Privacy Policy

Last updated: 21 March 2026

1. Who we are

Eviqa Ltd (Company No. 17107619) is the data controller for personal data collected through our marketing website (eviqa.health) and the data processor for personal data processed through our platform (app.eviqa.health) on behalf of our customer organisations.

Registered address: 21 Chelston Road, Newton Abbot, TQ12 2NN. Contact: info@eviqa.health

2. Marketing website (eviqa.health)

2.1 What we collect

When you visit our marketing website, we collect anonymous usage analytics through Umami, a privacy-first analytics platform hosted on our own UK-based infrastructure. Umami does not use cookies, does not collect personal data, and does not track individual visitors across sessions. We collect aggregate data only: page views, referral sources, browser type, and country.

If you contact us via email, book a demo, or use our live chat, we collect the information you provide: your name, email address, organisation name, and any message content. This is processed on the basis of legitimate interest (responding to your enquiry) or your consent.

2.2 Live chat

Our live chat is provided by Tawk.to. When you use the chat widget, Tawk.to processes your name, email (if provided), and message content. Tawk.to's privacy policy applies to data processed through their service. We use this data solely to respond to your enquiry.

2.3 Demo booking

Demo bookings are handled by Cal.com. When you book a demo, Cal.com processes your name, email, and selected time slot. Cal.com's privacy policy applies. We use this data solely to conduct the booked consultation.

3. Eviqa platform (app.eviqa.health)

3.1 Our role

When a care provider organisation subscribes to Eviqa, they are the data controller for the personal data they enter into the platform (staff details, client initials, competency records, incident reports, etc.). Eviqa Ltd acts as the data processor, processing this data on the organisation's behalf in accordance with a Data Processing Agreement.

3.2 What the platform processes

The platform processes the following categories of data as instructed by the customer organisation:

• Staff user accounts: name, email, role, professional registration details
• Client records: initials or identifiers (not full names by default), delegated task registers, competency records, outcome reviews
• Incident reports: incident details, severity, actions taken, review outcomes
• SOP acknowledgements: staff name, date, SOP version acknowledged
• Audit logs: user actions within the platform (who did what, when)

3.3 Special category data

The platform may process health-related data (e.g. clinical outcome measurements, incident details involving injury or health events). This processing is carried out under Article 9(2)(h) of the UK GDPR — processing necessary for the provision of health or social care, or the management of health or social care systems and services. The customer organisation is responsible for ensuring they have an appropriate lawful basis for entering this data.

3.4 Data hosting and security

All data is hosted on Amazon Web Services in London (eu-west-2), United Kingdom. Data is encrypted in transit (TLS 1.3) and at rest. Access is controlled through role-based permissions with JWT authentication. All data mutations are recorded in an immutable audit log.

3.5 Data retention

Platform data is retained for as long as the customer organisation's subscription is active. Upon termination, the organisation may request a full data export. Data is securely deleted within 90 days of a confirmed deletion request, unless a longer retention period is required by law or regulation.

3.6 Sub-processors

We use the following sub-processors:

• Amazon Web Services (eu-west-2, London) — infrastructure hosting
• Tawk.to — live chat on the marketing website only
• Cal.com — demo booking on the marketing website only

No platform data is shared with Tawk.to or Cal.com.

4. Your rights

Under the UK GDPR, you have the right to access, rectify, erase, restrict processing, data portability, and object to processing of your personal data. For data held on our marketing systems (email enquiries, chat transcripts), contact us at info@eviqa.health. For data held within the Eviqa platform, contact your employer or care provider organisation, as they are the data controller.

5. Cookies

Our marketing website uses only essential cookies required for the website to function. Our analytics platform (Umami) does not use cookies. Our live chat provider (Tawk.to) may set functional cookies to maintain your chat session.

6. Changes to this policy

We may update this policy from time to time. Material changes will be communicated via the website. The "last updated" date at the top of this page indicates the most recent revision.

7. Contact and complaints

For any questions or concerns about this policy, contact: info@eviqa.health

If you believe your data protection rights have been breached, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.