Privacy Policy

Last updated: 18 February 2025

1. Who we are

Careborne ("we", "us", "our") is a care management platform operated by Careborne Ltd. We provide software services to children's homes, supported accommodation providers, and semi-independent services across the United Kingdom.

For the purposes of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, we are the data processor. The care provider using our platform is the data controller.

2. What data we collect

2.1 Account and organisational data

When you register for Careborne, we collect:

• Your name, email address, and job title
• Your organisation name, address, and Ofsted registration details
• Billing information (processed securely by our payment provider)

2.2 Platform usage data

When you use the platform, data is created and stored as part of normal care operations:

• Young person profiles, care plans, risk assessments, and daily logs
• Incident reports, safeguarding concerns, and investigation records
• Staff records, training logs, rota information, and supervision notes
• Medication administration records
• Documents uploaded to the platform
• Audit trail entries (who did what, and when)

2.3 Website visitor data

When you visit our marketing website (careborne.app), we may collect:

• Basic analytics data (pages visited, time on site, referral source)
• Information you provide via our contact or demo booking forms
• Cookie data, subject to your consent preferences

3. How we use your data

We use the data we collect to:

• Provide and maintain the Careborne platform
• Process AI-assisted features (smart summaries, risk analysis, referral matching)
• Generate compliance reports and Ofsted readiness scoring
• Send essential service communications (security alerts, maintenance notices)
• Improve our platform based on aggregated, anonymised usage patterns
• Respond to your enquiries and provide customer support

4. AI and your data

Careborne uses artificial intelligence to assist care professionals. Our AI features are designed with strict data boundaries:

• AI can only access data that the logged-in user is authorised to see, based on their clearance level
• AI-generated content is always clearly marked and requires human review before use
• Your data is never used to train third-party AI models
• AI processing occurs within our secure UK infrastructure
• All AI interactions are logged in the audit trail

5. Data storage and security

We take the security of your data extremely seriously:

• All data is stored in UK-based data centres
• Data is encrypted at rest and in transit using industry-standard encryption
• Each care provider's data is completely isolated from other providers
• We maintain an immutable audit trail of all platform activity
• Five clearance levels control access to sensitive information
• Regular security assessments and penetration testing are conducted
• Data is never permanently deleted - it is archived with full traceability

6. Data sharing

We do not sell your data. We only share data in the following circumstances:

• With sub-processors necessary to operate the platform (hosting, email delivery), all of whom are UK or EU based and bound by data processing agreements
• When required by law, regulation, or valid legal process
• With external professionals (e.g. social workers) via the Stakeholder Portal, as configured and controlled by the care provider

7. Cookies

Our website uses the following types of cookies:

7.1 Essential cookies

Required for the website and platform to function. These cannot be disabled. They include session cookies and security tokens.

7.2 Analytics cookies

Used to understand how visitors interact with our website. These are only set with your consent and help us improve our site. You can change your preference at any time by clearing your cookies.

8. Your rights

Under the UK GDPR, you have the right to:

• Access the personal data we hold about you
• Rectify inaccurate personal data
• Request erasure of your personal data (subject to legal retention requirements)
• Restrict or object to processing of your personal data
• Data portability - receive your data in a structured, machine-readable format
• Withdraw consent at any time where processing is based on consent

For data held within the Careborne platform about young people in care, rights requests should be directed to the care provider (data controller) in the first instance.

9. Data retention

Care records are retained in accordance with the care provider's retention policy and applicable regulations. As a minimum, records relating to looked-after children must be retained until the young person reaches the age of 75, in line with Department for Education guidance.

Account and billing data is retained for 7 years after the end of the contract for tax and legal compliance purposes.

10. Children's data

Careborne processes data about children and young people in residential care. This data is classified as special category data and is subject to the highest level of protection. Access is strictly controlled through our clearance level system, and all processing is carried out under the lawful basis established by the care provider.

11. International transfers

We do not transfer personal data outside the United Kingdom. All data storage, processing, and AI operations take place within UK data centres.

12. Changes to this policy

We may update this Privacy Policy from time to time. We will notify registered users of any material changes via email and update the "Last updated" date at the top of this page.

13. Contact us

If you have questions about this Privacy Policy or wish to exercise your data rights, please contact us: