Privacy Policy

Revalidation Copilot · Operated by Beemal Innovation Ltd

Effective date: 01/03/2026

Support: support@revalidationaicopilot.co.uk Terms: terms.revalidationaicopilot.co.uk Delete account: privacy.revalidationaicopilot.co.uk/delete-account/

1. Quick summary

  • We don’t sell your data and we don’t use your data for third-party advertising.
  • Paid app: access is provided through an active subscription or purchase via Apple App Store / Google Play (see section 7).
  • Your portfolio content is private: entries you create (CPD, reflections, feedback notes, hours) are stored to provide the service.
  • No patient-identifiable data: please avoid entering patient names/IDs or anything that could identify individuals.
  • We use analytics and session replay tools to improve the App, diagnose issues, and understand feature usage. Sensitive areas are masked where appropriate (see section 8).
  • We do not use tracking for third-party advertising or sell personal data. If that ever changes, we would update this policy and any required in-app permission flows first.
  • You can delete your account: in-app deletion path (where available) and a web deletion request link is provided (section 14).
Professional confidentiality reminder: Revalidation templates emphasise keeping feedback and reflective notes non-identifiable. We mirror that expectation in this App. Please do not include information that could identify a patient, service user, colleague, or any individual.
Back to top

2. Data controller

Beemal Innovation Ltd is the data controller for personal data processed through Revalidation Copilot (the “App”).

Contact: support@revalidationaicopilot.co.uk

Back to top

3. Data we collect

3.1 Account information

  • Email address (for sign-in, account management, and support).
  • Authentication metadata (e.g., timestamps, sign-in method) to secure access.

3.2 Profile information (optional)

  • Name (if provided).
  • Revalidation due date (if provided).
  • Professional registration category/type (if provided).

3.3 User-generated portfolio content

  • Reflective accounts, CPD entries, feedback logs, practice hours records, and other portfolio notes you create in the App.
  • Files/evidence you choose to upload (for example PDFs, images, screenshots, or certificate files).
  • AI-generated drafts produced from your inputs.
Do not upload patient-identifiable information. The App is designed for professional portfolio drafting and organisation. It is not intended for storing patient records or patient identifiers.

3.4 Voice & speech data (only if you enable it)

  • Audio you provide for transcription (processed to produce text).
  • Transcribed text produced from your audio input.

3.5 Payments & purchase information

  • Purchase/subscription status and related technical identifiers needed to confirm entitlement (for example, transaction/receipt validation signals).
  • We do not receive or store your full card details. Payment is handled by Apple/Google and/or their payment processors.

3.6 Device & technical data

  • Device and app information (e.g., device model, OS version, app version, locale/timezone).
  • Diagnostics to maintain reliability and security (e.g., crash reports, error logs). Where possible, we minimise these logs and avoid including your portfolio content.
  • Usage analytics and product experience data, such as screen views, app interactions, session activity, feature usage, performance signals, and similar technical/behavioural information collected through analytics and session replay tools, subject to masking and privacy controls where appropriate.

3.7 Permissions and device access

  • Microphone access, if you choose to use voice input features.
  • File, photo, or media library access, if you choose to upload evidence from your device.
  • Notification permissions, if you choose to enable reminders.

3.8 What we do not collect

  • We do not require your NHS employer details.
  • We do not require your NMC PIN.
  • We do not collect precise location data.
  • We do not knowingly collect special category data unless you choose to type it into a portfolio entry (and you should avoid doing so).
Back to top

4. How we use your data

We use personal data to:

  • Provide the App: create accounts, save portfolio content, generate exports, and sync data across devices.
  • Secure the service: prevent abuse, detect fraud, and protect accounts.
  • Operate optional features: reminders/notifications, microphone/speech features (only if enabled).
  • Support: respond to enquiries, troubleshoot issues, and provide customer support.
  • Improve reliability: diagnose crashes/bugs, understand app usage, improve performance, and improve usability.

We do not sell your personal data and we do not share your portfolio content for third-party marketing.

Lawful basis (UK GDPR)

  • Contract — to provide the App you paid for and requested.
  • Legitimate interests — to keep the App secure, prevent fraud, understand product performance, investigate issues, and improve reliability and usability (balanced against your rights).
  • Consent — for optional permissions such as microphone access, speech recognition, notifications, and any other permission-based processing where consent is appropriate (you can withdraw in device settings).
  • Legal obligation — where we must retain limited records (e.g., tax/accounting, compliance, or responding to lawful requests).
Back to top

5. AI processing

The App uses artificial intelligence to help generate draft text based on what you input (for example, drafting reflective accounts or improving structure/clarity). AI outputs are automated suggestions and may be incomplete, inaccurate, or unsuitable without review.

  • You control what you input and what you save.
  • You remain responsible for reviewing, editing, and verifying any content you choose to rely on for professional or regulatory purposes.
  • The App is not a clinical decision support tool and does not provide medical advice.
Data minimisation: only the text (and context) needed to perform the requested AI feature is processed.
Back to top

6. Voice & speech features

If you enable voice features, your device microphone is used to capture audio so the App can transcribe speech into text and assist drafting.

  • You can disable microphone permissions at any time in your device settings.
  • We recommend avoiding any patient-identifiable information in spoken notes as well.
Back to top

7. Payments & subscriptions

Revalidation Copilot is a paid app. Purchases/subscriptions are processed by the platform you used (Apple App Store or Google Play).

  • We use purchase status information to confirm your entitlement (active subscription/access).
  • Platform providers may process purchase data under their own privacy policies.
  • If you request a refund, it is handled according to the platform’s policies.
Note: we do not receive your full payment card details.
Back to top

8. Analytics, diagnostics & session replay

We use analytics, diagnostics, and product experience tools to understand how the App is used, improve reliability, identify bugs, investigate performance issues, and improve user experience.

8.1 Google Analytics for Firebase

  • We use Google Analytics for Firebase to measure app usage and engagement, such as screen views, events, general usage patterns, and technical/device-level analytics.
  • This helps us understand feature usage, improve the App, and monitor app performance and stability.
  • We do not use Firebase Analytics data to sell your personal data or to serve third-party advertising based on your portfolio content.

8.2 UXCam

  • We use UXCam for product analytics and session replay to understand app interactions and identify usability issues.
  • UXCam may process app interaction and technical usage data such as taps, swipes, screen transitions, navigation paths, device properties, crashes, and performance/context signals.
  • We use masking, occlusion, and other privacy controls on sensitive parts of the App where appropriate.
  • We use UXCam to improve design, investigate bugs, and improve workflow quality.

8.3 Session replay and privacy controls

Session replay tools help us understand how the App is used by reconstructing or visualising app interactions. We aim to apply privacy controls and masking to sensitive areas, and we do not intentionally use these tools to capture patient-identifiable information or payment card details.

Tracking clarification: we do not use analytics or session replay tools to track you across third-party apps or websites for advertising purposes. If that changes, we would update this Privacy Policy and any required in-app permission requests before doing so.

8.4 Your choices

Where required by law, we will rely on the appropriate lawful basis for analytics or tracking-related processing. You can also limit certain data collection through your device settings, platform privacy controls, or by contacting us.

8.5 Meta (Facebook) Analytics

  • We use Meta analytics tools, including Meta App Events, to measure app performance, understand user engagement, and improve marketing effectiveness.
  • This may include events such as app installs, app launches, feature usage, and general interaction data.
  • Meta may process device-level and usage data (such as device identifiers, app activity, and event data) in accordance with their own privacy policies.
  • We configure these tools to avoid sending sensitive personal data, including any patient information or revalidation content entered into the App.
  • We do not sell your personal data or use analytics data to serve third-party advertising based on your personal portfolio content.
Back to top

9. Sharing & service providers

We use trusted service providers (“processors”) to run the App. They process data on our instructions and under appropriate contractual protections. We do not allow them to use your portfolio content for their own marketing.

9.1 Categories of providers

  • Authentication, database, and storage (to store your account and portfolio data securely).
  • AI processing (to generate drafts from your inputs when you request AI features).
  • Payments/subscription platforms (Apple/Google) to manage purchases.
  • Analytics and product experience providers (to understand app usage, performance, session flow, usability issues, and reliability).
  • Customer support email (to respond to your requests).
  • Diagnostics (crash/error reporting to keep the App stable).

9.2 What we never do

  • We do not sell personal data.
  • We do not share your portfolio content with advertisers.
  • We do not use your data to track you across other companies’ apps or websites for advertising purposes.

9.3 Legal disclosures

We may disclose information if required by law, court order, or to respond to valid legal process, or to protect our rights, users, or the public.

Back to top

10. Security

We use technical and organisational measures designed to protect your data, including:

  • Encryption in transit (HTTPS/TLS).
  • Access controls and least-privilege practices.
  • Logical separation and safeguards to reduce unauthorised access.
  • Monitoring for abuse and suspicious activity.

No system is 100% secure. You are responsible for keeping your login credentials confidential and using a strong password where applicable.

Back to top

11. International transfers

Our service providers may process data outside the UK. Where international transfers occur, we use appropriate safeguards consistent with applicable data protection law (for example, contractual protections such as the UK IDTA/UK Addendum and/or other recognised transfer mechanisms).

Back to top

12. Retention

We keep data only as long as necessary for the purposes described above:

Data type Typical retention Notes
Account + portfolio content Until you delete content or delete your account Needed to provide the service you purchased.
Support communications Up to 24 months To resolve issues and keep an audit trail for support.
Diagnostics and analytics data Typically 90 days, or longer where needed for aggregated analytics Used to investigate and fix reliability issues, understand performance, and improve the App.
Backups Rolling backups (typically 30–90 days) Backups may persist briefly after deletion; deleted data is removed as backups rotate.
Legal/accounting records As required by law May include limited transactional records (not full card details).

Retention periods may vary depending on technical constraints and legal requirements. We aim to delete or anonymise data when it’s no longer needed.

Back to top

13. Your rights

Depending on your location, you may have rights under UK GDPR (and other applicable laws), including to:

  • Request access to your personal data.
  • Request correction of inaccurate or incomplete data.
  • Request deletion (erasure) of your data in certain circumstances.
  • Request restriction of processing in certain circumstances.
  • Object to certain processing.
  • Request data portability in certain circumstances.
  • Lodge a complaint with the UK Information Commissioner’s Office (ICO).

To exercise your rights, contact: support@revalidationaicopilot.co.uk

Back to top

14. Account deletion

14.1 In-app deletion

You can delete your account in the App. When you confirm deletion, we send a request to our backend to delete your account data. After the deletion request completes, we sign you out and return you to the sign-in screen.

14.2 Web deletion request (if you cannot access the App)

If you cannot access the App (for example, you have uninstalled it), you can request account deletion at: privacy.revalidationaicopilot.co.uk/delete-account/

14.3 What is deleted

  • Your account and authentication record.
  • Portfolio content associated with your account (e.g., reflections, CPD logs, feedback logs, practice hours, notes).
  • Uploaded evidence you stored in the App (where linked to your account).

14.4 What may be retained

After deletion, we may retain limited information where necessary for legal compliance, accounting, security, fraud prevention, or dispute resolution. Backups may retain data for a limited period until they rotate (see section 12).

14.5 Verification

To protect your account, we may ask you to verify ownership (for example, by responding from the email address on the account).

Back to top

15. Children’s privacy

The App is intended for users aged 18 and over. We do not knowingly collect personal data from children.

Back to top

16. Automated processing

AI-generated drafts are produced using automated processing based on your inputs. We do not use AI outputs to make decisions that produce legal or similarly significant effects about you. The purpose is drafting assistance, and you remain in control of what you save or export.

Back to top

17. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. We will post the updated version on this page and update the effective date. Continued use of the App after changes take effect means you accept the updated policy.

Back to top

18. Contact

If you have questions about this Privacy Policy or how we handle personal data, contact:

If you are in the UK, you can also contact the Information Commissioner’s Office (ICO) if you believe your data protection rights have been infringed.

Back to top