Legal

Privacy Policy

Last updated: 1 May 2025

1. Who We Are

Kovara ("we", "us", or "our") provides AI-powered business intelligence software for care home operators in the United Kingdom. Our registered office is in England and Wales. Questions about this policy can be directed to privacy@kovaraintel.com.

2. Information We Collect

We collect the following categories of personal data:

  • Account data — name, email address, job title, and organisation name provided when you register.
  • Usage data — pages visited, features used, search queries, session duration, and browser/device type.
  • Communications — messages you send us via email, our chatbot, or any contact forms.
  • Billing data — payment card details processed by our third-party payment provider (we do not store raw card numbers).
  • Care home data you upload — operational metrics, staff records, and CQC-related documents you voluntarily import into the platform.

3. How We Use Your Information

We use personal data to:

  • Provide, maintain, and improve the Kovara platform.
  • Authenticate your identity and manage your account.
  • Generate analytics, benchmarking reports, and AI-powered insights.
  • Send you product updates, security notices, and (where consented) marketing communications.
  • Comply with legal obligations, including those under the UK GDPR and the Care Act 2014.
  • Detect, prevent, and investigate fraudulent or unlawful activity.

4. Legal Bases for Processing

Under UK GDPR we rely on the following lawful bases:

  • Contract — processing necessary to perform our agreement with you.
  • Legitimate interests — improving our services, preventing fraud, and direct marketing to existing customers.
  • Consent — where you have opted in, for example to receive newsletters.
  • Legal obligation — where we must retain records to comply with applicable law.

5. Sharing Your Data

We do not sell your personal data. We may share it with:

  • Service providers — cloud hosting (AWS/Vercel), authentication (Supabase), analytics, and payment processors who process data on our behalf under data processing agreements.
  • AI providers — anonymised or pseudonymised queries may be sent to our AI partners (e.g. OpenAI) to generate report summaries.
  • Regulators and authorities — where required by law or to protect the rights, property, or safety of Kovara, our users, or the public.
  • Business transfers — in the event of a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction.

6. Cookies and Tracking

We use cookies and similar technologies to keep you logged in, remember your preferences, and understand how the platform is used. You can manage cookie preferences through your browser settings. Disabling certain cookies may affect platform functionality.

7. Data Retention

We retain account data for the duration of your subscription and for up to 3 years afterwards for legitimate business and legal purposes. Usage logs are retained for 12 months. You may request earlier deletion (see Your Rights below).

8. International Transfers

Your data may be processed outside the UK. Where we transfer data to countries not recognised as providing an adequate level of protection, we rely on Standard Contractual Clauses approved by the UK Information Commissioner's Office (ICO) or equivalent safeguards.

9. Your Rights

Under UK GDPR you have the right to:

  • Access — obtain a copy of the personal data we hold about you.
  • Rectification — correct inaccurate or incomplete data.
  • Erasure — request deletion of your data where we have no lawful reason to retain it.
  • Restriction — ask us to pause processing in certain circumstances.
  • Portability — receive your data in a structured, machine-readable format.
  • Object — object to processing based on legitimate interests or for direct marketing.
  • Withdraw consent — at any time where processing is based on consent.

To exercise any right, email privacy@kovaraintel.com. We will respond within one month. You also have the right to lodge a complaint with the ICO at ico.org.uk.

10. Security

We implement industry-standard technical and organisational measures including encryption in transit (TLS) and at rest, role-based access controls, and regular security reviews. No method of transmission over the internet is 100% secure; we cannot guarantee absolute security.

11. Changes to This Policy

We may update this policy from time to time. We will notify you by email or an in-app notice before material changes take effect. Continued use of the platform after the effective date constitutes acceptance of the revised policy.

12. Contact Us

For privacy-related questions or to exercise your rights, please contact our Data Protection contact at privacy@kovaraintel.com or write to Kovara, London, England.