing or uses it to train AI models.
• Stripe (payment processing) — Processes payment card details, email addresses, and transaction information. Stripe is PCI DSS Level 1 certified and operates within the EU/UK. We do not store your card details. CareAdvocate retains its own purchase records (as described above) for customer support and HMRC compliance purposes.
• Resend (transactional email) — Processes email addresses and email content for the purpose of sending transactional emails (purchase confirmations, case status updates, password resets) on our behalf. Resend operates in the US; however, only transactional metadata (email addresses and message content) is transmitted — no medical data is ever sent to Resend.
• Google Analytics — Processes anonymised website usage data to provide analytics reports. No medical data or personally identifiable health information is transmitted to Google Analytics.
• Vercel (web hosting) — Hosts the CareAdvocate website and application. Vercel serves content via its EU edge network. No medical record files are stored on Vercel; document storage is handled exclusively by AWS S3.

We do not share personal data with any other third parties. We do not sell, trade, or otherwise transfer your personal data to outside parties.

Cookies

We use the following types of cookies:

• Essential cookies — Required for the website to function correctly, including authentication session cookies. These do not require consent.
• Analytics cookies — Used by Google Analytics to collect information about how visitors use the website. These cookies are set only with your consent.

You can manage your cookie preferences through your browser settings. Most browsers allow you to refuse or delete cookies. Please note that disabling cookies may affect the functionality of the website.

Data Retention

• Email addresses and subscriber data — Retained for as long as you remain subscribed to our newsletter. If you unsubscribe, your data is deleted within 30 days.
• Screener lead records — Retained for 24 months from collection, or until unsubscription plus 30 days, whichever is sooner.
• Contact enquiries — Retained for up to 12 months after the enquiry is resolved, then deleted.
• Analytics data — Retained in Google Analytics for a maximum of 26 months, after which it is automatically deleted.
• Medical records and Evidence Engine data — Retained for 90 days from the date your report is delivered, then automatically deleted. You may request earlier deletion at any time.
• Purchase records — Retained for 6 years in accordance with HMRC requirements for financial records.

Data Security

We take appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include:

• Encryption in transit — All data is transmitted over encrypted HTTPS connections.
• Encryption at rest — Medical record files stored in AWS S3 are encrypted using AES-256 server-side encryption.
• Access controls — Role-based access control (RBAC) ensures that only authorised personnel can access sensitive data. Row-level security policies in our database restrict access to case data.
• Pre-signed URLs — Document access is controlled via time-limited pre-signed URLs rather than direct bucket access.
• Security headers — The website implements Content Security Policy (CSP), HTTP Strict Transport Security (HSTS), and other security headers.
• Input validation — All user input is validated server-side to prevent injection attacks.

Your Rights

Under UK GDPR, you have the following rights in relation to your personal data:

• Right of access — You may request a copy of the personal data we hold about you.
• Right to rectification — You may request that we correct any inaccurate or incomplete personal data.
• Right to erasure — You may request that we delete your personal data, subject to any legal obligations we may have to retain it. Purchase and financial records are retained for 6 years as required by HMRC, even if you delete your account — this is a legal obligation that overrides the right to erasure under Schedule 2, Part 1 of the Data Protection Act 2018.
• Right to data portability — You may request that we provide your personal data in a structured, commonly used, machine-readable format.
• Right to object — You may object to our processing of your personal data where we rely on legitimate interest as the lawful basis.
• Right to restrict processing — You may request that we restrict the processing of your personal data in certain circumstances.
• Right to withdraw consent — Where processing is based on consent, you may withdraw your consent at any time. This includes consent for newsletter emails and explicit consent for the processing of medical records through the Evidence Engine.

To exercise any of these rights, please contact us at hello@careadvocate.co.uk. We will respond to your request within one month.

Complaints

If you are not satisfied with how we handle your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

• Website: ico.org.uk
• Telephone: 0303 123 1113
• Post: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

We would appreciate the opportunity to address your concerns before you contact the ICO, so please reach out to us first if possible.

Changes to This Policy

We may update this privacy policy from time to time to reflect changes in our practices or legal requirements. Any significant changes will be communicated through our website. The "last updated" date at the top of this page indicates when the policy was most recently revised.