NUROVO
Get started

Legal

Privacy policy

Last updated: 22 May 2026

Nurovo Ltd ("Nurovo", "we", "us", "our") is the controller of personal data processed through nurovo.co.uk. This policy explains how we collect, use and protect your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Data we collect

  • Account data: name, email address, password (hashed), account type (care worker or provider).
  • Profile data: location, specialisms, availability, work history, profile photos and organisation details.
  • Verification documents: Enhanced DBS certificates, right to work documents and training certificates.
  • Provider–carer interactions: expressions of interest, messages and contact requests.
  • Payment data: subscription status, billing details and transaction records. Card details are collected and processed directly by Stripe; we never see or store full card numbers.
  • Technical data: IP address, browser type, device information and usage logs.

2. How we use your data

  • To create and manage your Nurovo account.
  • To enable providers to search verified care workers, and to enable care workers to be discovered.
  • To verify uploaded documents and display verification status.
  • To send service emails (account, security, expressions of interest) and, with consent, marketing emails.
  • To process subscription payments through Stripe.
  • To detect fraud, abuse and comply with legal obligations.

3. Lawful bases

We rely on (a) contract to deliver the Nurovo platform; (b) legitimate interests to operate, secure and improve the service; (c) consent for marketing communications and non-essential cookies; and (d) legal obligation where applicable.

4. Sharing your data

We share data with:

  • Supabase — our database, authentication and file storage provider, used to host your profile, account and uploaded documents.
  • Stripe — our payment processor for subscriptions and billing.
  • Verified providers — care worker profiles and verified document statuses are visible to logged-in providers with an active subscription.
  • Authorities — where required by law, regulator request or to protect users.

5. International transfers

Where our processors transfer data outside the UK, transfers are protected by UK-approved safeguards including the UK International Data Transfer Agreement or Addendum to the EU Standard Contractual Clauses.

6. Data retention

  • Account and profile data: retained while your account is active and for up to 12 months after closure.
  • Verification documents (DBS, right to work, training): retained while your account is active; deleted within 30 days of account closure unless required for legal compliance.
  • Payment and billing records: retained for 7 years to comply with UK tax law.
  • Support and contact messages: retained for up to 24 months.

7. Your rights under UK GDPR

You have the right to:

  • Access your personal data.
  • Request correction of inaccurate data.
  • Request erasure ("right to be forgotten").
  • Restrict or object to processing.
  • Request portability of data you provided to us.
  • Withdraw consent at any time where processing is based on consent.
  • Lodge a complaint with the Information Commissioner's Office (ico.org.uk).

8. Security

We use encryption in transit and at rest, role-based access controls and row-level security on our database. Uploaded documents are stored in access-restricted storage buckets.

9. Cookies

See our Cookie Policy for details.

10. Contact us

To exercise your rights or ask data protection questions, contact us at privacy@nurovo.co.uk or via the contact page. Nurovo Ltd, United Kingdom.