Privacy Notice

Apt Digital Care Limited (trading as AptCare)

📄 Version 1.0 📅 February 2026 🔒 ICO Reg: ZB950106 🏢 Company: 16591430

1. Who We Are

Apt Digital Care Limited (trading as AptCare) is a company registered in England and Wales (Company Number 16591430). We provide a cloud-based domiciliary care management SaaS platform that helps UK care agencies manage their operations, including care planning, staff scheduling, compliance, and reporting.

We are registered with the Information Commissioner's Office (ICO), registration number ZB950106.

For the purposes of UK data protection law, AptCare acts as a Data Controller for personal data we collect directly (such as care agency account information, website visitor data, and our own business contacts) and as a Data Processor for personal data that care agencies enter into our platform about their service users, care workers, and families.

Data Security and Protection Lead

Ogheneruno Joseph Omene, Director
Email: admin@aptdigitalcare.com
Website: aptdigitalcare.com

2. What This Privacy Notice Covers

This Privacy Notice applies to all personal data we process, whether you are:

  • A care agency client who subscribes to or uses the AptCare platform.
  • A service user whose care records are managed through our platform by your care agency.
  • A care worker or staff member whose employment or assignment details are held within the platform.
  • A family member or next of kin whose contact details are recorded by a care agency using our platform.
  • A website visitor who accesses aptdigitalcare.com, submits a contact form, or signs up for our services.
Important: Where AptCare processes data as a Data Processor on behalf of a care agency, the care agency is the Data Controller and is responsible for providing you with their own privacy notice. This notice explains AptCare's role and responsibilities in that processing.

3. What Personal Data We Collect

3.1 Data We Collect as a Data Controller

When you interact with us directly, we may collect:

  • Care agency account data: Organisation name, registered address, contact name, email address, phone number, CQC registration details.
  • Billing and payment data: Payment card details (processed securely via Stripe — we do not store full card numbers), billing address, invoices, transaction history.
  • Website visitor data: Name, email address, phone number (via contact or demo request forms), IP address, browser type, pages visited.
  • Communications: Emails, support tickets, and other correspondence with us.

3.2 Data We Process as a Data Processor

Care agencies using our platform may enter the following data, which we process on their behalf and under their instructions:

  • Service user data: Name, date of birth, address, NHS number, GP details, care plans, health conditions, medication records, risk assessments, daily care notes, and other special category (health) data.
  • Care worker/staff data: Name, address, contact details, date of birth, National Insurance number, employment records, qualifications, DBS check information, training records, rota/scheduling data, and location data for visit verification.
  • Family/next-of-kin data: Name, relationship, contact details.

This data is entered, managed, and controlled by the care agency. AptCare processes it only in accordance with the care agency's instructions and our data processing agreement with them.

4. How We Use Your Personal Data

4.1 As a Data Controller

PurposeLawful Basis (Article 6 UK GDPR)
To provide and manage your AptCare account and subscriptionPerformance of a contract (Art. 6(1)(b))
To process payments and manage billingPerformance of a contract (Art. 6(1)(b))
To respond to enquiries and provide customer supportLegitimate interests (Art. 6(1)(f)) — to respond to your requests
To send service-related communications (e.g. updates, maintenance notifications)Legitimate interests (Art. 6(1)(f)) — to keep you informed about services you use
To improve our platform, fix bugs, and develop new featuresLegitimate interests (Art. 6(1)(f)) — to improve our services
To comply with legal obligations (e.g. tax, accounting, regulatory requirements)Legal obligation (Art. 6(1)(c))
To protect the security of our platform and detect fraudLegitimate interests (Art. 6(1)(f)) — to protect our business and users

4.2 As a Data Processor

When processing data on behalf of care agencies, we do so solely under their documented instructions for the purpose of providing the AptCare platform services, including:

  • Hosting and storing care records securely.
  • Enabling care planning, scheduling, and visit management.
  • Providing AI-powered features (e.g. care plan suggestions, compliance analysis) using OpenAI and Anthropic Claude AI.
  • Sending SMS notifications to care workers via Twilio (as instructed by the care agency).
  • Sending email notifications via Resend (as instructed by the care agency).
  • Providing location-based services (e.g. care worker check-in/check-out) via Google Maps API.

We do not use service user or care worker data for any purpose other than providing the platform services, and we never sell personal data to third parties.

5. Special Category Data

The AptCare platform processes health and care data, which is classified as special category data under Article 9 of the UK GDPR. This data is processed by AptCare as a Data Processor on behalf of care agencies (Data Controllers).

The lawful basis for processing special category data is determined by the care agency as Data Controller. Typical conditions include:

  • Article 9(2)(h): Processing is necessary for the provision of health or social care or treatment, or the management of health or social care systems and services.
  • Article 9(2)(a): The data subject has given explicit consent.
  • Article 9(2)(c): Processing is necessary to protect the vital interests of the data subject where they are incapable of giving consent.

6. Who We Share Your Data With

We do not sell your personal data. We may share your data with the following categories of recipients:

RecipientPurposeLocation
Laravel CloudPlatform hostingUK/EEA
AWS S3 (London region)Secure file storageUK
StripePayment processingUK/EEA (DPF certified)
OpenAIAI-powered platform featuresUSA (SCCs + UK Addendum)
Anthropic (Claude AI)AI-powered platform featuresUSA (SCCs + UK Addendum)
ResendTransactional email deliveryUSA (SCCs + UK Addendum)
TwilioSMS notificationsUSA (SCCs + UK Addendum)
Google Maps APIGeocoding and location servicesUK/EEA (Controller-to-Controller terms)

We may also disclose personal data where required by law, regulation, court order, or to protect the rights, property, or safety of AptCare, our users, or others.

7. International Data Transfers

Our primary hosting (Laravel Cloud) and file storage (AWS S3) are located in the UK. However, some of our sub-processors are based in the USA. Where personal data is transferred outside the UK, we ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses (SCCs) with the UK Addendum, as approved by the ICO.
  • The EU-US Data Privacy Framework (where the recipient is certified).
  • Transfer Risk Assessments for each international transfer.

You can request more information about the safeguards in place by contacting us at admin@aptdigitalcare.com.

8. How Long We Keep Your Data

8.1 Data We Control

Data TypeRetention Period
Care agency account dataDuration of the subscription plus 6 years (for legal and accounting obligations)
Billing and payment records6 years from the date of the transaction (HMRC requirements)
Website enquiry data12 months from the date of enquiry, or until resolved
Email correspondence and support tickets3 years from the last interaction

8.2 Data We Process on Behalf of Care Agencies

Retention periods for service user, care worker, and family data are determined by the care agency (Data Controller) in accordance with their own retention policies and legal obligations. When a care agency terminates their subscription, we will delete or return all personal data in accordance with our data processing agreement, unless retention is required by law.

9. Your Rights

Under the UK GDPR, you have the following rights in relation to your personal data:

RightDescription
Right to be informedYou have the right to know how your data is collected and used. This Privacy Notice fulfils that right.
Right of accessYou can request a copy of the personal data we hold about you (a Subject Access Request).
Right to rectificationYou can ask us to correct inaccurate or incomplete personal data.
Right to erasureYou can ask us to delete your personal data in certain circumstances.
Right to restrict processingYou can ask us to limit how we use your personal data.
Right to data portabilityYou can request your data in a structured, commonly used, machine-readable format.
Right to objectYou can object to our processing of your data where we rely on legitimate interests.
Rights related to automated decision-makingYou have rights in relation to automated decision-making and profiling.
Important: If your data is processed by AptCare on behalf of a care agency (i.e. AptCare is the Data Processor), you should direct your request to the care agency in the first instance, as they are the Data Controller. We will assist the care agency in fulfilling your request.

To exercise any of your rights where AptCare is the Data Controller, please contact us at admin@aptdigitalcare.com. We will respond within one calendar month.

10. Use of Artificial Intelligence

AptCare uses AI-powered features within the platform to assist care agencies with tasks such as care plan generation, compliance analysis, and knowledge base queries. These features are powered by OpenAI and Anthropic (Claude AI).

When AI features are used:

  • Data sent to AI providers is limited to what is necessary for the specific task.
  • AI providers process data under data processing agreements that include SCCs and UK Addendum protections.
  • Data sent to AI providers is not used by them to train their models.
  • AI outputs are intended as suggestions only and should be reviewed by qualified care professionals before use.
  • No automated decisions with legal or similarly significant effects are made solely by AI without human review.

11. National Data Opt-Out

The National Data Opt-Out gives individuals the right to opt out of their confidential patient information being used for research and planning purposes. AptCare supports care agencies in recording and respecting individual opt-out preferences where applicable.

AptCare does not currently share data directly with NHS systems, but is committed to complying with the National Data Opt-Out policy when NHS integration is implemented in future. For more information, visit: nhs.uk/your-nhs-data-choices.

12. Cookies

Our website at aptdigitalcare.com uses cookies to ensure the website functions properly and to improve your experience. Cookies are small text files placed on your device when you visit our website.

We use the following types of cookies:

  • Strictly necessary cookies: Essential for the website to function. These cannot be switched off.
  • Functional cookies: Enable enhanced functionality and personalisation.
  • Analytics cookies: Help us understand how visitors use our website so we can improve it.

You can manage your cookie preferences through your browser settings. Disabling certain cookies may affect your experience of the website.

13. How We Protect Your Data

We take the security of your personal data seriously and implement appropriate technical and organisational measures, including:

  • Encryption of data in transit (TLS/HTTPS) and at rest (AES-256 for stored files).
  • Role-based access controls within the platform.
  • Secure hosting on Laravel Cloud with AWS S3 file storage in the UK (London region).
  • Regular security updates and vulnerability patching.
  • Staff confidentiality agreements and data protection training.
  • Automated backups and disaster recovery procedures.

For full details, see our Data Security Policy.

14. Children's Data

The AptCare platform may process data about children where a care agency provides care to minors. This data is processed by AptCare solely as a Data Processor under the instructions of the care agency (Data Controller). AptCare does not knowingly collect personal data directly from children. If you believe we hold data about a child in error, please contact us immediately.

15. Changes to This Privacy Notice

We may update this Privacy Notice from time to time to reflect changes in our practices, legal requirements, or the services we offer. Where changes are significant, we will notify care agency clients via email or through the platform. The latest version will always be available on our website at aptdigitalcare.com.

16. How to Complain

If you have any concerns about how we handle your personal data, please contact us first:

Email: admin@aptdigitalcare.com

If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

  • Website: ico.org.uk
  • Telephone: 0303 123 1113
  • Post: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

Your experience on this site will be improved by allowing cookies.