Privacy Policy

This privacy policy explains how Carebit Health Ltd collects, uses, and protects personal information when:

• you visit our website (carebit.co)
• you use the Carebit platform as a clinician or staff member of a practice
• you are a patient whose healthcare provider uses Carebit

Because Carebit operates in different roles depending on the context, this policy explains clearly how personal data is handled in each situation.

Last updated: 16 March 2026

1. Who we are

Carebit Health Ltd provides practice management software used by healthcare professionals to manage appointments, communications, billing and patient records, and share documents with other healthcare providers and authorised third parties.

Carebit Health Ltd is registered in the United Kingdom. Our registered address is 63 Bermondsey Street C/O Dragon Argent Ltd, London, England, SE1 3XF. Company registration number: 09715186. Information Commissioner Office (ICO) registration reference: ZA507178

2. Roles in relation to personal data

Carebit operates in different roles depending on how our services are used.

Website visitors

When you visit our website or contact us directly, Carebit Health Ltd acts as the data controller for the personal data collected through those interactions.

Carebit platform users

When clinicians, practice managers, secretaries, or administrative staff use Carebit, Carebit processes personal information necessary to create and maintain user accounts, provide access to the platform, and deliver associated services such as support and system administration.

Patients

When a healthcare provider uses Carebit to manage patient information, the healthcare provider remains the data controller of patient data. Carebit acts as a data processor, providing the technology used to store and manage records on behalf of that provider.

When acting as a data processor, Carebit processes personal data only in accordance with the instructions of the healthcare provider acting as the data controller. Carebit does not use patient data for its own purposes and does not access patient records except where necessary to:

• provide technical support
• maintain or secure the platform
• comply with legal obligations

If you are a patient and have questions about your medical record, you should contact the healthcare provider responsible for your care.

3. Personal data we collect

The type of personal data we collect depends on how you interact with Carebit.

Website visitors

When you visit our website or contact us, we collect and process:

• name and contact details if you complete a contact form
• communications sent to Carebit by email or form submission
• technical information such as IP address, browser type, and device information
• website usage information used to improve site performance and usability

Carebit platform users

If you use Carebit as part of a healthcare organisation, we may process:

• account information (name, email address, role)
• authentication and login information
• communications with our support team
• usage data related to the Carebit platform

Patients

Healthcare providers using Carebit may record patient information including:

• name, date of birth, and contact and other demographic details
• appointment information
• consultation notes
• clinical letters and documents
• test results and diagnostic reports
• billing administrative information
• correspondence between patient and healthcare provider

Carebit processes this information solely to provide the software platform used by healthcare providers to manage patient care.

4. Single patient record

Carebit maintains a single patient record to help ensure that contact details remain accurate when a patient receives care from more than one healthcare provider using Carebit.

If you are a patient registered with multiple healthcare providers using Carebit, certain contact details such as your email address, telephone number, and address are synchronised between those organisations. This helps reduce the risk of outdated contact information being used and supports safe communication relating to your care.

Clinical records, including consultation notes, letters, test results, and medical documents, are not shared between healthcare providers unless:

• your healthcare provider chooses to share them with your consent, or
• sharing is necessary for medical reasons to support safe care.

Only the healthcare provider providing your care can access your clinical information unless authorised in this way. Carebit is designed to minimise duplicate patient records while ensuring that clinical information remains accessible only to the healthcare providers responsible for a patient’s care.

5. How personal data is used

Personal data may be used for the following purposes.

Website visitors

• responding to enquiries or demo requests
• providing information about Carebit services
• improving the performance and usability of the website
• communicating with prospective customers

Platform users

• providing access to the Carebit platform
• managing user accounts
• delivering support
• maintaining platform performance and security

Patients

Patient information is used by healthcare providers to:

• manage appointments and scheduling
• record clinical consultations
• communicate with patients and other healthcare professionals
• manage billing and administration
• deliver safe and effective healthcare

Carebit processes patient information only to provide and maintain the software platform used by healthcare providers.

6. Lawful basis for processing

Carebit processes personal data under the following lawful bases:

• Website enquiries are processed under legitimate interests, so that we can respond to enquiries and provide information about our services.
• Marketing communications are processed based on consent, where you have chosen to receive updates from us.
• Customer and user accounts are processed under contract, in order to provide access to the Carebit platform and deliver our services.
• Patient medical data is processed for the provision of healthcare services by the healthcare provider responsible for your care.

Where healthcare data is processed, it is handled by healthcare providers under lawful bases relating to the provision of healthcare and the management of medical services. Where Carebit acts as a data processor, lawful bases are determined by the healthcare provider acting as the data controller.

7. Data sharing

Carebit does not sell personal data.

Personal information may be shared with:

• healthcare providers responsible for patient care
• trusted service providers acting on our behalf who support the operation of the Carebit platform
• regulators or legal authorities where disclosure is required by law

Service providers supporting Carebit may include:

• cloud infrastructure providers
• communication service providers
• payment processing providers
• security and monitoring providers

All service providers are required to maintain appropriate security and confidentiality protections.

8. Data storage and security

Carebit takes the protection of personal data seriously and implements a range of technical and organisational measures to safeguard information.

Security measures include:

• encryption of data in transit using secure transport protocols
• encryption of stored data
• role-based access controls
• restricted system access
• access to production systems is restricted to authorised personnel and controlled through strong authentication and auditing
• monitoring and logging of system activity
• secure hosting infrastructure and managed backups
• regular security reviews and testing

Carebit infrastructure is hosted in secure UK data centres operated by trusted cloud providers. These environments provide physical security controls, network protection, and resilience designed to ensure the availability and integrity of healthcare data. Where personal data is processed outside the UK, appropriate safeguards are applied in accordance with applicable data protection laws.

Carebit maintains an information security programme that includes internal policies, staff training, access management controls, incident response procedures, and regular security reviews designed to ensure personal data is handled securely and in accordance with applicable data protection laws.

While we take extensive steps to protect personal data, no system connected to the internet can guarantee absolute security. Carebit continually monitors and improves its security practices to minimise risks and protect information.

9. Data retention

Retention periods depend on the type of information and the organisation responsible for it.

Healthcare providers using Carebit determine how long patient records are retained in accordance with applicable legal and medical record retention requirements.

Personal data relating to website enquiries, customer relationships, and platform users is retained only for as long as necessary to fulfil the purpose for which it was collected and to meet legal or contractual obligations.

10. Your data protection rights

Under UK data protection law you have the right to:

• request access to your personal data
• request correction of inaccurate data
• request deletion of personal data in certain circumstances
• request restriction of processing
• object to certain processing activities
• request transfer of your data to another organisation

If you are a patient, requests relating to your medical record should be directed to the healthcare provider responsible for your care.

You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO).

11. Cookies

Our website uses cookies to improve functionality and analyse website usage.

Cookies may be used to:

• enable essential website functionality
• understand how visitors interact with the website
• improve the user experience

You can manage cookie preferences through your browser settings.

12. Changes to this policy

We may update this privacy policy from time to time to reflect changes to our services or legal requirements.

The latest version will always be available on our website.

13. Contact us

If you have questions about this privacy policy or about how personal data is handled by Carebit, please contact: [email protected]