Privacy Policy

Studio Laurie Ltd · Effective 30 June 2026 · Version 1.0

The short version. Studio Laurie Ltd is a UK software company that builds the Studio Laurie care management platform. This policy explains what personal data we handle, why, and what your rights are. We take privacy seriously because the people whose data flows through our platform — care residents, their families, and care staff — are among the people we most need to protect.

1. Who we are

Studio Laurie Ltd is a private limited company registered in England and Wales.

Studio Laurie Ltd

29 Ashley Lane, Moulton, Northampton, NN3 7TH

Email: dpo@studiolaurie.co.uk

ICO Data Protection Registration: ZC142013

2. What this policy covers

Studio Laurie operates in two distinct roles depending on who you are and how you interact with us. The same policy applies to both, but your data and your rights work slightly differently in each:

If you are a resident of a care provider that uses Studio Laurie, or a member of their family, or one of their staff: your data subject rights are exercised through the care provider, not directly with us. We will help the care provider respond to your requests, but the care provider is your first point of contact.

3. Data we collect

When you visit our website or contact us

When you use the platform as a customer organisation's user

The data held in the platform depends on what your organisation has configured. Typically it includes:

Some of this data is special category data under the UK GDPR (specifically: health, care needs, and similar information). We handle it only on instructions from the customer organisation and only for the purposes set out in the Data Processing Agreement.

4. Why we process it (lawful basis)

For website visitors and direct enquiries

For platform users

Our lawful basis is performance of a contract with the customer organisation (the controller). The controller is responsible for ensuring they have an appropriate lawful basis under UK GDPR Article 6, and where special category data is processed, under Article 9, for the data held in their account.

5. Who we share data with

We use a small number of trusted sub-processors to operate the platform. Each is bound by a written contract requiring them to handle personal data lawfully and only for the purposes we instruct.

We do not sell personal data to anyone. We do not use the data held in customer organisations' accounts to train AI models or for our own commercial purposes. We share data only where required by law (for example, to respond to a lawful order from a regulator or law enforcement agency).

A current list of our sub-processors is maintained and available on request to customer organisations.

6. International transfers

Our core application infrastructure and file storage are hosted in the United Kingdom and the European Economic Area.

Some of our sub-processors may process data in jurisdictions outside the UK / EEA, notably the United States. Where this occurs, we rely on UK GDPR-recognised transfer mechanisms, including the UK International Data Transfer Agreement, the UK Addendum to the EU Standard Contractual Clauses, or adequacy decisions where applicable. In particular:

7. AI and automated processing

Studio Laurie uses AI to assist with specific operational tasks. We are deliberate about where AI is used and where it is not:

AI is used to:

AI is not used to:

Every AI-assisted care note must be reviewed and explicitly confirmed by the staff member before it is saved. The staff member remains the named author and is accountable for the accuracy of the record. A separate internal policy, AI in Care Notes, sets out our governance in more detail and is available to customer organisations on request.

8. How long we keep your data

Website visitor and enquiry data

Held for as long as necessary to respond to your enquiry, and for a reasonable period afterwards for legitimate business records (typically 24 months). Anonymised analytics may be held longer.

Platform data

Held for as long as the customer organisation's contract with us is active, and for a defined period afterwards as specified in our Data Processing Agreement with the customer. Retention periods are set by the customer organisation in line with their own regulatory obligations — for care records in England, this typically means at least 8 years after the last contact with the resident.

Backups

Our backups are kept for up to 30 days. Where you exercise a right to deletion, your data will be removed from live systems immediately but may remain in backups for up to 30 days before being overwritten.

9. Security

We take the security of personal data seriously and have technical and organisational measures in place appropriate to the sensitivity of the data we handle:

Despite these measures, no system is completely secure. We will notify the customer organisation and, where required, the Information Commissioner's Office, of any personal data breach in accordance with our legal obligations.

10. Your rights

Under UK data protection law, you have rights including:

If you are a website visitor or someone we are corresponding with directly, contact us at dpo@studiolaurie.co.uk to exercise any of these rights. We will respond within one month (extendable in complex cases).

If you are a platform user (resident, family member, or staff member of a customer organisation), please contact the customer organisation (your care provider or employer) first — they are the data controller for your data on the platform. We will support them in responding to your request.

11. Cookies

Our website uses a minimal number of cookies, primarily for security and basic site functionality (so-called "strictly necessary" cookies, which do not require consent). We do not use cookies for advertising or cross-site tracking.

If we add analytics cookies in the future, we will request your consent before setting them and update this policy.

12. Children

Our platform is designed for use by adult care providers and is not intended to collect data directly from children. Where the platform is used to manage care for residents who include children (for example, in a children's service), the customer organisation is responsible for ensuring appropriate parental consent and safeguarding arrangements are in place.

13. Changes to this policy

We review this policy regularly and update it when our practices change or when the law requires. The "Effective" date at the top of this page shows when the current version was published. We will notify customer organisations of material changes through the platform or by email.

14. How to contact us — and how to complain

Privacy contact

Email: dpo@studiolaurie.co.uk

Post: Privacy Contact, Studio Laurie Ltd, 29 Ashley Lane, Moulton, Northampton, NN3 7TH

If you are not satisfied with how we have handled your data or your request, you have the right to complain to the Information Commissioner's Office:

Information Commissioner's Office (ICO)

Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

Telephone: 0303 123 1113

Website: ico.org.uk

We would, however, appreciate the opportunity to address your concerns directly before you approach the ICO, so please contact us first if possible.