Legal

Privacy policy

Last updated: 26 May 2026

This policy explains how Clerkfolio collects, uses, stores, shares, and protects personal data when you use Clerkfolio. Clerkfolio is a UK medical portfolio organisation tool for medical students, foundation doctors, and doctors preparing portfolio material. It is designed for anonymised case notes and personal portfolio records, not patient-identifiable clinical records.

You must not enter patient names, NHS numbers, hospital numbers, dates of birth, addresses, precise rare-case identifiers, or any other patient-identifiable information into Clerkfolio. If you choose to enter information about another person despite this policy and our terms, you are responsible for making sure you have an appropriate professional, ethical, and legal basis to do so.

Who we are and how to contact us

Clerkfolio is operated by Clerkfolio Ltd, registered in England and Wales. For privacy requests, data subject rights, or questions about this policy, contact admin@clerkfolio.co.uk.

If you are in the United Kingdom, you also have the right to complain to the Information Commissioner's Office (ICO) at ico.org.uk or by calling 0303 123 1113. We ask that you contact us first where possible so we can try to resolve the issue.

What we collect and why

The data we collect depends on the features you use. The table below summarises the main categories currently reflected in the Clerkfolio app and Supabase database, together with the specific lawful basis under UK GDPR.

Category	Examples	Purpose	Lawful basis
Account and profile	Email address, password authentication data, name, career stage, onboarding status, student email verification status, referral code, notification preferences, and subscription tier.	To create and secure your account, personalise the service, manage entitlements, send service messages, and provide support.	Contract (Art 6(1)(b)); legitimate interests (Art 6(1)(f)) for security and abuse prevention; legal obligation (Art 6(1)(c)) where records are needed for compliance.
Portfolio content	Portfolio entries, categories, dates, specialty tags, competency themes, notes, reflections, procedures, teaching, publications, prizes, leadership roles, audit or QIP details, and custom templates.	To store, organise, display, export, and share the portfolio content you choose to enter.	Contract (Art 6(1)(b)); legitimate interests (Art 6(1)(f)) for security, integrity, backup, and abuse prevention.
Anonymised case diary	Case title, date, clinical area, specialty tags, competency themes, notes, pinned status, and completeness score.	To help you maintain a personal anonymised clinical diary. Clerkfolio is not designed for patient-identifiable data. To the extent that case notes incidentally contain health information about third parties, processing of that special category data is based on your explicit consent (Art 9(2)(a)).	Contract (Art 6(1)(b)); explicit consent (Art 9(2)(a)) for any special category health data incidentally contained in notes; legitimate interests (Art 6(1)(f)) for security and integrity.
Evidence files	Uploaded file name, storage path, MIME type, file size, linked entry, upload date, and file verification status. Accepted formats include PDF, DOCX, XLSX, PPTX, TXT, PNG, JPG, JPEG, and HEIC.	To store evidence you upload, enforce storage limits, verify permitted file types and formats, and include eligible files in user-requested exports.	Contract (Art 6(1)(b)); legitimate interests (Art 6(1)(f)) in platform security.
Applications, timeline, and ARCP organisation	Tracked specialty applications, scoring links, self-entered points claimed, ARCP capability links, goals, deadlines, calendar feed token, and completion status.	To organise your own portfolio against application and ARCP structures. Clerkfolio does not make readiness, competitiveness, or outcome predictions.	Contract (Art 6(1)(b)).
Sharing and exports	Share link tokens, optional PIN hash, link scope, expiry, revocation status, view count, hashed viewer IP address, share access attempts, and export usage counters.	To create user-controlled public links, prevent unauthorised or excessive access, revoke suspicious links, and apply plan limits.	Contract (Art 6(1)(b)); legitimate interests (Art 6(1)(f)) in security and abuse prevention.
Payments and subscriptions	Stripe customer ID, Stripe subscription ID, subscription period end, plan status, referral Pro status, and feature usage counters. Card details are handled by Stripe, not Clerkfolio.	To provide paid plans, manage billing status, apply limits, cancel subscriptions on account deletion, and keep accounting records.	Contract (Art 6(1)(b)); legal obligation (Art 6(1)(c)) for tax, accounting, and dispute records.
Support, feedback, and emails	Support messages, feedback form name, reply email, comment, notification emails, student verification emails, and delivery metadata handled by our email provider.	To respond to you, send requested or security-critical service emails, verify student status, and improve the service.	Contract (Art 6(1)(b)); legitimate interests (Art 6(1)(f)); consent (Art 6(1)(a)) where you opt into optional messages.
Technical and analytics data	Authentication session cookies, request metadata, hashed IP addresses where needed for security, device/browser information, service worker data, and Vercel Analytics events.	To keep you signed in, run the site, protect the service, understand aggregate usage, diagnose problems, and improve performance.	Contract (Art 6(1)(b)) for essential cookies and service operation; legitimate interests (Art 6(1)(f)) for security; consent (Art 6(1)(a)) for optional analytics cookies.

Special category data and clinical confidentiality

Clerkfolio is not intended to collect patient health data, patient identifiers, or formal clinical records. Case entries should be anonymised training notes only. Removing a name alone may not be enough if a combination of details could still identify a patient, so you should generalise or omit unnecessary details.

To the extent that any information you enter could constitute health data about a third party under Article 9 UK GDPR (for example, a case note that incidentally reveals a patient's medical condition even after anonymisation), we rely on your explicit consent given when you create an account and accept our Terms of service. You may withdraw this consent by deleting the relevant content or your account, though withdrawal does not affect processing already carried out.

If we become aware that content appears to contain patient-identifiable information, we may ask you to edit it, restrict the content, suspend sharing, or remove it where necessary to protect patients, comply with law, or protect the service.

Where data is stored

Clerkfolio stores application records and evidence files in Supabase. The project is configured for London, United Kingdom hosting (eu-west-2) for the core database and storage.

International transfers

Some of our subprocessors are based outside the UK or transfer limited data outside the UK/EEA:

Resend (US): email delivery. Transfers are covered by the UK International Data Transfer Agreement (IDTA) or Standard Contractual Clauses, and Resend participates in the EU-US Data Privacy Framework (DPF).
Vercel (US): hosting infrastructure. Production traffic is served from the London region (lhr1). Limited infrastructure data may be processed in the US under the DPF and UK IDTA.
Stripe (Ireland/US): payment processing. Stripe is established in Ireland (EU) and uses SCCs and the DPF for onward transfers.

Full details of transfer mechanisms are on the Subprocessors page.

Processors and third parties

We use the following main providers to operate Clerkfolio. Full details, transfer mechanisms, and links to each provider's DPA are at clerkfolio.co.uk/subprocessors:

Supabase: Authentication, Postgres database, storage, row level security, and Edge Functions. Application data and evidence storage are configured for London, United Kingdom (eu-west-2).
Vercel: Hosting, deployment, request handling, and Vercel Analytics (with consent). Production deployments served from the London region (lhr1). See international transfers below.
Stripe: Subscription checkout, billing portal, customer and subscription records, payment processing, fraud checks, refunds, and payment disputes. Stripe is registered in Ireland.
Resend: Transactional email delivery for verification, notifications, security messages, and feedback/support routing. Resend is based in the United States - see international transfers below.
Upstash: Serverless Redis used for rate limiting on public API endpoints. Data stored in the EU (eu-west-1). No personal portfolio data is stored; only transient rate-limit counters.

We may also disclose information if required by law, to enforce our terms, to protect users or patients, to investigate abuse or security incidents, or in connection with a restructuring, acquisition, or sale of the service.

User-controlled sharing

You can generate portfolio share links with a chosen scope, expiry date, and optional PIN. Anyone with a valid link, and the PIN where enabled, may view the shared portfolio content until the link expires, is revoked, or is automatically paused after unusual traffic. Share link access may record hashed IP addresses and access attempts for abuse prevention and audit purposes.

Calendar feed tokens work like secret links. If you enable or share one, anyone with the token may be able to access the calendar feed until you rotate or disable it.

Cookies, analytics, and local storage

Clerkfolio uses essential authentication cookies and similar technologies to keep you signed in, secure your session, remember requested service state, and run the web app. When you first visit the site, we ask for your consent before loading optional analytics. Full details are in our Cookie policy.

Vercel Analytics is used to understand aggregate product usage and performance. It is off by default and only loaded if you accept analytics cookies. We do not sell or broker personal data.

Retention

Live account, profile, portfolio, case, timeline, specialty, ARCP, template, and evidence records are kept while your account remains active or as needed to provide the service.
Soft-deleted portfolio entries and cases remain available in trash for a limited period and are currently scheduled for purge after 30 days.
After account deletion, personal data is removed from live systems promptly. Backup copies may be retained for up to 30 days before being purged in the normal backup rotation. Stripe billing records and any data we are legally required to retain (e.g. for tax or dispute purposes) are kept for the legally required period.
Audit logs are currently scheduled for purge after one year.
Share links expire no later than 90 days after creation or extension, unless revoked sooner.
Student verification tokens expire after 24 hours.

Account deletion and export

You can export your account data from Clerkfolio. The account export includes database-shaped records and readable JSON, and may include verified evidence files where available. You can also delete your account from the app. Account deletion cancels any active Clerkfolio Stripe subscription where possible, removes stored evidence files, and deletes the Supabase user account. Some information may remain temporarily in backups, payment records, provider logs, or records we must keep for legal, tax, security, or dispute purposes.

Your rights

Under UK GDPR you may have rights to: access your personal data; rectify inaccurate data; erase your data (right to be forgotten); restrict or object to processing; receive a portable copy of your data; and withdraw consent where processing is based on consent. Some rights are not absolute - for example, we may need to keep limited data for legal compliance, security, or dispute handling.

To exercise any right, contact admin@clerkfolio.co.uk. We aim to respond within one month and may ask you to verify your identity before acting. The ICO may also be contacted directly at ico.org.uk/make-a-complaint.

Data processing agreement

Institutional or enterprise customers who require a formal data processing agreement can find our standard terms at clerkfolio.co.uk/dpa. For bilateral signed DPAs, contact admin@clerkfolio.co.uk.

Security

Clerkfolio uses Supabase authentication, row level security, private storage paths, plan-aware upload checks, CSRF origin validation on sensitive routes, server-side file type and format checks, hashed PINs for protected share links, hashed IP addresses for share access records, and rate limiting on selected public endpoints. No online service can guarantee perfect security, so you should use a strong unique password and avoid entering sensitive information that Clerkfolio does not need.

Data is encrypted at rest by Supabase (eu-west-2). See our security policy and security@clerkfolio.co.uk to report vulnerabilities.

Changes to this policy

We may update this policy as Clerkfolio changes or legal requirements develop. Material changes will be reflected by updating the date above and, where appropriate, by giving in-app or email notice.

Date	Changes
26 May 2026	Clarified that evidence upload controls verify permitted file types and formats; Clerkfolio does not currently claim antivirus scanning of uploaded evidence.
15 May 2026	Added Art 9 lawful basis for case diary health data; added ICO registration placeholder; expanded international transfers section to include DPF and IDTA details; added Upstash to processors; added links to Cookie policy and DPA; added changelog.
29 April 2026	Initial published version.