30-day pilot · No EHR · KPI-backed · Self-pay & Insurer tracks

Privacy Policy

Who we are

Controller for this website and enquiries: EpicRose LLC.

Contact: dmytro@epicrose.co.uk. We comply with UK GDPR and the Data Protection Act 2018.

What we do and what we don’t

We operate administrative workflows for clinics (reminders, waitlists, shared inbox, voicemail-to-text).

We do not collect, process, or store PHI (personal health information) in our services.

Personal data we process — Website and sales (Controller)

Data: name, email, role, organisation, message text; basic logs (IP, user-agent), cookie preferences, analytics (if consented).

Purpose & lawful basis: respond to enquiries and schedule calls — Contract/Legitimate interests; service emails — Legitimate interests; optional updates — Consent; security and fraud prevention — Legitimate interests/Legal obligation.

Retention: enquiries and booking metadata up to 24 months; consent logs 24 months; server logs 90 days.

Personal data we process — Service delivery (Processor)

Data (minimal): patient contact details and appointment metadata needed for service messages (time, location, non-clinical notes).

Excluded: no PHI, no clinical notes, no diagnosis, no imaging data.

Purpose & lawful basis: performance of the clinic’s contract with the patient; our processing is under the clinic’s instructions (DPA in place).

Retention: as defined in the clinic’s DPA; by default delete/return at end of contract.

Where data is stored and international transfers

We use UK/EU data centres where possible. If transfers outside the UK occur, we rely on the UK Addendum to SCCs or other lawful safeguards. Details appear in the Sub-processor register.

Sub-processors

We use vetted providers for messaging, inbox, forms, telephony, analytics and billing. Current list available upon request. Each has a DPA and security review. We only share the minimum required data.

Your rights (UK GDPR)

Access, rectification, erasure, restriction, portability, objection, and withdrawal of consent.

To exercise rights, contact dmytro@epicrose.co.uk.

You can complain to the ICO (Information Commissioner’s Office) if you are unhappy with our response.

Security

Least-privilege access, MFA, audit logs, encryption in transit, regular reviews, incident response. We never request PHI and block it in our forms.

Children

Our site and services are for adults and organisations only.

Changes

We may update this notice. The latest version will always be dated.

Effective date

12.04.2022