Privacy Policy | Care-Meter

Who We Are

Care-Meter is a digital care record and inspection-readiness platform for UK adult social care homes, operated by WillMachi Limited (trading as “Care-Meter”, “we”, “us”, “our”), a company incorporated in England and Wales.

We are the data controller for personal data processed through this platform and website. We are registered with the Information Commissioner’s Office (ICO) under registration number ZC107807. Verify at ico.org.uk.

Data protection contact

Email: privacy@care-meter.co.uk
Post: Data Protection, WillMachi Limited, 8 Raite Green, Sittingbourne, Kent, ME10 5JY

WillMachi Limited also operates EzeAla (property management platform) under the same ICO registration. This Privacy Policy covers Care-Meter only.

Who This Policy Covers

This policy applies to all individuals whose personal data we process in connection with Care-Meter:

Registered managers and owners of care homes who create a Care-Meter account
Care staff (carers, senior carers) who use the platform under a care home account
Residents of care homes using Care-Meter, whose care records are managed on the platform
Website visitors who browse care-meter.co.uk

Important for care home operators

If you are a care home operator using Care-Meter, you are the data controller for your residents’ and staff data. You have separate obligations under UK GDPR. See the Data Processing Agreement and the Resident Privacy Notice template.

What Personal Data We Collect

3.1 Account holders (managers, owners, administrators)

Identity data: full name, email address, account role, job title
Authentication data: hashed password, Cognito user ID, session tokens
Organisation data: care home name, CQC registration number, address, number of beds
Subscription data: subscription tier, billing history (no card numbers; held exclusively by our payment processor)
Usage data: IP address, browser type, pages visited, timestamps of actions within the platform

3.2 Care staff (carers, senior carers, registered nurses)

Identity data: full name, email address, role, assigned residents
Activity data: care notes created, captures submitted, voice notes (where used)
Voice audio (optional): raw audio files where voice note capture is used for transcription only. Deleted within 30 days of upload; no biometric template is created.
Operational records: shift records, training completion and due dates, NMC revalidation evidence (PIN, expiry, reflective account), supervision records. Surfaced through the Copilot to support operational visibility and statutory compliance evidencing (CQC Regulations 18 and 19, NMC revalidation). Manager-class roles can read free-text fields verbatim; non-manager queries return status and aggregates only.

Staff data is not used for performance management

Care-Meter does not use the staff-data tool surface to evaluate individual employee performance, produce comparative staff rankings, inform disciplinary action, or feed automated decisions affecting an employee’s job. This is a contractual commitment (Data Processing Agreement clause 5.9) and is enforced in code via build-blocking safety evaluations.

3.3 Resident data (processed as data processor on behalf of care homes)

Care notes, medication records, incident descriptions, safeguarding records
Mood and behaviour observations, nutrition and hydration records
Resident identifiers (name, date of birth, key worker, as entered by the care home)

We process resident data on behalf of the care home operator as their data processor under our Data Processing Agreement. The care home is the data controller for this data.

3.4 Data we do NOT collect

Care-Meter does not collect

Payment card numbers (held exclusively by our payment processor) · Government Gateway credentials · Voice biometric templates · Special-category data beyond health and care records · Data from persons under 18 (the platform is not directed at children)

Lawful Basis for Processing

UK GDPR requires us to have a valid lawful basis before processing personal data. The table below sets out the basis we rely on for each purpose.

Purpose	Data categories	Lawful basis
Creating and managing your account	Identity, authentication, organisation	Contract, Art. 6(1)(b)
Processing subscription payments	Identity, subscription data	Contract, Art. 6(1)(b)
Processing resident care records (as processor)	Resident health data, care notes	Legal obligation (Reg 17 CQC) Art. 6(1)(c); Health/social care Art. 9(2)(h)
AI classification of care notes	Care note text, risk indicators	Legal obligation, Art. 6(1)(c); Art. 9(2)(h)
Governance alerts and exception monitoring	Care notes, flags, timestamps	Legal obligation, Art. 6(1)(c)
Sending operational emails (receipts, alerts, notifications)	Identity, contact	Contract, Art. 6(1)(b)
Platform security, fraud prevention, audit logs	Usage, technical	Legitimate interests, Art. 6(1)(f)
Improving the platform (anonymised analytics only)	Usage data (anonymised)	Legitimate interests, Art. 6(1)(f)
Voice note capture (optional)	Voice audio (transcription only; deleted within 30 days; no biometric template created)	Explicit consent, Art. 6(1)(a); health/social care, Art. 9(2)(h)
Staff-data tools (Copilot operational visibility, training, NMC, supervision)	Staff identity, shift records, training and supervision records, NMC revalidation	Contract, Art. 6(1)(b); legal obligation, Art. 6(1)(c) — CQC Reg 18 / 19, NMC; employment, Art. 9(2)(b) where supervision or revalidation notes incidentally include special-category content

Where we rely on legitimate interests, we have carried out a balancing test and concluded that our interests do not override yours. You have the right to object, see Section 10.

AI-Assisted Features

Care-Meter uses artificial intelligence to assist with classifying care notes, identifying potential governance risk, and supporting manager oversight. AI outputs are decision-support only. Care-Meter does not make significant decisions about residents based solely on automated processing within the meaning of UK GDPR Articles 22A–22D (as amended by the Data (Use and Access) Act 2025).

What the AI does	What the AI does NOT do
Sorts and categorises care notes against CQC quality statements	Make decisions about a resident's care
Assigns a risk score (1-10) to flag notes for manager review	Take any action without human oversight
Identifies whether a note may be incident-related	Replace the professional judgement of registered managers or care staff
Assists managers in preparing governance summaries	Access data from any other care provider

Meaningful human involvement

Every AI output is presented as a suggestion for review by a qualified manager before it is recorded as confirmed, used to trigger a governance alert, or referenced in a regulatory submission. The reviewer can accept, modify, or reject the suggestion at the point the decision is taken. We keep an audit record of every review. This is what UK data protection law calls “meaningful human involvement” and is what takes our AI features outside the scope of solely-automated decision-making.

You have the right to request information about how a decision involving AI was reached, to make representations about it, to obtain human review, and to contest it. Email privacy@care-meter.co.uk.

AI model inference runs exclusively through AWS Bedrock in eu-west-2 (London). AWS Bedrock does not use customer prompts or responses to train models. Care-Meter does not use customer data, including in anonymised form, to train third-party AI models. Data does not leave the UK.

Care-Meter does not use a vector or semantic retrieval tier for personal data. Care-evidence retrieval uses a deterministic ontology-tag projection; operational retrieval uses structured queries against the personal data store. This design choice bounds the surface area for model hallucination and keeps retrieval inspectable.

Resident Summary: a derived, deterministic view

For non-clinical staff (notably Activities Coordinators) we generate a Resident Summary — a small set of safe-to-engage facts (allergies, dietary texture, mobility, behaviour cues, communication needs, end-of-life status) derived from the resident's clinical record by a versioned deterministic rules engine. It is not an AI inference: the same inputs always produce the same outputs, no large language model is involved, and every regeneration is logged in our audit vault under RESIDENT_SUMMARY_GENERATED. The lawful basis for this derived view is Article 9(2)(h) (provision of social care). Carers and clinical roles continue to read the underlying care plan and risk assessments directly; the Resident Summary is a read-only orientation surface only.

Third-Party Data Processors

We share personal data with the following third parties strictly as necessary to operate the platform. Each is bound by a Data Processing Agreement and processes data only on our documented instructions.

Processor	Purpose	Data transferred	Location
Amazon Web Services (AWS)	Cloud hosting, DynamoDB, S3, Lambda, Cognito, SES, CloudWatch	All platform data	eu-west-2 (London)
AWS Bedrock — Anthropic Claude	AI model inference: OCR structuring, classification, copilot, PIR drafting	Care note text, staff operational records, manager queries	eu-west-2 (London)
AWS Bedrock — Amazon Nova	AI model inference: CQC classification	Care note text	eu-west-2 (London)
Amazon Textract	OCR processing of handwritten care notes	Images/PDFs of handwritten notes	eu-west-2 (London)
Amazon Transcribe	Server-side audio transcription (fallback only)	Raw voice audio files	eu-west-2 (London)
Amazon Simple Email Service (SES)	Transactional email (operational; no marketing)	Account email addresses, message bodies	eu-west-2 (London)

Retired sub-processor. Amazon OpenSearch Service was previously listed for vector-search AI assistance. This processor has been retired; care-evidence retrieval now uses a deterministic ontology-tag projection. No personal data remains in OpenSearch.

We do not sell, rent, or trade your personal data to any third party for marketing purposes.

International Data Transfers

All Care-Meter data processing takes place within the United Kingdom (AWS eu-west-2, London). We do not transfer personal data outside the UK without your prior written consent.

Our payment processor and email delivery service involve transfers to the USA. Where personal data is transferred outside the UK, we ensure an appropriate safeguard is in place: UK-approved International Data Transfer Agreements (IDTAs) or Standard Contractual Clauses.

You may request a copy of the relevant transfer safeguard by emailing privacy@care-meter.co.uk.

How Long We Keep Your Data

We keep personal data only for as long as necessary for the purpose it was collected, or as required by law.

Data category	Retention period	Legal basis
Account and profile data	3 years after account closure	Dispute resolution; audit trail
Care notes, incident records, care plans	7 years from date of record	NHS Records Management Code of Practice 2021; CQC Reg 17
Audit logs	10 years	Reg 17 accountability; DSPT requirement
Voice audio recordings (where used)	30 days from upload or note finalisation	Proportionality: transcribed text is the durable record
Quick-capture source images	90 days from upload or note finalisation	Proportionality: structured note is the durable record
AI copilot session data	30 days from last activity	Proportionality
Access and activity logs	90 days	Security monitoring
Anonymised analytics	Indefinite (no personal data retained)	Service improvement

When retention periods expire, data is securely deleted or irreversibly anonymised. Previous versions of our retention schedule are available on request.

How We Protect Your Data

Encryption in transit: all data transmitted over TLS 1.2+. HTTP redirected to HTTPS.
Encryption at rest: S3 and DynamoDB encrypted using AWS SSE-S3. Customer-managed KMS keys for special-category data (planned before first external customer).
Access control: role-based access control (RBAC) via AWS Cognito. ADMIN, MANAGER, CARER, FAMILY roles with least-privilege. No cross-tenant data access.
Session security: authenticated sessions expire after 30 minutes of inactivity.
Security headers: Content Security Policy, HSTS, X-Frame-Options DENY, X-Content-Type-Options nosniff.
Rate limiting: API endpoints and AI endpoints are rate-limited to prevent abuse.
Immutable audit log: SHA-256 chain-hashed audit trail for all governance-critical actions, with S3 Object Lock (WORM) on the audit vault.
Data breach response: ICO notification within 72 hours and affected customer notification within 24 hours, as required by UK GDPR Arts. 33-34.

Your UK GDPR Rights

You have the following rights under the UK General Data Protection Regulation and the Data Protection Act 2018. We will respond within one calendar month as required by UK GDPR Art. 12.

Right	UK GDPR Art.	How to exercise
Right of Access: obtain a copy of your personal data	Art. 15	Email privacy@care-meter.co.uk
Right to Rectification: correct inaccurate or incomplete data	Art. 16	Update in Settings, or email us
Right to Erasure: ‘right to be forgotten’	Art. 17	Email us. Note: some data must be retained by law, see Section 8.
Right to Restrict Processing	Art. 18	Email privacy@care-meter.co.uk
Right to Data Portability: structured, machine-readable format	Art. 20	Email us to request a data export
Right to Object to processing based on legitimate interests	Art. 21	Email privacy@care-meter.co.uk
Right to withdraw consent (where consent is the lawful basis)	Art. 7(3)	Email us. Does not affect prior processing.
Right to safeguards in automated decisions (information, representation, human review, contest)	Arts. 22A-22D (as amended by the DUA Act 2025)	Email privacy@care-meter.co.uk. We will explain how a decision was reached and arrange human review.

You also have the right to lodge a complaint with the ICO at any time: ico.org.uk/make-a-complaint or call 0303 123 1113. We would appreciate the chance to address your concerns first.

Cookies

We use the following cookies on the Care-Meter platform and website:

Cookie / type	Purpose	Duration	Category
Session cookie (HttpOnly)	Maintains your authenticated session	30 minutes of inactivity	Strictly necessary
cm_access (HttpOnly)	Stores your JWT for API authentication. HttpOnly: cannot be read by JavaScript. Protected by CSP and SameSite=Strict.	Until sign-out or token expiry	Strictly necessary
Theme preference (localStorage)	Remembers your light/dark mode preference	Persistent	Functional
Cookie consent (localStorage)	Records whether you have accepted or declined optional cookies	Persistent	Strictly necessary

We currently use no third-party advertising or tracking cookies. If this changes, we will update this policy and re-request your consent before deployment. See our full Cookie Policy for details.

Children's Privacy

The Care-Meter platform is intended solely for use by individuals aged 18 and over. We do not knowingly collect personal data from children under 18. If you believe a child has provided us with personal data, please contact privacy@care-meter.co.uk and we will delete it promptly.

Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email and display a prominent notice in the platform at least 14 days before the changes take effect.

The effective date at the top of this page reflects the current version. Previous versions are available on request by emailing privacy@care-meter.co.uk. Continued use of the platform after the effective date constitutes acceptance of the updated policy.

Data Protection Complaints

If you believe we have not complied with UK data protection law, you have the right to make a complaint to us before escalating to the Information Commissioner’s Office. We will acknowledge receipt of your complaint within 30 days and respond without undue delay, consistent with section 164A of the Data Protection Act 2018 (as inserted by the Data (Use and Access) Act 2025).

Method	Detail
Online	Submit at care-meter.co.uk/complaint
Email	Email privacy@care-meter.co.uk with subject line “Data Protection Complaint”
Post	Data Protection Complaints, WillMachi Limited, 8 Raite Green, Sittingbourne, Kent, ME10 5JY

If you remain dissatisfied after our response, you may escalate to the ICO at ico.org.uk/make-a-complaint or by calling 0303 123 1113. You may also approach the ICO directly at any time.

What we record

We record every complaint received, the date of receipt, our acknowledgement, the steps taken, and the outcome. We retain these records for 3 years for audit and regulatory purposes.

Contact Us

Enquiry	Contact
Data protection and privacy rights	privacy@care-meter.co.uk
Legal enquiries	legal@care-meter.co.uk
Support	support@care-meter.co.uk
Registered address	WillMachi Limited, 8 Raite Green, Sittingbourne, Kent, ME10 5JY
Response time	All privacy requests: within 30 days as required by UK GDPR Art. 12. Complex requests may be extended by a further two months with notification.