Privacy policy
Last updated 4 May 2026. Draft for review by counsel before public launch.
1. Who we are
Reflectory is a UK SaaS tool that conducts structured AI-led interviews and produces reflective accounts for clinician CPD audit. It is operated by Adrian Swales as a UK sole trader. Our postal address and ICO registration number will be added to this page once registration is confirmed. Until then, contact hello@reflectory.co.uk for any data-protection enquiry.
2. What data we collect
- Account data: your email address (used as your login identifier and for delivering finalised reflections), your Stripe customer ID, your subscription status, your credit balance, and timestamps.
- Reflection content: the answers you give during interviews and the markdown body of finalised reflections. Stored in our managed Postgres database (Supabase, EU region).
- Word documents: the .docx outputs we produce from your reflections. Stored in a private object bucket accessed via short-lived signed URLs.
- PII detection events: when our pre-screener blocks an attempted upload, we log a row with your user ID and reflection ID. We do not store the content of the blocked message.
- Billing data: handled by Stripe. We never see your card details. We see the Stripe customer ID, charge status, subscription status, and webhook event payloads.
3. What we never collect
- Patient-identifiable information. Our pre-screener (a Claude Haiku 4.5 model) checks every interview turn before it reaches the interviewer or storage and blocks concrete patient identifiers such as names, NHS numbers, dates specific enough to pinpoint an event, and named locations. It is designed to let anonymised clinical narrative through, and it is a safety net rather than a guarantee.
- Patient names, NHS numbers, dates of birth, ward names.
- Locations specific enough to identify a patient.
- Full names of identifiable colleagues.
You are responsible for not deliberately submitting patient identifiers. Our screening is a safety net, not a licence.
4. Lawful basis (UK GDPR)
- Contract for processing your reflections, billing, and account administration.
- Legitimate interest for security, fraud prevention, service improvement, and aggregate usage analytics. We document this assessment internally and will share it on request.
- Consent for any optional analytics, future marketing emails, or newsletter signups. We will never pre-tick consent boxes.
5. AI processing
Your interview answers are sent to Anthropic (Claude Sonnet 4.6 and Haiku 4.5 by default) for the sole purpose of conducting the interview, screening for identifiers, and structuring your reflective account. We have a Data Processing Agreement with Anthropic. Anthropic does not train its models on prompts or completions submitted via the Claude API.
The mandatory AI-assistance disclosure footer in every .docx names the framework, the model, and confirms that no patient-identifiable information was processed.
6. Sub-processors
- Anthropic (US, with EU data residency available) — interview, finaliser, PII screener calls.
- Supabase (EU-West-1, Ireland) — Postgres database and object storage.
- Resend (US/EU) — transactional email delivery.
- Stripe (UK + Ireland) — payment processing.
- Vercel (Global) — application hosting and edge.
7. Data retention
- Reflections, transcripts, and Word documents are kept for as long as your account is active. After cancellation, you retain read-only access for 12 months. After that, we delete on a rolling 90-day schedule unless you ask us to delete sooner.
- PII detection events are kept for 24 months for audit.
- Stripe webhook events are kept for 24 months.
8. Your rights
You have the right to access, rectify, erase, restrict, port, or object to processing of your personal data. Email hello@reflectory.co.uk with the words "data subject request" in the subject and we will respond within 30 days. You can also export your reflections as a ZIP at any time from the portfolio.
If you are not satisfied with our response, you have the right to complain to the Information Commissioner's Office at ico.org.uk.
9. Cookies
We use a strictly necessary session cookie (reflectory_session, HttpOnly, SameSite=Lax, 7-day expiry) to keep you signed in. We do not use third-party analytics or marketing cookies at this time.
10. Changes to this policy
Material changes will be announced by email to all subscribers and on this page. The "last updated" date at the top is the authoritative version marker.