# Privacy Policy *Last updated: 30/11/2025* This Privacy Policy explains how **Clerkal Ltd** (“Clerkal”, “we”, “us”, “our”) collects, uses, stores, and protects personal data when you use the Clerkal service (“the Service”). By using the Service, you agree to the practices described here. *** ## **1. Who We Are** **Clerkal Ltd**\ Email: ****\ Jurisdiction: United Kingdom\ Data stored on servers located in the UK. We are the **Data Controller** for account and subscription data.\ We are the **Data Processor** for clinician-generated documents, templates, and content. *** ## **2. Data We Collect** ### **2.1 Personal Information You Provide** * Name * Email address * Clinic affiliation * Billing and subscription information * Login credentials ### **2.2 Usage Data** * Device information * IP address * Browser type * Log activity (e.g., pages viewed, errors) ### **2.3 Clinical Content** Clinicians may create templates or notes that *may* contain patient-related information.\ Clerkal **strongly discourages** entering identifiable patient data. If identifiable data is entered, it is processed **solely on your instruction** and remains your responsibility under applicable law (GDPR, HIPAA, etc.). *** ## **3. How We Use Your Data** We use data to: * Provide the Clerkal service * Authenticate users * Enable AI-assisted note generation * Improve platform performance and functionality * Communicate with you about updates, billing, and support * Ensure compliance with legal obligations We **do not** sell personal data. *** ## **4. How AI Uses Your Data** Clinical content may be processed by AI models exclusively for: * Generating notes, summaries, or templates * Improving the accuracy and reliability of Clerkal’s features Clerkal does **not** use identifiable patient data to train external or public AI models.\ Data is **not** shared with third-party model providers for their own benefit. *** ## **5. Legal Bases for Processing (GDPR / UK DPA 2018)** We process data under: * **Contractual necessity** (providing account access and services) * **Legitimate interests** (platform security, improvement) * **Consent** (email preferences) * **Legal obligations** (tax, audit, compliance) *** ## **6. Data Sharing** We may share data with: * Payment processors (for billing) * Infrastructure providers (hosting, secure storage) * Support tools (ticketing, email services) All third parties are bound by strict data protection agreements. We **do not** share clinical content for advertising, marketing, or AI training outside Clerkal. *** ## **7. International Transfers** Data is stored in the **United Kingdom**.\ If transferred elsewhere (e.g., to support users in the US/EU/AU), Clerkal will implement: * Standard Contractual Clauses * UK International Transfer Addendum * Adequacy decisions where available *** ## **8. Data Retention** * Account and billing data: retained for the life of your account + statutory retention (6 years in the UK). * Clinical content: retained until account deletion or as instructed by the Clinic. * Upon account deletion, data is removed within **90 days**, unless required for legal reasons. *** ## **9. Your Rights** Depending on your location (UK/EU/GDPR regions), you may: * Access your data * Correct inaccurate data * Request deletion * Port your data * Object to processing * Withdraw consent Contact: **** *** ## **10. Security** We employ: * Encryption at rest and in transit * Access controls * Audit logs * Monitoring and intrusion detection No system is 100% secure, but Clerkal follows industry best practices. *** ## **11. Children** Clerkal is not intended for children under 16. *** ## **12. Updates** We may update this Privacy Policy from time to time. Continued use constitutes acceptance. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://clerkal.gitbook.io/docs/legal/privacy-policy.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.