Privacy Policy

Auracare Clinical Platform · Last updated: 17 March 2026

Pre-release

Auracare is currently in pre-release. This privacy policy is provided for transparency and to support app store review processes. It is subject to change before general availability. Material updates will be communicated via the app or by email.

1. Who We Are

Auracare Clinical Platform ("Auracare", "we", "us") is operated by Auracare Health Ltd, a company registered in England and Wales. Auracare is a clinical decision-support platform designed exclusively for registered pharmacists practising in the United Kingdom.

Contact: clinical@auracare.org.uk

2. Scope of This Policy

This policy explains how we collect, use, store, and protect data when you use the Auracare mobile application (Android / iOS), desktop application, or web platform (collectively "the App").

3. Data We Collect

Pharmacist account data

  • Full name, email address, and password (hashed)
  • GPhC registration number and professional status
  • Pharmacy name and contact details

Patient consultation data

  • Patient demographic information entered during a consultation (name, date of birth, NHS number where provided)
  • Clinical observations, presenting complaints, and assessment scores (e.g. NEWS2)
  • Medication history and allergy records entered by the pharmacist
  • Consultation outcomes and referral letter content

Device and usage data

  • Device type, operating system version, and app version
  • Session timestamps and feature usage (no advertising identifiers)
  • Camera and microphone data used solely for video consultation recording — recordings are stored encrypted and deleted within 90 days unless retained for clinical audit purposes

4. How We Use Your Data

  • To provide clinical decision support, consultation records, and referral letter generation
  • To maintain your professional account and session history
  • To transmit referral letters to NHS services or GP practices via Microsoft 365 (Graph API) on your instruction
  • To comply with GPhC professional standards and NHS data governance requirements
  • To improve the platform through aggregated, anonymised analytics

We do not sell, rent, or share your data with third parties for marketing purposes.

5. Legal Basis for Processing

  • Contract — processing necessary to provide the App under our Terms of Service
  • Legal obligation — compliance with NHS DSP Toolkit, GPhC standards, and UK GDPR
  • Legitimate interests — improving platform safety and clinical accuracy
  • Explicit consent — where required for special category health data

6. Data Storage and Security

All data is stored on Microsoft Azure infrastructure located in the UK South region. We apply encryption at rest (AES-256) and in transit (TLS 1.2+). Access is restricted to authorised Auracare staff and audited.

We maintain an NHS Data Security and Protection Toolkit submission and conduct annual penetration testing.

7. Data Retention

  • Consultation records: retained for a minimum of 8 years from last entry in line with NHS records management guidance
  • Video recordings: 90 days unless required for clinical audit
  • Account data: retained for the duration of your account and deleted within 30 days of account closure

8. Permissions Used by the App

  • Camera — used for video consultations and clinical image capture; never accessed in the background
  • Microphone — used for video consultation audio; never accessed in the background
  • Internet — required to sync consultation data and send referrals
  • Storage — used to save PDF referral letters to your device on request

9. Your Rights Under UK GDPR

You have the right to:

  • Access a copy of the personal data we hold about you
  • Correct inaccurate data
  • Request deletion ("right to be forgotten"), subject to clinical retention obligations
  • Restrict or object to processing
  • Data portability
  • Lodge a complaint with the ICO at ico.org.uk

To exercise any right, visit our Privacy Centre or email clinical@auracare.org.uk.

10. Third-Party Services

  • Microsoft Azure — hosting, storage, AI inference (Azure OpenAI), and speech transcription
  • Microsoft Graph API — outbound email for referral letters sent from a shared Auracare mailbox

Each processor operates under a Data Processing Agreement compliant with UK GDPR Article 28.

11. Children

Auracare is intended solely for use by registered pharmacists. The App is not directed at children under 18 and we do not knowingly collect data from minors.

12. Changes to This Policy

We may update this policy from time to time. Material changes will be notified via the App or by email. Continued use of the App after changes constitutes acceptance.

13. Contact

Auracare Health Ltd
Email: clinical@auracare.org.uk
Web: auracare.org.uk