HLC Case ManagerHLC Case Manager

Privacy Policy

HLC Case Manager Last updated: 24 February 2026

1. Introduction

HLC Case Manager ("the App") is a case management application for Hospital Liaison Committee (HLC) members who support patients seeking bloodless medical treatment. This privacy policy explains how the App collects, uses, stores, and protects personal information, including sensitive health data.

The App processes special category data (health data) as defined under the EU General Data Protection Regulation (GDPR), UK GDPR, and equivalent legislation worldwide. We are committed to protecting this data to the highest standards.

2. Data Controller

Each Hospital Liaison Committee operates as an independent data controller for the patient data managed through the App. The HLC Chairman is responsible for data protection compliance within their committee.

For questions about data processing within a specific HLC, contact the committee chairman through the App.

For questions about the App itself, please use our support contact form.

3. Data We Collect

3.1 User Account Data

When an HLC chairman registers a committee or invites members, we collect:

  • Full name
  • Email address
  • Phone number
  • Role within the HLC (Chairman, Secretary, or Member)
  • Language preference

Legal basis: Legitimate interest in providing the service (GDPR Art. 6(1)(f)).

3.2 Patient Case Data

When HLC members create and manage patient cases, the following data may be recorded:

  • Patient name and contact details
  • Hospital name and location
  • Medical case notes and updates
  • Assigned HLC contacts (primary and secondary)
  • Case status and timestamps
  • Patient consent records

This data constitutes special category health data under GDPR Article 9.

Legal basis: Explicit consent from the patient (GDPR Art. 9(2)(a)). Patient consent is captured at the point of case creation.

3.3 Analytics Data (Optional)

If you choose to opt in, the App collects anonymous usage analytics to help us improve the service. This data is collected via PostHog and includes:

  • Your name and role — to identify HLC members in analytics (e.g., "John Smith, Secretary")
  • Anonymous device identifier — a randomly generated ID (not Apple's IDFA or any advertising identifier)
  • Screen views and feature usage — which screens you visit and which features you use
  • Device information — device manufacturer, operating system version, and app version

Analytics data is never collected without your explicit consent. You are prompted to opt in or decline when you first use the App, and you can change your preference at any time in Settings.

All patient-identifiable information is stripped before any analytics event is sent. Patient names, emails, phone numbers, addresses, medical data, and case notes are never included in analytics.

Legal basis: Consent (GDPR Art. 6(1)(a)). You may withdraw consent at any time.

3.4 Technical Data

The App collects minimal technical data required for operation:

  • Authentication session tokens (stored securely on-device)
  • Connection status (online/offline)

The App does not collect advertising identifiers, location data, or any data for advertising purposes.

4. How We Use Your Data

We use personal data exclusively for the following purposes:

  • Case management: Enabling HLC members to document, track, and coordinate patient support cases
  • Authentication: Verifying user identity and controlling access
  • Notifications: Alerting members to case assignments, updates, and reminders
  • Audit trail: Maintaining a record of case activity for accountability and compliance

We do not use personal data for marketing, advertising, profiling, or any purpose other than HLC case management.

5. Data Sharing

Patient and case data is shared only with:

  • Members of the same HLC — All committee members can view cases and updates within their committee
  • Supabase (infrastructure provider) — Our database and authentication provider, hosted in the European Union. Patient data is encrypted client-side with a unique per-HLC encryption key before it reaches Supabase's servers, meaning Supabase only has access to encrypted data. Data is additionally encrypted in transit (TLS 1.3) and at rest

We do not sell, rent, or share personal data with third parties for commercial purposes. We do not share data with advertisers or data brokers.

If you opt in to analytics, anonymous usage data (with all patient information removed) is sent to PostHog (hosted in the EU). This data cannot be used to identify individual patients.

6. Data Storage and Security

6.1 Storage

Data is stored in a PostgreSQL database hosted by Supabase in the European Union, with row-level security (RLS) enforced. Each HLC's data is logically isolated. Patient data is encrypted on the device using a unique encryption key per HLC before being sent to the server. These keys are generated and stored solely on committee members' devices and are never transmitted to or stored on our servers. This means that neither Supabase nor the App developer can access unencrypted patient data.

6.2 Security Measures

  • Encryption in transit: All data transmitted between the App and our servers is encrypted using TLS
  • Encryption at rest: Database contents are encrypted at rest
  • Authentication: Secure session management with tokens stored in the device's secure keychain (iOS Keychain / Android Keystore) on native platforms
  • Biometric access: The App supports Face ID and Touch ID for rapid, secure access
  • Role-based access control: Users can only access data within their HLC, with permissions determined by their role
  • Audit logging: All significant actions are logged for accountability

6.3 Offline Access

The App caches case data locally on the device for read-only access when an internet connection is unavailable. This cache is stored in device memory and is cleared when the App is closed. All data modifications require an active internet connection.

7. Data Retention and Deletion

7.1 Patient Case Data

Patient case data is automatically deleted within 24 hours of case closure. This includes all case updates, notes, and patient contact information. This policy ensures compliance with data minimisation principles and reduces the risk of retaining sensitive data beyond its purpose.

7.2 Audit Logs

Audit logs are retained for up to 7 years for regulatory compliance. Audit logs do not contain patient-identifiable information (PII).

7.3 User Account Data

User account data is retained for as long as the member remains active in an HLC. When a member is removed from a committee, their account data is deleted.

8. Your Rights

Depending on your jurisdiction, you may have the following rights:

  • Access: Request a copy of the personal data we hold about you
  • Rectification: Request correction of inaccurate data
  • Erasure: Request deletion of your personal data
  • Restriction: Request that we limit processing of your data
  • Portability: Request your data in a machine-readable format
  • Object: Object to the processing of your personal data
  • Withdraw consent: Withdraw consent for processing at any time (for patient data)

For Patients

If you are a patient whose case is managed through the App, you may exercise your rights by contacting the HLC chairman responsible for your case, or by contacting us at the details provided in Section 2.

For HLC Members

HLC members may exercise their rights by contacting their committee chairman or by contacting us at the details provided in Section 2.

Response Time

We will respond to all data rights requests within 30 days. For complex requests, this may be extended by a further 60 days with notice.

9. International Data Transfers

The App's database infrastructure is hosted by Supabase in the European Union. All primary data processing occurs within the EU. Where data is transferred outside the European Economic Area (EEA) or the United Kingdom, appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) as approved by the European Commission.

10. Children's Privacy

The App is not intended for use by individuals under the age of 18. We do not knowingly collect personal data from children. Patient cases involving minors are managed by HLC members (who are adults) with consent from the patient's legal guardian.

11. Third-Party Services

The App uses the following third-party services:

Service Purpose Data Processed
Supabase Database, authentication All app data (encrypted)
PostHog (EU) Anonymous usage analytics (opt-in only) Screen views, feature usage, device info (no patient data)

We do not integrate any advertising networks, social media SDKs, or tracking tools.

12. Tracking and Advertising

The App does not:

  • Track users across other apps or websites
  • Use advertising identifiers (IDFA or equivalent)
  • Contain any advertising
  • Share data with ad networks
  • Use cookies for tracking purposes

The optional analytics feature (Section 3.3) uses a randomly generated anonymous identifier scoped to the App only. It is not used for cross-app or cross-site tracking.

13. Data Breach Notification

In the event of a data breach involving personal data:

  • We will notify the relevant supervisory authority within 72 hours of becoming aware of the breach (as required by GDPR Article 33)
  • We will notify affected individuals without undue delay if the breach poses a high risk to their rights and freedoms
  • We will document all breaches in an internal breach register

14. Complaints

If you are dissatisfied with how we handle your personal data, you have the right to lodge a complaint with your local data protection authority:

  • EU: Your national Data Protection Authority
  • UK: Information Commissioner's Office (ICO) — ico.org.uk
  • Australia: Office of the Australian Information Commissioner (OAIC) — oaic.gov.au
  • Brazil: Autoridade Nacional de Proteção de Dados (ANPD) — gov.br/anpd
  • Canada: Office of the Privacy Commissioner — priv.gc.ca

We will acknowledge all complaints within 30 days and aim to resolve them promptly.

15. Changes to This Policy

We may update this privacy policy from time to time. When we make material changes, we will notify users through the App. The "Last updated" date at the top of this policy indicates when it was last revised.

16. Regional Provisions

European Economic Area and United Kingdom

The legal bases for processing are set out in Sections 3.1 and 3.2. You have all rights listed in Section 8. A Data Protection Impact Assessment has been conducted for this processing activity.

Australia

Health information is treated as sensitive information under the Privacy Act 1988 and applicable state health records legislation. The Australian Privacy Principles (APPs) are adhered to in full.

Brazil

Processing complies with the Lei Geral de Proteção de Dados (LGPD). Health data is treated as sensitive personal data requiring explicit consent under Articles 7 and 11.

United States

While HLCs are not covered entities under HIPAA, the App implements HIPAA-equivalent security measures for health information. The App complies with applicable state privacy laws including the California Consumer Privacy Act (CCPA/CPRA) and equivalent state legislation.

Canada

Processing complies with PIPEDA and applicable provincial health information legislation.

17. Contact

For any questions, concerns, or data rights requests regarding this privacy policy, please use our support contact form.