Legal
Privacy Policy
Last updated: 16 April 2026 · Effective: 16 April 2026
Summary: SaferVisit collects the minimum data needed to provide a care visit management service. We do not sell your data. We do not use it for advertising. Your organisation's data is isolated from all other organisations.
1. Who we are
SaferVisit ("we", "us", "our") is a software platform that provides care visit management and worker safety tools to UK-based care organisations. The SaferVisit application and website are operated by SaferVisit Ltd.
For the purposes of UK GDPR and the Data Protection Act 2018, SaferVisit Ltd acts as a data processor on behalf of your organisation (the data controller) for personal data relating to your workers and clients. For data relating to your organisation's account and billing, we act as a data controller.
Our data protection contact is: sales@safervisit.com
2. Data we collect
Account and organisation data
- Organisation name, contact email address, contact phone number
- Account administrator name and email address
- Billing information (processed by our payment provider; we do not store card numbers)
- Plan type and account creation date
Worker data
- Full name and email address
- Role within the organisation (worker, admin, owner)
- Account status (active / inactive)
- Visit check-in and check-out timestamps
- GPS location at the time of check-in and check-out (if location permission is granted)
- Visit notes and task completion records added by the worker
- SOS and welfare alerts raised during visits
- Mood ratings submitted after visits
- Device push notification token (to deliver alerts)
Service user (client) data
- Full name
- Home address
- Access notes (e.g. key safe codes, entry instructions)
- Active status
Technical data
- IP address and device information collected during API requests
- App version and operating system (for diagnostics)
- Error and crash reports (anonymised)
Data we do NOT collect
- We do not collect background location data — location is only recorded at the moment of check-in or check-out
- We do not collect biometric data (Face ID is processed entirely on-device by iOS)
- We do not run advertising tracking or analytics SDKs
3. How we use your data
- To provide the SaferVisit platform and its features to your organisation
- To authenticate users and maintain secure sessions
- To send push notifications for SOS alerts and overdue visit warnings
- To display visit records, reports and dashboards within the platform
- To investigate and resolve support requests
- To detect and prevent fraud, abuse or security incidents
- To comply with legal and regulatory obligations
- To contact the organisation administrator about their account (e.g. billing, service updates)
We do not use your data for marketing to third parties, for automated profiling that produces legal effects, or for any purpose not described here.
4. Legal basis for processing
- Contract performance — processing necessary to deliver the service your organisation has subscribed to
- Legitimate interests — security monitoring, fraud prevention, service improvement
- Legal obligation — compliance with applicable law
- Consent — for optional features such as push notifications (you may withdraw consent at any time in device settings)
5. Who we share data with
We use the following third-party sub-processors to deliver our service. All sub-processors are bound by data processing agreements and are GDPR compliant.
- Supabase Inc. — database hosting, authentication, and real-time infrastructure (EU data residency available)
- Apple Inc. — push notification delivery via APNs (Apple Push Notification service)
- Stripe Inc. — payment processing (card data is handled entirely by Stripe)
We do not sell, rent or trade personal data with any third party. We do not share data between separate organisations on our platform.
We may disclose data to law enforcement or regulatory bodies where required by law or to protect the safety of individuals.
6. How long we keep data
- Active account data — retained for as long as your organisation's account is active
- Visit records and notes — retained for 7 years from the date of the visit, in line with care record-keeping guidance
- Closed account data — deleted or anonymised within 90 days of account closure, except where a longer retention period is required by law
- Server logs — retained for 30 days for security purposes
Your organisation may request early deletion of specific records by contacting sales@safervisit.com.
7. Your rights
Under UK GDPR, individuals whose data we process have the following rights:
- Right of access — request a copy of the personal data we hold about you
- Right to rectification — request correction of inaccurate data
- Right to erasure — request deletion of your personal data in certain circumstances
- Right to restrict processing — request that we limit how we use your data
- Right to data portability — receive your data in a machine-readable format
- Right to object — object to processing based on legitimate interests
- Rights related to automated decision-making — we do not make automated decisions that produce legal effects
To exercise any of these rights, contact your organisation's administrator in the first instance (as your employer is the data controller for your employment-related data). For account-level data, contact us at sales@safervisit.com.
You have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.
8. Security
- All data is transmitted over HTTPS/TLS
- Data at rest is encrypted by our hosting provider
- Row-level security ensures each organisation can only access its own data
- Authentication tokens are short-lived and stored securely on device
- Biometric authentication (Face ID) is processed entirely on-device — we never receive biometric data
- We conduct periodic security reviews of our infrastructure and dependencies
If you discover a security vulnerability, please report it responsibly to sales@safervisit.com.
9. Children
SaferVisit is a professional business tool intended for use by adults in a care work context. We do not knowingly collect personal data from individuals under the age of 18. If you believe we have inadvertently collected data from a minor, please contact us immediately.
10. Changes to this policy
We may update this privacy policy from time to time. We will notify your organisation's account administrator by email of any material changes and post the updated policy here with a revised effective date. Continued use of the service after the effective date constitutes acceptance of the updated policy.