CareAiro
Sign in →

Policies · Privacy

Privacy Notice

Effective: 2026-04-22 · Last updated: 2026-04-22 · Version 1.0

This notice explains how Care Airo Ltd ("Care Airo", "we", "us") handles personal data collected through the CareAiro platform, mobile application, and marketing website at careairo.com.

Scope. This notice covers the CareAiro web and mobile application, the public marketing site, and the "Request a demo" form. Where Care Airo processes data inside the product on behalf of our customers (the care providers), we act as a data processor and the care provider is the data controller — their own privacy notice applies to that data.

1. Who we are

Care Airo Ltd is the controller of the personal data we collect through this platform.

Registered office61 Cranbrook House, Cranbrook Road, Ilford, Essex IG1 4PG, United Kingdom
Privacy contactprivacy@careairo.com

2. What personal data we collect

Through the mobile application

When care workers use the CareAiro mobile app, we collect:

  • GPS location (only during visit check-in and check-out for verification)
  • Camera access (to scan QR codes for secure check-in and upload incident photos)
  • Microphone access (for optional speech-to-text visit note dictation)
  • Photos from library (to attach images to incident reports)
  • Visit notes, tasks, and care records entered by the care worker
  • Device push notification token (for shift and visit alerts)

Through the web platform

  • Name, email address, and role for account management
  • Activity logs and audit trails for compliance purposes
  • Standard server log entries (IP address retained 30 days)

3. Why we process your data and our lawful basis

PurposeLawful basis (UK GDPR Art. 6)
GPS check-in verification for care visitsLegitimate interests — ensuring care workers attend scheduled visits
QR code scan for secure check-inLegitimate interests — verifying visit attendance
Speech-to-text for visit notesConsent — only when care worker activates the feature
Incident photo uploadLegal obligation — safeguarding and CQC compliance
Push notifications for shifts and visitsLegitimate interests — operational communication
Audit logging for CQC complianceLegal obligation — Care Quality Commission requirements

4. How long we keep your data

DataRetention
Care records and visit notes8 years (CQC requirement)
Staff records6 years post-employment
Audit logsIndefinite (regulatory compliance)
Incident photos8 years (CQC) or 90 days (GDPR — failed verifications)
GPS location dataRetained with visit record (8 years)
Server IP logs30 days
Push notification tokensUntil device deregistration

5. Who we share your data with

We share personal data only with:

  • Google Cloud Platform — our cloud infrastructure provider (europe-west2, London)
  • Resend — email delivery for notifications and system alerts
  • Professional advisors — lawyers, accountants, auditors where necessary
  • Competent authorities — where legally required (e.g. lawful court order)

We do not sell personal data. We do not use your data to train AI models. We do not pass your data to third parties for their own marketing.

6. Your rights

Under UK GDPR you have the right to:

  • Access — ask for a copy of the personal data we hold about you
  • Rectification — ask us to correct data that is wrong
  • Erasure — ask us to delete data in certain circumstances
  • Restriction — ask us to limit how we use your data
  • Portability — receive your data in a structured format
  • Object — object to processing based on legitimate interests

To exercise any rights, email privacy@careairo.com. We will respond within one calendar month.

You may also complain to the Information Commissioner's Office: ico.org.uk · 0303 123 1113

7. Automated decision-making

The CareAiro platform uses AI to assist care managers with scheduling suggestions and care summaries. These are advisory tools only — no automated decisions that produce legal or similarly significant effects are made without human review.

8. Cookies

The CareAiro web application uses strictly necessary cookies for session management and authentication only. We do not use analytics, tracking, or advertising cookies.

9. Security

We protect personal data using encryption in transit (TLS 1.2+), encryption at rest, role-based access controls, and immutable audit logs. Our infrastructure is hosted exclusively in the United Kingdom (Google Cloud Platform, london region).

10. Mobile application permissions

PermissionWhy it is needed
Location (when in use)GPS check-in at service user address to verify attendance
CameraScan QR codes for secure check-in; upload photos for incident reports
MicrophoneSpeech-to-text dictation for visit notes (activated by care worker only)
Photo libraryAttach images to incident and safeguarding reports
NotificationsShift reminders, visit alerts, and urgent care messages

11. Changes to this notice

We may update this notice from time to time. The "Last updated" date at the top shows when it was last revised. Material changes will be communicated to registered users.

12. Contact

Privacy enquiries & subject access requestsprivacy@careairo.com
PostalData Protection, Care Airo Ltd, 61 Cranbrook House, Cranbrook Road, Ilford, Essex IG1 4PG

Change log

VersionDateChange
1.02026-04-22Initial version
1.12026-05-09Added mobile app permissions section
← Back to HomeSign in to CareAiro →