Privacy Policy

Last updated: 28 February 2026

1. Introduction

Panimcare Ltd ("Panim", "we", "our", or "us") is committed to protecting the privacy and security of your personal information. This Privacy Policy explains how we collect, use, store, and share information when you use our clinical intelligence platform, website, and related services (collectively, the "Services").

We are registered in England and Wales (Company No. pending) and act as a data controller for the personal data we process. Our registered address is London, United Kingdom.

By using our Services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please do not use our Services.

2. Data We Collect

We collect the following categories of personal data:

Account Information: When you register for Panim, we collect your name, email address, professional credentials, practice name, and billing information.

Clinical Data: Our platform processes clinical notes, patient records, appointment data, and related healthcare information that you enter or generate through the AI Scribe feature. You, as the clinician, remain the data controller for all patient data.

Usage Data: We automatically collect information about how you interact with our Services, including pages visited, features used, session duration, and device information (browser type, operating system, IP address).

Communications: When you contact our support team, we retain the content of those communications to improve our service.

Cookies and Tracking: We use essential cookies to maintain your session and optional analytics cookies to understand how our Services are used. See Section 8 for details.

3. How We Use Your Data

We process your personal data for the following purposes and legal bases:

Service Delivery (Contractual Necessity): To provide, maintain, and improve our clinical intelligence platform, including the AI Scribe, digital consent, patient check-ins, analytics, and scheduling features.

Account Management (Contractual Necessity): To manage your account, process payments, and communicate with you about your subscription.

Security and Compliance (Legitimate Interest): To detect, prevent, and address technical issues, fraud, and security threats. To comply with legal obligations, including healthcare regulations.

Product Improvement (Legitimate Interest): To analyse aggregated, anonymised usage patterns to improve our Services. We never use identifiable patient data for product development without explicit consent.

Communications (Consent / Legitimate Interest): To send you service updates, security alerts, and, where you have opted in, marketing communications about new features and offers.

4. Data Sharing and Third Parties

We do not sell your personal data. We share data only in the following circumstances:

Service Providers: We use carefully selected third-party providers to help deliver our Services (e.g., cloud hosting, payment processing, email delivery). All providers are bound by data processing agreements and are required to protect your data to the same standard we do.

Cloud Infrastructure: Our Services are hosted on UK-based servers. Patient data never leaves the United Kingdom unless you explicitly configure cross-border data sharing.

Legal Requirements: We may disclose your data if required by law, regulation, legal process, or governmental request, or to protect the rights, property, or safety of Panim, our users, or the public.

Business Transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction. We will notify you of any such change.

5. Data Security

We implement robust technical and organisational measures to protect your data:

Encryption: All data is encrypted in transit using TLS 1.3 and at rest using AES-256 encryption.

Access Controls: We enforce role-based access controls, multi-factor authentication for staff, and regular access reviews.

Infrastructure: Our platform is hosted on ISO 27001-certified UK data centres with redundant backups and disaster recovery procedures.

Monitoring: We maintain continuous security monitoring, intrusion detection, and regular penetration testing.

Certifications: We are pursuing SOC 2 Type II certification, expected Q2 2026. We are fully GDPR compliant and adhere to the Data Security and Protection Toolkit (DSPT) standards.

6. Data Retention

We retain your data only for as long as necessary to fulfil the purposes described in this policy:

Account Data: Retained for the duration of your subscription and for 12 months after account closure, unless a longer retention period is required by law.

Clinical Data: Retained in accordance with your instructions as the data controller. Upon account termination, you may export all clinical data. We will delete clinical data within 90 days of account closure unless legally required to retain it.

Usage and Analytics Data: Retained in anonymised form for up to 24 months for product improvement purposes.

Support Communications: Retained for up to 24 months after resolution.

7. Your Rights

Under the UK GDPR, you have the following rights regarding your personal data:

Right of Access: You may request a copy of the personal data we hold about you.

Right to Rectification: You may request correction of inaccurate or incomplete data.

Right to Erasure: You may request deletion of your personal data, subject to legal retention requirements.

Right to Restrict Processing: You may request that we limit how we use your data.

Right to Data Portability: You may request your data in a structured, machine-readable format.

Right to Object: You may object to processing based on legitimate interests or for direct marketing purposes.

Right to Withdraw Consent: Where processing is based on consent, you may withdraw consent at any time.

To exercise any of these rights, contact us at privacy@panimcare.com. We will respond within 30 days.

8. Cookies

Our website and platform use the following types of cookies:

Essential Cookies: Required for the platform to function. These cannot be disabled. They include session cookies, authentication tokens, and security cookies.

Analytics Cookies: Help us understand how visitors interact with our website. We use privacy-focused analytics that do not track individual users across sites. These are only set with your consent.

Preference Cookies: Remember your settings and preferences (e.g., theme, language). These are only set with your consent.

You can manage your cookie preferences at any time through the cookie settings accessible from the footer of our website.

9. Children’s Privacy

Our Services are designed for healthcare professionals and are not intended for use by individuals under the age of 18. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will take steps to delete such information.

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by posting the updated policy on our website and, where appropriate, by email. The "Last Updated" date at the top of this policy indicates when it was last revised.

11. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

Email: privacy@panimcare.com
Post: Panimcare Ltd, London, United Kingdom

If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO) at ico.org.uk.