Privacy Policy

Last Updated: November 25, 2025

Your Privacy Matters: Revalidator.uk is committed to protecting your personal information. This policy explains what data we collect, how we use it, and your rights under UK GDPR.

1. Who We Are

Revalidator.uk operates the Revalidator mobile application and website (collectively, the "Service"). For the purposes of data protection legislation, we are the data controller.

Contact Details:

Email: support@revalidator.uk
Phone: +44 7344 218841
Website: www.revalidator.uk

2. Information We Collect

2.1 Information You Provide

Account Information: Email address, password (encrypted), name, NMC PIN number
CPD Records: Your continuing professional development activities, including dates, hours, descriptions, learning outcomes, and reflections
Communication: Messages you send to our support team
Payment Information: Processed securely through our payment provider (we do not store card details)

2.2 Information Collected Automatically

Device Information: Device type, operating system, app version
Usage Data: Features used, time spent in app, interactions with the Service
Voice Data: Audio recordings when you use voice input (processed in real-time and not permanently stored)
Error Logs: Technical information about app crashes or errors to help us improve the Service

3. How We Use Your Information

We use your personal information for the following purposes:

Service Provision: To provide, maintain, and improve the Revalidator app
Account Management: To create and manage your account
CPD Tracking: To store, organize, and present your CPD records
Voice Recognition: To process voice commands and convert them to text entries
Communication: To respond to your support requests and send important service updates
Security: To detect and prevent fraud, abuse, and security incidents
Legal Compliance: To comply with applicable laws and regulations
Service Improvement: To analyze usage patterns and improve our Service (using anonymized data only)

4. Legal Basis for Processing (UK GDPR)

We process your personal data under the following legal bases:

Contractual Necessity: Processing necessary to provide the Service you've purchased
Legitimate Interests: Improving our Service, preventing fraud, and ensuring security
Legal Obligation: Complying with legal requirements
Consent: Where you've given explicit consent (e.g., marketing communications)

5. How We Store and Protect Your Data

5.1 Data Storage

Your data is stored on secure cloud servers located in the United Kingdom
All data in transit is encrypted using TLS 1.3
All data at rest is encrypted using AES-256 encryption
Passwords are hashed using industry-standard bcrypt algorithms

5.2 Security Measures

Regular security audits and penetration testing
Access controls limiting who can view your data
Automated backups with encrypted storage
Monitoring for suspicious activity and unauthorized access
Staff training on data protection and security practices

6. Data Sharing and Disclosure

6.1 We Do NOT Share Your Data With:

Advertisers or marketing companies
Data brokers
Social media platforms
Any third parties for their own marketing purposes

6.2 We May Share Data With:

Service Providers: Cloud hosting, payment processing, analytics (all bound by strict data protection agreements)
Legal Requirements: Law enforcement or regulatory bodies when legally required
Business Transfers: In the event of a merger, acquisition, or sale (you will be notified)

Important: Your CPD records are NEVER shared with anyone without your explicit consent. You have complete control over exporting and sharing your data.

7. Account Deletion

You can delete your Revalidator account at any time through:

In the App: Profile > Danger Zone > Delete Account
Via Website: Visit revalidator.uk/delete-account
By Email: Contact support@revalidator.uk

When you request account deletion:

Your account will be immediately deactivated
All personal data will be permanently deleted within 30 days
You will receive a confirmation email when deletion is complete
You can cancel the deletion request within the 30-day period by contacting support

8. Data Retention

Active Accounts: We retain your data for as long as your account is active
Deleted Accounts: Data is permanently deleted within 30 days of account deletion
Legal Requirements: Some data may be retained longer to comply with legal obligations (e.g., financial records for 7 years)
Backups: Data in backups is automatically deleted according to our backup retention schedule (maximum 90 days)

9. Your Rights Under UK GDPR

You have the following rights regarding your personal data:

Right to Access: Request a copy of all personal data we hold about you
Right to Rectification: Correct any inaccurate or incomplete data
Right to Erasure: Request deletion of your personal data ("right to be forgotten") - Delete your account here
Right to Restrict Processing: Request we limit how we use your data
Right to Data Portability: Receive your data in a machine-readable format
Right to Object: Object to processing based on legitimate interests
Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent
Right to Lodge a Complaint: Contact the Information Commissioner's Office (ICO) if you believe your rights have been violated

To exercise any of these rights, contact us at support@revalidator.uk or call +44 7344 218841.

10. Cookies and Tracking

Our website uses minimal cookies for essential functionality only. See our Cookie Policy for details.

The mobile app does not use cookies but may use device identifiers for authentication and security purposes.

11. Voice Data Processing

When you use voice commands:

Audio is processed in real-time to convert speech to text
Audio recordings are NOT permanently stored on our servers
Only the resulting text transcription is saved to your CPD records
Voice processing may use third-party AI services with strict data protection agreements
You can disable voice features and use manual text entry at any time

12. Children's Privacy

Revalidator is intended for use by registered nurses and healthcare professionals. We do not knowingly collect information from individuals under 18 years of age. If you believe a child has provided us with personal information, please contact us immediately.

13. International Data Transfers

Your data is primarily stored within the United Kingdom. If we transfer data outside the UK, we ensure appropriate safeguards are in place, such as:

Standard Contractual Clauses (SCCs) approved by the UK ICO
Adequacy decisions from the UK government
Data protection agreements meeting UK GDPR standards

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes:

We will update the "Last Updated" date at the top
We will notify you via email or in-app notification
Continued use of the Service constitutes acceptance of the new policy

15. Contact Us

If you have questions about this Privacy Policy or how we handle your data, please contact us:

Revalidator.uk
Email: support@revalidator.uk
Phone: +44 7344 218841
Website: www.revalidator.uk

Supervisory Authority:
If you believe we have not handled your data properly, you can lodge a complaint with:
Information Commissioner's Office (ICO)
Website: www.ico.org.uk
Phone: 0303 123 1113