Privacy Policy

This Privacy Policy explains how Senior Care at Home Limited t/a Right at Home UK ("we", "us", "our") collects, uses, stores, and protects your personal data when you use the Atlas platform ("Atlas"). We are committed to compliance with the UK GDPR, Data Protection Act 2018, and ICO guidance.

1. Who We Are (Data Controller)

For all account-level data, platform usage data, and user-generated content, the Data Controller is:

2. What Data We Collect

We do not train AI models on your private data.

3. How We Use Your Data

We process data to:

• Operate and maintain the Atlas platform
• Authenticate users
• Provide AI responses
• Index and retrieve documents
• Monitor performance and security
• Detect abuse, fraud, and rate-limit violations
• Improve search relevance
• Provide customer support
• Comply with legal obligations

We only process data where we have a lawful basis (legitimate interest, consent, contract necessity, or legal obligation).

4. Legal Bases Under UK GDPR

We use the following lawful bases:

• Contract – providing user accounts and access to Atlas
• Legitimate Interests – security monitoring, fraud prevention, analytics
• Legal Obligation – maintaining records, responding to lawful requests
• Consent – when explicitly required (e.g., marketing emails)

5. Data Storage & International Transfers

Atlas uses secure data centers located in:

• United Kingdom (primary data region)
• Belgium (EU region for Supabase & Mailgun)
• United States (Google Cloud processing, Clerk processing, Sentry processing)

Where data is transferred to the United States, we rely on:

• UK Addendum to the EU Standard Contractual Clauses (SCCs)
• Data Processing Agreements
• Appropriate safeguards under UK GDPR

We ensure that all vendors provide adequate protection for personal data.

6. Third-Party Processors & Subprocessors

Atlas uses the following data processors/subprocessors:

We maintain contracts and DPAs with all subprocessors.

7. How Long We Keep Data

Data is retained only as long as necessary for:

• Providing access to Atlas
• Security & fraud prevention
• Legal, regulatory, and audit requirements

Inactive accounts may be deleted after 12–24 months.

You may request deletion at any time.

8. Your Rights Under UK GDPR

You have the right to:

• Access your personal data
• Request correction of inaccurate data
• Request deletion ("right to be forgotten")
• Object to processing
• Limit how your data is used
• Port your data to another service
• Withdraw consent at any time
• File a complaint with the ICO

Contact us at support@rightathomeuk.com to exercise your rights.

9. Security Measures

We use:

• Encrypted data storage
• Role-level access control
• Supabase RLS
• Signed URLs for storage
• Server-side validation
• PII redaction in logging
• Automated abuse monitoring
• Industry-standard hashing & encryption

Despite this, no online service can guarantee 100% security.

10. Children's Data

Atlas is not intended for users under 16 years old.

We do not knowingly collect children's personal data.

11. Changes to This Policy

We may update this Privacy Policy to reflect changes in laws, services, or processing practices. Updates will be posted on the website.

12. Contact Us