Privacy Policy

HealthcareBase takes the security of your data and our infrastructure very seriously. We are committed to providing an environment that is safe, secure, and available to all of our customers all the time.

Last updated: 22 April 2026

This Privacy Policy sets out how Healthcare Base Limited ("we", "us", "our"), a company incorporated in England and Wales with company registration number 16471840 and registered office at 12 Corkran Road, Surbiton, England, KT6 6PN, collects and processes your personal data in accordance with the UK General Data Protection Regulation ("UK GDPR") and the Data Protection Act 2018, and explains your rights in relation to that personal data. If you have any questions or wish to exercise any of your rights, please contact us at support@healthcarebase.co.uk.

This Privacy Policy affects your legal rights and obligations so please read it carefully.

We may update this Privacy Policy from time to time. If we make changes that materially affect your rights or obligations, we will take reasonable steps to notify you by email. Otherwise, you are responsible for reviewing this Privacy Policy periodically.

When you access and use our platform at https://app.healthcarebase.co.uk (the "Platform"), we are the controller of your personal data.

This Platform is not intended for anyone under the age of 18, and we do not knowingly collect or process personal data from children.

1. What Personal Data Do We Collect and From Whom?

By personal data we mean any information that can identify you, such as your name, email address, or IP address.

1.1 Data you provide to us

You may provide personal data to us when you create an account on the Platform, subscribe to a Plan, contact us with queries or complaints, or opt in to receive marketing communications. The personal data we collect includes:

  • your name;
  • your email address;
  • your company name (where applicable); and
  • your payment information (processed securely by Stripe — see Section 3).

1.2 Data we automatically collect

When you use the Platform, we automatically collect:

  • your IP address;
  • device information (type of device, operating system, web browser);
  • session data, including time of use and features accessed; and
  • error and diagnostic data, collected via Sentry for the purpose of identifying and resolving technical issues.

Some of this information is collected using cookies. Please see our Cookie Policy for more information.

1.3 Data from third-party services

Where you connect third-party services to your account, or where we introduce additional integrations in future, we may receive data about you from those services. We will update this Privacy Policy accordingly if such functionality is introduced.

2. Lawful Use of Your Personal Data

We will only use your personal data where we have a lawful basis to do so. The lawful bases we rely on are:

  • Performance of a contract: to provide you with the Services you have subscribed to, including creating and managing your account, processing payments, and providing access to NHS Data through the Platform.
  • Legitimate interests: to operate, maintain, improve and protect the Platform; to monitor usage and diagnose errors; to prevent fraud and ensure platform security; to communicate with you in relation to your account; and to send you marketing communications about our Services where you are an existing or prospective customer and have not opted out.
  • Consent: for the placement of non-essential cookies on your device, as described in our Cookie Policy.
  • Compliance with legal obligations: where we are required by law to process your personal data.

2.1 Account and service management

We process your name, email address, company name (where applicable) and payment information to set up and manage your account, process your subscription, and provide you with access to the Platform and its features.

2.2 Error monitoring

We use Sentry to collect error and diagnostic data from the Platform. This helps us identify and resolve technical issues. Error data may include IP addresses, user identifiers, and contextual information about the action or page that triggered an error.

2.3 Marketing communications

We may use your name and email address to send you product updates and relevant news about HealthcareBase, managed via HubSpot. You will receive marketing communications from us if you have subscribed to or used our Services and have not opted out of receiving them. You can unsubscribe at any time by clicking the unsubscribe link in any marketing email, adjusting your preferences in your account settings, or by contacting us at support@healthcarebase.co.uk. Unsubscribing from marketing emails will not affect transactional communications related to your account.

3. Who Do We Share Your Data With?

We do not sell your personal data. We may share your personal data with the following service providers, who act as data processors on our behalf:

  • Supabase — our database and authentication provider. Your account data is stored on servers located in the United Kingdom.
  • Stripe — our payment processor. Stripe processes your payment information securely and is PCI-DSS compliant. We do not store your full payment card details. Stripe may process data in the United States and other countries; appropriate safeguards including UK International Data Transfer Agreements (IDTAs) are in place.
  • Resend — our transactional email provider, used to send account-related emails. Resend is headquartered in the United States; appropriate safeguards including an IDTA are in place.
  • HubSpot — our marketing platform, used to manage and send marketing communications to existing and prospective customers. HubSpot processes data in the United States; appropriate safeguards including IDTAs are in place.
  • Sentry — our error monitoring provider, which collects diagnostic data (including IP addresses and user identifiers) to help us identify and resolve technical issues. Sentry Inc. is headquartered in the United States and processes error data there; appropriate safeguards including an IDTA are in place.

We may also disclose your personal data to comply with applicable law or legal process, to protect the rights or safety of Healthcare Base Limited or our users, or in connection with a merger or acquisition.

4. Where We Hold and Process Your Data

Your personal data is primarily stored on servers located in the United Kingdom. Where any of our service providers process data outside of the United Kingdom, we ensure appropriate safeguards are in place, including the use of UK International Data Transfer Agreements (IDTAs) or equivalent transfer mechanisms. If you require further information, please contact us at support@healthcarebase.co.uk.

5. Security

We implement appropriate technical and organisational security measures to protect your personal data against unauthorised or unlawful processing and against accidental loss, destruction or damage. Whilst we take these steps, no system can be entirely secure. If a security breach occurs, we will take all reasonable steps to contain it and notify you and relevant authorities as required by applicable law.

6. Your Rights

Under applicable Data Protection Legislation, you have the following rights:

  • Right of access — to obtain a copy of the personal data we hold about you.
  • Right to rectification — to require us to correct personal data that is inaccurate or incomplete.
  • Right to erasure — to request that we delete your personal data where it is no longer necessary for us to hold it, subject to our legal obligations.
  • Right to restriction of processing — in certain circumstances, to require that we restrict our processing of your personal data.
  • Right to data portability — to request that we transfer your personal data to you or another provider in a structured, machine-readable format.
  • Right to object — to object to our processing of your personal data where we rely on legitimate interests.
  • Right to withdraw consent — where we process your personal data on the basis of consent, you may withdraw that consent at any time.
  • Rights in relation to automated decision-making — you have the right not to be subject to a decision based solely on automated processing (including profiling) which produces legal or similarly significant effects on you. If you believe any automated processing is affecting you in this way, please contact us.

To exercise any of these rights, please contact us at support@healthcarebase.co.uk. We will respond within one month. If you are dissatisfied with how we have handled your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at www.ico.org.uk.

7. Retention of Personal Data

We retain your personal data for as long as your account remains active or as long as is necessary to provide the Services to you. Following closure of your account, we will retain your personal data for up to twelve (12) months to fulfil any outstanding contractual, legal, or financial obligations (including for tax, accounting, and dispute resolution purposes), after which your personal data will be securely deleted or anonymised. Where you request deletion of your account and personal data, we will action this request within 30 days, subject to any overriding legal or statutory obligation to retain certain data.

8. Cookies

We use cookies and similar tracking technologies on the Platform. For more information about the types of cookies we use, why we use them, and how you can control them, please refer to our Cookie Policy.

9. General

This Privacy Policy is governed by the laws of England and Wales, and you agree to submit to the exclusive jurisdiction of the courts of England and Wales in relation to any dispute arising in connection with this Privacy Policy.

10. Contact

Healthcare Base Limited — 12 Corkran Road, Surbiton, England, KT6 6PN — support@healthcarebase.co.ukhttps://www.healthcarebase.co.uk