Privacy Policy

1. Who we are

Data Controller: ClinicShield Alliance Ltd (pending registration)
ICO Registration: pending
Data protection contact: privacy@clinicshieldalliance.com

2. Information we collect

• Account data (name, email, clinic details).
• Uploaded documents and content provided for analysis.
• Generated outputs (risk summaries, suggested wording, reports).
• Technical data (IP, device/browser info, logs) for security and performance.

3. Purposes & lawful basis

• Provide the scan service and return results (performance of a contract).
• Maintain security, prevent abuse, and keep an audit trail where you enable retention (legitimate interests).
• Communicate about your account and service updates (performance of a contract / legitimate interests).
• Marketing communications where applicable (consent; you can opt out anytime).
• Legal obligations (e.g., responding to lawful requests).

4. Storage & retention

• Free scans: files auto-delete within 24 hours.
• Paid plans: retention configurable up to 12 months to maintain an audit trail.
• Backups/logs retained for a limited period for security and continuity.

5. Security

TLS in transit and encryption at rest. Role-based access and audit logging. Hosted in UK data centre regions on [Provider e.g. AWS/Azure/GCP] with ISO 27001-certified facilities. Keys are centrally managed with scheduled rotation (e.g., quarterly).

6. Sharing

We do not sell your data. We use vetted sub-processors (e.g., cloud hosting, analytics, email) under data processing agreements. We disclose data when required by law or to protect rights and safety.

7. International transfers

If data leaves the UK/EEA, we use appropriate safeguards (e.g., ICO IDTA / EU SCCs). Details available on request.

8. Your rights

• Access, rectification, erasure, restriction, objection, and portability.
• Withdraw consent where processing relies on consent.
• Complain to the ICO: ico.org.uk.

9. Contact

Email: privacy@clinicshieldalliance.com