Legal
Privacy Policy
How CQCLogic Ltd collects, uses, and protects your personal data.
Last updated: 13 April 2026
This Privacy Policy explains how CQCLogic Ltd (“CQCLogic”, “we”, “us”, or “our”) collects, uses, stores, and protects your personal data when you use our website at cqclogic.co.uk and our platform at app.cqclogic.co.uk.
We are committed to protecting your privacy and processing your data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
Data Controller: CQCLogic Ltd, registered in England and Wales. For all data protection enquiries, contact us at hello@cqclogic.co.uk.
1. What data we collect
1.1 Data you provide to us
When you use CQCLogic, you may provide us with:
- Identity data — your name and job title
- Contact data — your email address
- Organisation data — your care service name, CQC Location ID, and service type
- Payment data — billing details processed by Stripe (we do not store card numbers)
- Communications data — messages you send us by email or through the platform
1.2 Data we collect automatically
When you visit our website or use our platform, we automatically collect:
- Usage data — pages visited, features used, time spent on the platform
- Technical data — IP address, browser type, device type, operating system
- Cookie data — see our Cookie Policy for full details
1.3 Data from third parties
We retrieve publicly available CQC inspection data from the Care Quality Commission’s public register (api.cqc.org.uk) using your CQC Location ID. This data is already in the public domain. We use it solely to generate your improvement plan.
2. How we use your data
| Purpose | Legal basis |
|---|---|
| To generate and deliver your CQC improvement plan | Performance of contract |
| To process your payment via Stripe | Performance of contract |
| To send you your magic link and platform access emails | Performance of contract |
| To send transactional emails (plan ready, receipts, task reminders) | Performance of contract |
| To send marketing emails and compliance updates | Legitimate interests / consent |
| To improve our platform and services | Legitimate interests |
| To comply with legal obligations | Legal obligation |
| To prevent fraud and protect security | Legitimate interests |
We will never sell your personal data to third parties or use it for purposes unrelated to providing the CQCLogic service.
3. Who we share your data with
We share your data only with trusted service providers who process it on our behalf:
- Supabase — database and authentication infrastructure (EU data residency)
- Stripe — payment processing (PCI DSS compliant)
- Anthropic — AI processing for plan generation (data is not used to train models)
- Brevo / Resend — transactional and marketing email delivery
- n8n — workflow automation (self-hosted)
- PDFShift — PDF generation for improvement plans
- Hostinger — hosting infrastructure
All third-party processors are bound by data processing agreements and are required to handle your data in compliance with UK GDPR.
We do not transfer your personal data outside the UK or EEA except where Standard Contractual Clauses or equivalent safeguards are in place.
4. How long we keep your data
| Data type | Retention period |
|---|---|
| Account and profile data | Duration of account plus 2 years |
| Improvement plans and task data | Duration of account plus 2 years |
| Payment records | 7 years (UK tax law requirement) |
| Marketing email preferences | Until you unsubscribe |
| Website analytics data | 26 months |
| Support communications | 3 years |
When your account is deleted, we remove your personal data within 30 days except where we are required to retain it for legal or tax purposes.
5. Your rights under UK GDPR
You have the following rights in relation to your personal data:
- Right of access — request a copy of the personal data we hold about you
- Right to rectification — request correction of inaccurate data
- Right to erasure — request deletion of your data (“right to be forgotten”)
- Right to restrict processing — request that we limit how we use your data
- Right to data portability — request your data in a portable format
- Right to object — object to processing based on legitimate interests, including direct marketing
- Rights related to automated decision-making — request human review of automated decisions
To exercise any of these rights, email us at hello@cqclogic.co.uk. We will respond within 30 days. You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO) at ico.org.uk.
6. Cookies
We use cookies and similar tracking technologies on our website and platform. For full details of the cookies we use and how to manage them, please see our Cookie Policy.
7. Security
We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, disclosure, alteration, or destruction. These include:
- Encryption of data in transit (TLS) and at rest
- Access controls limiting who can access personal data
- Regular security reviews of our infrastructure
- Magic link authentication to avoid password storage risks
Despite these measures, no system is completely secure. If you believe your data has been compromised, contact us immediately at hello@cqclogic.co.uk.
8. Children
CQCLogic is a business-to-business service intended for use by care providers and their staff. We do not knowingly collect personal data from individuals under the age of 18.
9. Changes to this policy
We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email or by displaying a notice on our platform. The “Last updated” date at the top of this page reflects the most recent version.
10. Contact us
For any questions about this Privacy Policy or how we handle your personal data, contact us at:
CQCLogic Ltd
Email: hello@cqclogic.co.uk
Website: cqclogic.co.uk