Privacy Policy

Last updated: 25 May 2026

This Privacy Policy explains how SoftCare ("SoftCare", "we", "us", or "our") collects, uses, discloses, and safeguards your information when you use the SoftCare mobile application and website (collectively, the "Platform"). Please read this policy carefully. If you disagree with its terms, please discontinue use of the Platform.

1. Who We Are

SoftCare is a two-sided marketplace that connects patients who need home care with licensed, verified caregivers. Our registered office is at SoftCare, [Address]. For data protection matters, contact us at privacy@softcare.health.

2. Information We Collect

2.1 Information You Provide

• Account registration: name, phone number, email address, date of birth, location, and password.
• Patient profile: care address, emergency contact name and phone, allergies, chronic conditions, and current medications (optional but recommended).
• Care recipients: name, relationship, and medical context for any family member you add to your account.
• CareGiver profile: professional biography, years of experience, spoken languages, gender, profile photo, specialties, service area, hourly rate, and weekly availability.
• Verification documents (caregivers only): government-issued photo ID, professional licence number and expiry date, and a live selfie captured in-app.
• Booking information: requested date, time, duration, care address, session notes, and booking status.
• Care sheet entries: vitals, pain scores, medications administered, intake/output records, wound care notes, mood, sleep, and clinical observations recorded by caregivers during active sessions.
• Messages: content of in-app messages exchanged between patients and caregivers.
• Payments: billing information processed by our third-party payment processor. We do not store full card numbers.
• Reviews: star ratings and written feedback you submit after a session.

2.2 Information Collected Automatically

• Device data: device type, operating system, app version, device identifiers.
• Usage data: features used, screens viewed, session duration, tap events.
• Location data: precise GPS location (when you enable location access) used for caregiver search and booking matching. We do not track location in the background without explicit permission.
• Log data: IP address, timestamps, error reports, and crash data.
• Cookies and similar technologies: see our Cookie Policy.

3. How We Use Your Information

• To create and manage your account.
• To match patients with available caregivers using location and filter criteria (PostGIS-powered).
• To facilitate, manage, and record bookings and care sessions.
• To display live care sheet data to the patient and caregiver during active sessions.
• To process subscription payments for caregiver plans and patient premium plans.
• To send booking confirmations, session reminders, and transactional notifications.
• To verify caregiver identity and professional licence validity.
• To respond to disputes, safety reports, and SOS alerts.
• To improve the Platform through usage analytics and crash reporting.
• To comply with applicable legal obligations.
• To send optional marketing communications (only with your consent, and you may opt out at any time).

4. Legal Basis for Processing (GDPR)

For users in the European Economic Area and UK, we process your data on the following legal bases:

• Contract performance: processing necessary to provide the Platform services you have requested.
• Legitimate interests: fraud prevention, platform security, abuse detection, and product analytics.
• Legal obligation: compliance with applicable laws, including responding to lawful requests from authorities.
• Consent: marketing communications and optional location tracking. You may withdraw consent at any time.

5. How We Share Your Information

We do not sell your personal data. We share data only in the following circumstances:

• Between patients and caregivers: when a booking is accepted, the patient's care address, emergency contact, and relevant medical notes are shared with the assigned caregiver. The caregiver's profile, licence details, and contact information are shared with the patient.
• Service providers: payment processors, cloud hosting (encrypted storage), identity verification partners, and analytics tools — all bound by data processing agreements.
• Safety & legal: we may disclose data if required by law, court order, or to protect the safety of our users or the public.
• Business transfers: in the event of a merger, acquisition, or asset sale, your data may be transferred. We will notify you and provide choices where required by law.

6. Data Retention

We retain your data for as long as your account is active or as needed to provide services. If you delete your account, we will delete or anonymise your personal data within 30 days, except where we must retain it to comply with legal obligations (e.g., financial records for 7 years in most jurisdictions) or to resolve disputes. Care sheet records associated with completed bookings are retained for 5 years for medical record continuity purposes.

7. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

• Access: request a copy of the data we hold about you.
• Rectification: correct inaccurate or incomplete data.
• Erasure ("right to be forgotten"): request deletion of your data, subject to legal exceptions.
• Portability: receive your data in a structured, machine-readable format.
• Restriction: ask us to pause processing of your data in certain circumstances.
• Objection: object to processing based on legitimate interests or for direct marketing.
• Withdraw consent: where processing is based on consent, withdraw it at any time without affecting prior lawful processing.

To exercise any of these rights, email privacy@softcare.health. We will respond within 30 days. You also have the right to lodge a complaint with your local data protection authority.

8. Data Security

We implement industry-standard technical and organisational measures to protect your data, including:

• TLS/HTTPS encryption for all data in transit.
• AES-256 encryption for data at rest.
• Role-based access controls — staff access only the data they need.
• Regular security audits and penetration testing.
• Automated anomaly detection and intrusion monitoring.

No method of transmission over the internet is 100% secure. If a data breach occurs that poses a risk to your rights and freedoms, we will notify you and applicable authorities as required by law.

9. International Data Transfers

SoftCare operates globally. Your data may be transferred to and processed in countries outside your country of residence. Where data is transferred outside the EEA, we use appropriate safeguards such as Standard Contractual Clauses approved by the European Commission.

10. Children's Privacy

The SoftCare Platform is not directed to children under the age of 16. We do not knowingly collect personal data from children under 16. If you believe a child has provided us with data, contact us at privacy@softcare.health and we will delete it promptly.

11. Third-Party Links

The Platform may contain links to third-party websites or services. We are not responsible for the privacy practices of those third parties and encourage you to review their privacy policies.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via in-app notification or email at least 14 days before the change takes effect. Your continued use of the Platform after the effective date constitutes acceptance of the updated policy.

13. Contact Us

For any questions or concerns about this Privacy Policy or how we handle your data:

• Email: privacy@softcare.health
• Support: support@softcare.health
• Help Center: softcare.health/help-center