Important: Recordsafe is an AI-assisted tool that provides suggestions based on automated analysis. Results may contain inaccuracies and should not be treated as professional legal, medical, or compliance advice. Always verify suggestions with qualified professionals before acting on them.
1. Introduction
Recordsafe ("we", "our", "us") is a compliance intelligence platform operated in the United Kingdom. This Privacy Policy explains how we collect, use, store, and protect information when you use our website, Chrome extension, and API services (collectively, the "Service").
By using the Service, you agree to the collection and use of information in accordance with this policy. If you do not agree, please discontinue use of the Service immediately.
2. Information We Collect
2.1 Account Information
When you register for an account, we collect:
- Name and email address
- Encrypted password (we never store plaintext passwords)
- Organisation name (if provided)
- Billing information (processed securely by Stripe/Paddle — we do not store card details)
2.2 Usage Data
We collect anonymised data about how you use the Service, including:
- Number of analyses performed
- Feature usage patterns
- Browser type and extension version
- Error logs for debugging purposes
2.3 Documentation Text
When you submit care documentation for analysis:
- Text is transmitted securely via HTTPS to our UK-hosted servers
- Text is processed in real time to generate compliance suggestions
- We do not permanently store the content of your care documentation
- Temporary processing data is purged within 24 hours
Note: We do not retain patient or resident data. Care text is processed transiently and is not used to train AI models.
3. How We Use Your Information
We use collected information to:
- Provide and maintain the Service
- Authenticate your identity and manage your subscription
- Generate compliance analysis and suggestions
- Monitor usage limits and enforce fair use policies
- Send transactional emails (account confirmations, billing receipts)
- Improve the Service through aggregated, anonymised analytics
We never sell, rent, or share your personal information with third parties for marketing purposes.
4. Data Storage and Security
- All data is stored on UK-based servers
- Encryption in transit (TLS 1.2+) and at rest (AES-256)
- Access controls and audit logging on all systems
- Regular security assessments and vulnerability scanning
5. Third-Party Services
We use the following third-party services that may process limited data:
- Stripe / Paddle: Payment processing (PCI DSS compliant)
- Google Gemini / OpenAI: Optional AI analysis (text sent via encrypted API calls; not used for model training)
Each third-party provider has been vetted for GDPR compliance and maintains appropriate data processing agreements.
6. Cookies
We use minimal, essential cookies for:
- Session management and authentication
- CSRF protection
- User preference storage (theme, jurisdiction)
We do not use third-party advertising or tracking cookies.
7. Your Rights
Under UK GDPR, you have the right to:
- Access: Request a copy of the personal data we hold about you
- Rectification: Request correction of inaccurate data
- Erasure: Request deletion of your personal data ("right to be forgotten")
- Portability: Request your data in a machine-readable format
- Objection: Object to specific types of processing
- Withdraw Consent: Withdraw consent at any time where processing is based on consent
To exercise any of these rights, contact us at privacy@Recordsafe.ai. We will respond within 30 days.
8. Data Retention
- Account data: Retained while your account is active, deleted within 30 days of account closure
- Billing records: Retained for 7 years as required by UK tax law
- Audit logs: Retained for 12 months, then anonymised
- Care documentation text: Not retained beyond the analysis session
9. Children's Privacy
The Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify registered users of significant changes via email. Continued use of the Service after changes constitutes acceptance of the updated policy.
11. Contact Us
If you have questions about this Privacy Policy or our data practices:
- Email: privacy@Recordsafe.ai
- Data Protection Officer: dpo@Recordsafe.ai
Disclaimer: Recordsafe provides automated compliance suggestions and may produce inaccurate or incomplete results. Suggestions should be reviewed by qualified professionals and should not be relied upon as the sole basis for compliance decisions. Recordsafe accepts no liability for actions taken based on its analysis.