Care Home Platform
Back to Home
Last updated: 16 June 2026 · Version 1.0.0

Privacy Policy

This policy explains how Automate Labs collects, uses, and protects personal data in connection with the Care Home Platform.

1. Who We Are

Care Home Platform is operated by Automate Labs. We are the company responsible for this platform and the personal data it handles.

2. Our Role

Our role under UK GDPR depends on the type of data involved:

  • Data Controller — for the personal data of platform user accounts (the people who log in to use the platform).
  • Data Processor — for children's records, staff records, and other care home operational data. In these cases, the care home organisation is the data controller and we process data only on their instructions.

3. What Data We Collect

Platform User Accounts

  • Full name and email address
  • Phone number (if provided)
  • Password hash (we never store plain-text passwords)
  • Multi-factor authentication (MFA) data
  • Session tokens and IP address logs (for security and audit purposes)

Billing Contacts

  • Billing contact email address
  • Stripe customer ID (we do not store full card details; these are held by Stripe)

4. How We Use Your Data

Processing Activity Lawful Basis Retention
Account management Contract Duration of account + 90 days
Billing Legal obligation 7 years
Security and audit logging Legitimate interests 2 years
MFA and session security Contract 90 days after expiry

5. Data We Process on Behalf of Care Homes

Where care home organisations store operational data on the platform, Automate Labs acts as a data processor, not a data controller. The care home organisation is the data controller and is responsible for determining the purposes and means of processing that data.

Data we process on care homes' behalf includes:

  • Children's personal records and care plans
  • Staff records and compliance data
  • Progress notes and key working records
  • Regulatory compliance information

We process this data only on the instructions of the care home and in accordance with our Data Processing Agreement. If you are a child, family member, or staff member of a care home using this platform and have questions about your data, please contact the care home organisation directly.

6. Special Category Data

Children's care records may include special category personal data such as ethnicity, health information, and religious beliefs. This data is processed by the platform only on the instructions of the care home organisation, which bears responsibility for identifying and documenting the appropriate lawful basis under UK GDPR Article 9.

Automate Labs takes appropriate technical and organisational measures to protect special category data, including encryption at rest and in transit, strict role-based access controls, and row-level data isolation between organisations.

7. Cookies

We use only essential cookies necessary for the platform to function. We do not use any marketing, advertising, or tracking cookies.

Cookie Purpose Consent Required
Session cookie Maintains your login session across page loads No — essential
CSRF token Protects against cross-site request forgery attacks No — essential

8. Data Retention

We retain platform user account data as set out in Section 4. For data processed on behalf of care homes, retention is governed by the care home's own policies and legal obligations. Children's care records may be subject to retention requirements of up to 75 years from the child's date of birth under applicable guidance for children's social care. We follow the care home's documented retention instructions.

When an account is closed or a subscription ends, we will delete or anonymise personal data within the retention periods specified, unless we are legally required to retain it for longer.

9. Your Rights

Under UK GDPR, you have the following rights in relation to personal data we hold about you as a data controller:

  • 1 Right of access — to obtain a copy of the personal data we hold about you.
  • 2 Right to rectification — to correct inaccurate or incomplete data.
  • 3 Right to erasure — to request deletion of your data in certain circumstances.
  • 4 Right to data portability — to receive your data in a structured, machine-readable format.
  • 5 Right to restriction of processing — to limit how we use your data in certain circumstances.
  • 6 Right to object — to object to processing based on legitimate interests.
  • 7 Rights related to automated decision-making — not to be subject to solely automated decisions that significantly affect you.
  • 8 Right to withdraw consent — where processing is based on consent, you may withdraw it at any time.

We will respond to all rights requests within one calendar month. To exercise any of your rights, please contact us at chp@automatelabs.co.uk.

10. International Transfers

The Care Home Platform is hosted on infrastructure located in the United Kingdom and/or European Union. We do not routinely transfer personal data outside the UK or EU.

Payment and billing data is processed by Stripe, Inc., which is based in the United States. This transfer is covered by the UK International Data Transfer Addendum (UK IDTA) to the EU Standard Contractual Clauses. No other international transfers of personal data take place.

11. Sub-Processors

We use the following sub-processors to deliver the platform:

Sub-Processor Role Location Transfer Mechanism
Stripe Inc. Payment processing United States UK IDTA Addendum
VPS Hosting Provider Server infrastructure United Kingdom / EU No transfer
Email Service Provider Transactional email delivery United Kingdom / EU No transfer

A full sub-processor register is available at /sub-processors.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Where changes are material, we will notify you by email at least 30 days before they take effect. Your continued use of the platform after that date constitutes acceptance of the updated policy. The version number and last-updated date at the top of this page will always reflect the current version.

13. Contact Us and Complaints

For any questions or concerns about this policy or how we handle your data, please contact us:

Email: chp@automatelabs.co.uk

Right to complain: You have the right to lodge a complaint with the UK supervisory authority, the Information Commissioner's Office (ICO), at ico.org.uk or by calling 0303 123 1113. We would, however, appreciate the opportunity to address your concerns before you approach the ICO and ask that you contact us in the first instance.

Terms of Service

Subscription and use terms

Acceptable Use

What users may and may not do

Sub-Processors

Third parties we work with