Last updated: 10 January 2025
This Privacy Policy explains how Day2Day Care processes personal data when you use our platform. We are the data controller for account, billing, and marketing data. For personal data you enter about service users, staff, and contacts within the product, we act as your data processor under your instructions.
Day2Day Care (the “Service”) is a US-based platform provided for care organisations operating globally, including the UK. To contact us about privacy, email legal@day2day.care.
Depending on your location (such as the UK, EEA, or US states with specific privacy laws), we process your data based on the following lawful bases:
The Service may be used to store information about residents, service users, or health interactions. You remain the data controller for that content. You must ensure a lawful basis under applicable privacy laws (such as UK GDPR and appropriate Article 9 conditions, or US health privacy laws) to process such data. We process such data only on your documented instructions to provide the Service, subject to a Data Processing Addendum (DPA) or Business Associate Agreement (BAA) on request.
As a US-based company, your data may be stored or processed in the United States and other regions. Where personal data is transferred from the UK or EEA, we rely on appropriate safeguards such as the UK Addendum to the EU Standard Contractual Clauses (SCCs) or the UK International Data Transfer Agreement (IDTA), plus technical and organisational controls.
We keep personal data for as long as needed to provide the Service, comply with legal obligations, resolve disputes, and enforce agreements. Data may persist in backups for a limited period (typically up to 90 days) before being securely overwritten.
You have the right to request the deletion of your personal data. To initiate a data deletion request, you can:
Upon receiving a verified deletion request, we will delete your account credentials, profile information, and associated personal identifiers. However, please note that certain types of data may be retained even after a deletion request:
We use appropriate technical and organisational measures to protect personal data, including access controls, encryption in transit, and monitoring. You are responsible for securing user access, devices, and choosing strong authentication measures.
Depending on your situation and location (e.g., under UK GDPR, EU GDPR, or applicable US state laws like the CCPA/CPRA), you may have rights to: access, rectification, erasure (deletion), restriction, objection, data portability, and to withdraw consent where we rely on consent. You may also have the right to opt-out of the "sale" or "sharing" of personal information, though Day2Day Care does not sell your personal data. Submit requests to legal@day2day.care. You can lodge a complaint with the Information Commissioner’s Office (ICO) in the UK or your local supervisory authority.
The Service is not directed to children under 18. Do not create end-user accounts for minors.
We use cookies and similar technologies for essential functions, preferences, analytics, and security. Details, choices, and consent controls are set out in our Cookie Policy.
We may update this Privacy Policy to reflect legal or product changes. We will post the updated version with a new “Last updated” date and notify you of material changes where reasonable.
For questions, data subject requests, or to request a DPA, contact legal@day2day.care.