ClinicalPad logo
Who It's ForSecurityAbout UsContact Us
Sign Up

Privacy Page

Privacy policy

This page was last updated on 12th January 2025.

contact-shape-left
a white background with squares and dots

Introduction

ClinicalPad Limited ("ClinicalPad," "we," "our," or "us") is committed to protecting your privacy and ensuring the security of your personal and healthcare information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform and services.

Who We Are

ClinicalPad Limited is registered in the United Kingdom (Company Number: 15274832) with our registered office at 167-169 Great Portland Street, 5th Floor, London UK W1W 5PF. We operate the website clinicalpad.com and the application platform app.clinicalpad.com.

Our Data Protection Officer can be contacted at: Email: enquiries@clinicalpad.com Address: 167-169 Great Portland Street, 5th Floor, London UK W1W 5PF

Information We Collect

Personal Information

We collect information necessary for platform operation and service delivery, including:

  • Name, address, and contact details
  • Professional credentials and qualifications
  • Payment information
  • Account login credentials
  • Usage data and platform activity logs
  • Audio consultation recordings and transcripts
  • IP address and device information

Healthcare Information

In providing our services, we may collect:

  • Patient medical records and history
  • Clinical documentation and notes
  • Healthcare provider notes and communications
  • Treatment plans and medical data
  • Audio recordings of consultations (when feature is used)
  • AI-generated medical histories and documentation

Data Storage and Security

Storage Locations

We maintain dedicated local storage in:

  • United Kingdom
  • United States
  • Australia
  • Canada

All data is stored using AWS servers with AES-256 end-to-end encryption.

Data Retention

We offer flexible data retention options based on your subscription tier:

  • Starter Plan: Up to 30 days or never delete
  • Core Plan: Up to 60 days or never delete
  • Pro Plan: Up to 90 days or never delete
  • Enterprise Plan: Custom retention periods

Security Measures

We implement comprehensive security measures including:

  • Annual third-party penetration testing
  • Regular security audits
  • Cyber Essentials certification
  • GDPR and HIPAA compliance
  • Organisation-specific siloed hosting for Enterprise clients
  • Strict access controls
  • Continuous monitoring
  • Encryption at rest and in transit

Use of Information

We use collected information to:

  • Provide and improve our services
  • Process payments
  • Maintain platform security
  • Comply with legal obligations
  • Send service updates and notifications
  • Generate AI-assisted documentation
  • Process audio consultations
  • Manage template libraries
  • Facilitate team collaboration
  • Generate anonymised statistical data
  • Provide customer support

Data Sharing and Disclosure

We may share your information with:

  1. Your authorised team members based on subscription tier permissions
  2. Service providers who assist in platform operations
  3. Payment processors (Stripe)
  4. Legal authorities when required by law
  5. Professional advisors and auditors
  6. NHS and healthcare regulatory bodies as required

We will never sell or share identifiable user or patient data with third parties for marketing purposes.

Your Rights and Choices

You have the right to:

  • Access your personal information
  • Correct inaccurate data
  • Request deletion of your data
  • Object to processing
  • Data portability
  • Withdraw consent
  • Set data retention periods
  • Control marketing communications

Compliance Framework

Our platform adheres to:

  • GDPR requirements and;
  • HIPAA regulations

International Data Transfers

While we store data locally in your jurisdiction, some features may require limited data transfer to other regions. All transfers comply with:

  • UK Data Protection Act
  • EU GDPR
  • US HIPAA
  • Australian Privacy Principles
  • Canadian PIPEDA

Cookies and Tracking

We utilise:

  • Essential cookies for platform functionality.
  • Google Analytics for website tracking (with privacy-preserving features).
  • Matomo (HIPAA/GDPR compliant) for application tracking.

Children's Privacy

Our services are not intended for users under 18 years of age. We do not knowingly collect or maintain information from children.

Changes to This Policy

We may update this policy periodically. We will notify you of material changes via:

  • Email notification
  • Platform notification
  • Website announcement

Contact Us

For privacy-related inquiries: Email: enquiries@clinicalpad.com Address: 167-169 Great Portland Street, 5th Floor, London UK W1W 5PF

Regulatory Information

ClinicalPad maintains:

  • ICO registration
  • Cyber Essentials certification
  • GDPR compliance
  • HIPAA compliance

ClinicalPad

About ClinicalPadWho It's ForSecurityContact us

Legal & Other

Terms of ServicePrivacy PolicyUsage PolicyAI PolicyBest Practices

Socials

InstagramLinkedin

©ClinicalPad. 2023 - 2025. All rights reserved.