search

Privacy Policy

Last updated: 30/11/2025

This Privacy Policy explains how Clerkal Ltd (“Clerkal”, “we”, “us”, “our”) collects, uses, stores, and protects personal data when you use the Clerkal service (“the Service”). By using the Service, you agree to the practices described here.

hashtag
1. Who We Are

Clerkal Ltd Email: support@clerkal.com Jurisdiction: United Kingdom Data stored on servers located in the UK.

We are the Data Controller for account and subscription data. We are the Data Processor for clinician-generated documents, templates, and content.

hashtag
2. Data We Collect

hashtag
2.1 Personal Information You Provide

  • Name

  • Email address

  • Clinic affiliation

  • Billing and subscription information

  • Login credentials

hashtag
2.2 Usage Data

  • Device information

  • IP address

  • Browser type

  • Log activity (e.g., pages viewed, errors)

hashtag
2.3 Clinical Content

Clinicians may create templates or notes that may contain patient-related information. Clerkal strongly discourages entering identifiable patient data.

If identifiable data is entered, it is processed solely on your instruction and remains your responsibility under applicable law (GDPR, HIPAA, etc.).

hashtag
3. How We Use Your Data

We use data to:

  • Provide the Clerkal service

  • Authenticate users

  • Enable AI-assisted note generation

  • Improve platform performance and functionality

  • Communicate with you about updates, billing, and support

  • Ensure compliance with legal obligations

We do not sell personal data.

hashtag
4. How AI Uses Your Data

Clinical content may be processed by AI models exclusively for:

  • Generating notes, summaries, or templates

  • Improving the accuracy and reliability of Clerkal’s features

Clerkal does not use identifiable patient data to train external or public AI models. Data is not shared with third-party model providers for their own benefit.

hashtag
5. Legal Bases for Processing (GDPR / UK DPA 2018)

We process data under:

  • Contractual necessity (providing account access and services)

  • Legitimate interests (platform security, improvement)

  • Consent (email preferences)

  • Legal obligations (tax, audit, compliance)

hashtag
6. Data Sharing

We may share data with:

  • Payment processors (for billing)

  • Infrastructure providers (hosting, secure storage)

  • Support tools (ticketing, email services)

All third parties are bound by strict data protection agreements.

We do not share clinical content for advertising, marketing, or AI training outside Clerkal.

hashtag
7. International Transfers

Data is stored in the United Kingdom. If transferred elsewhere (e.g., to support users in the US/EU/AU), Clerkal will implement:

  • Standard Contractual Clauses

  • UK International Transfer Addendum

  • Adequacy decisions where available

hashtag
8. Data Retention

  • Account and billing data: retained for the life of your account + statutory retention (6 years in the UK).

  • Clinical content: retained until account deletion or as instructed by the Clinic.

  • Upon account deletion, data is removed within 90 days, unless required for legal reasons.

hashtag
9. Your Rights

Depending on your location (UK/EU/GDPR regions), you may:

  • Access your data

  • Correct inaccurate data

  • Request deletion

  • Port your data

  • Object to processing

  • Withdraw consent

Contact: support@clerkal.com

hashtag
10. Security

We employ:

  • Encryption at rest and in transit

  • Access controls

  • Audit logs

  • Monitoring and intrusion detection

No system is 100% secure, but Clerkal follows industry best practices.

hashtag
11. Children

Clerkal is not intended for children under 16.

hashtag
12. Updates

We may update this Privacy Policy from time to time. Continued use constitutes acceptance.

PreviousTerms of ServiceNextData Processing Agreement (DPA)

Last updated