Care Home Platform
Back to Home
Last updated: 16 June 2026 · Version 1.0.0

Acceptable Use Policy

This policy sets out what you may and may not do when using the Care Home Platform. It applies to all users and must be read alongside our Terms of Service.

1. Purpose

This Acceptable Use Policy ("AUP") sets out the standards of conduct expected of all users of the Care Home Platform. It exists to protect children whose data is held on the platform, to safeguard other users, and to ensure the platform remains secure, reliable, and fit for its purpose as a professional care management tool.

2. Scope

This AUP applies to all individuals who access the Care Home Platform in any capacity, including:

Owners
Managers
Workers
Super Admins

3. Permitted Uses

The following activities are permitted, subject to your assigned role and permissions within your organisation:

  • Managing children's and staff records for your assigned homes
  • Creating, editing, and reviewing progress notes and key working records
  • Running authorised reports and automations within your role permissions
  • Using the task management system to assign and track care-related actions
  • Exporting data for legitimate care purposes (e.g. Ofsted inspections, statutory reviews)
  • Accessing compliance dashboards and regulatory tracking tools
  • Uploading documents and attachments relevant to care records

4. Prohibited Uses

The following activities are strictly prohibited and may result in immediate suspension of your account:

Accessing records outside your assigned homes or role permissions
Sharing login credentials or MFA codes with any other person
Creating automations or SQL reports that access other organisations' data
Exporting children's or staff data for non-care commercial purposes
Uploading malicious files, viruses, or harmful code as attachments
Attempting to bypass role-based access controls or row-level security
Storing data on the platform that is unrelated to care operations
Impersonating another user or creating accounts under false identities

5. Account Security

You are responsible for maintaining the security of your account. You must:

  • Enable multi-factor authentication (MFA) on your account
  • Use a strong, unique password not shared with any other service
  • Report any suspected compromise of your account immediately to your line manager and to chp@automatelabs.co.uk
  • Log out of the platform when using a shared or public device and before leaving it unattended
  • Never leave an active session visible to unauthorised individuals

6. Data Handling

Given the sensitive nature of children's personal data on the platform, all users must:

  • Not download or save children's personal data to personal devices unless explicitly authorised by your organisation
  • Dispose of any exported reports containing personal data securely, in line with your organisation's data handling procedures
  • Not share reports or exports containing children's data via unsecured channels (e.g. unencrypted personal email or messaging apps)
  • Only access records you have a legitimate need to view in connection with your role

7. Monitoring

All actions performed on the Care Home Platform are recorded via an audit trail, including logins, record views, edits, exports, and configuration changes. This monitoring exists to protect children's data, support safeguarding, and ensure accountability.

By using the platform, you acknowledge and consent to this monitoring as a condition of access. Audit logs may be reviewed by authorised personnel within your organisation or by Automate Labs in response to a support request or suspected security incident.

8. Developer and Admin Rules

The following additional rules apply to all personnel with infrastructure or administrative access:

  • Production server access is restricted to authorised personnel only
  • Access to customer data is only permitted in response to an authorised support ticket or investigation
  • All code changes must go through peer review before deployment to production
  • Database queries run against production must be read-only unless authorised and documented
  • Any security vulnerability discovered must be reported immediately and not disclosed externally without authorisation

9. Reporting Violations

If you become aware of any actual or suspected violation of this AUP — whether by yourself or another user — you should report it promptly to your line manager and to chp@automatelabs.co.uk. Reports will be treated in confidence to the extent possible. We do not tolerate retaliation against anyone who makes a good-faith report.

10. Consequences

Violations of this AUP may result in:

  • Immediate suspension of your user account
  • Termination of the Customer's subscription under the Terms of Service
  • Referral to relevant authorities, including under the Computer Misuse Act 1990, UK GDPR, or other applicable legislation
  • Civil or criminal liability where violations constitute a criminal offence

Automate Labs reserves the right to take any action it deems necessary to protect the security and integrity of the platform and the safety of data held within it.

11. Contact

For questions about this policy, to report a violation, or to raise a security concern, contact us at chp@automatelabs.co.uk.

Privacy Policy

How we handle your data

Terms of Service

Subscription and use terms

Sub-Processors

Third parties we work with