Last updated: 3 May 2026
Privacy Policy
Working draft. This document is the launch baseline for SpecialCarer (operated by All Care 4 U Group Limited, company number 09428739). It is offered in good faith and follows current UK GDPR / Data Protection Act 2018 / California Consumer Privacy Act guidance, but it has not yet been reviewed by qualified legal counsel. We will publish a counsel-reviewed version before launch promotion. If you spot anything inaccurate, please email legal@allcare4u.co.uk.
This policy applies to users of SpecialCarer in the United Kingdom, the European Economic Area, and the United States. California residents should also read the dedicated CCPA/CPRA section below.
At a glance
SpecialCarer is a marketplace that connects families with vetted caregivers. To make that work safely we have to collect and process personal data. The short version:
- You give us your name, contact details, payment information, and (for caregivers) the documents needed for background checks.
- We collect automatically log data, device information, and—only during a confirmed shift—your live location if you are the caregiver.
- We share the minimum needed with the people you are matched with, our payment processor (Stripe), our background-check providers, and the cloud platforms that host the service.
- You can access, export, correct, or delete your data at any time at specialcarer.com/account/delete or by emailing privacy@allcare4u.co.uk.
- We never sell your personal information.
Who we are
SpecialCarer is operated by All Care 4 U Group Limited, a company registered in England and Wales (company number 09428739) with its registered office at 85 Great Portland Street, London, England, W1W 7LT. We are the data controller for the personal data described in this policy.
Our Data Protection contact is privacy@allcare4u.co.uk.
Data we collect
Account and profile
- Name, email address, mobile phone number, postal address.
- Date of birth (caregivers only — required for background checks).
- Profile photo, biography, languages, services offered (caregivers).
- Care needs, preferences, household details (families).
Verification and background-check data (caregivers only)
- UK: identity documents and the inputs needed for an Enhanced DBS + Barred Lists check, Right to Work confirmation, and a digital identity verification (IDVT) process delivered by our supplier uCheck (uCheck Holdings Ltd).
- US: name, date of birth, last four digits of SSN, and addresses submitted to Checkr, Inc. for criminal-history and healthcare-sanctions screening (and an optional motor-vehicle report where applicable).
- Right-to-work status, DBS certificate number, OFAC/sanctions hit summary returned by the vendor. We store the result, not the raw underlying source documents.
Bookings and payments
- Booking schedule, location, hourly rate, total, currency, messages exchanged in-app.
- Payment-method tokens (we never store your full card number — the card is held by Stripe, our PCI-DSS compliant payment processor; we keep only the last four digits and expiry for receipts).
- For caregivers receiving payouts: Stripe Connect account ID, payout history, fee breakdowns.
Location data (caregivers only, during active shifts)
- Latitude/longitude pings collected at most every 15 seconds while a confirmed booking is in its scheduled window (from 15 minutes before start to 15 minutes after the scheduled end).
- Outside that window we do not collect location data, even with the app open. Location sharing can be stopped at any time.
- Pings are only visible to you (the caregiver) and the booking family, never to the public, never to other caregivers.
Device and log data
- IP address, device model, OS version, app version, time zone.
- Timestamps of logins, error reports, and security events.
- Mobile push notification tokens (if you enable notifications on the iOS / Android app).
How and why we use your data
- Run the service. Create and authenticate your account, match families with caregivers, schedule and process bookings, take payments and pay caregivers, deliver in-app messaging.
- Verify caregivers. Run statutory background checks (UK Enhanced DBS + Right to Work, US criminal + healthcare sanctions) and surface a clear "cleared / not cleared" status to families.
- Safety during shifts. Show families the live location of the assigned caregiver while a shift is active.
- Trust & fraud prevention. Detect duplicate accounts, payment fraud, abusive behaviour. We may consult sanctions and politically-exposed-persons lists for compliance.
- Customer support. Answer your questions and resolve incidents.
- Legal obligations. UK tax (HMRC), US tax (IRS 1099-NEC for US caregivers earning over $600/year), accounting, court orders, and regulator requests.
- Service improvement. Aggregated, de-identified analytics about feature usage. We do not profile you for advertising.
Lawful bases (UK/EU)
Under the UK GDPR and EU GDPR we rely on the following lawful bases:
- Contract (Article 6(1)(b)) — to perform the contract you enter into with us when you book a shift or list as a caregiver.
- Legal obligation (Article 6(1)(c)) — for tax records, anti-money-laundering checks, and statutory caregiver screening.
- Legitimate interests (Article 6(1)(f)) — for fraud prevention, network security, and basic product analytics. You can object at any time.
- Consent (Article 6(1)(a)) — for non-essential cookies, marketing email, and push notifications. You can withdraw consent at any time.
Background-check inputs (date of birth, identity documents) are special-category and criminal-offence data. We process them only with your consent and in reliance on Schedule 1, Part 2, paragraph 6 of the UK Data Protection Act 2018 (statutory and government purposes — DBS).
Who we share your data with
We share the minimum personal data necessary with the following categories of recipients, all under written data-processing agreements:
| Recipient | Why | Where |
|---|---|---|
| Stripe Payments Europe / Stripe, Inc. | Card processing, payouts to caregivers | Ireland, USA |
| uCheck Holdings Ltd | UK Enhanced DBS, Right to Work, Digital ID | UK |
| Checkr, Inc. | US criminal & healthcare-sanctions checks | USA |
| Supabase, Inc. | Database, authentication, file storage | USA / EU |
| Vercel, Inc. | Web hosting, edge network | USA |
| Mapbox, Inc. | Map rendering during live tracking | USA |
| IONOS SE | Email infrastructure for office@ accounts | Germany |
| Apple Inc. / Google LLC | App distribution, push notifications | USA |
| Other counterparties to your booking | The matched family or caregiver receives the booking-relevant subset of your profile | UK / USA |
We will also disclose data where required by law (court order, regulator), in connection with a corporate sale or restructure, or to protect the safety of users.
We do not sell or rent your personal information.
International transfers
Some of our processors (notably Stripe, Checkr, Mapbox, Supabase, Vercel) are located in the United States. Where personal data is transferred outside the UK or EEA we rely on the UK International Data Transfer Addendum and the European Commission's Standard Contractual Clauses, supplemented with technical safeguards (encryption in transit and at rest).
How long we keep your data
- Account profile: while your account is active. On account deletion, profile rows are removed within 7 days.
- Booking and payment records: 7 years from the end of the relevant tax year, to satisfy UK/US tax and audit requirements. Personal identifiers are redacted on account deletion; the financial records remain in pseudonymised form.
- Background-check status: retained for the life of the caregiver account; redacted on deletion. Underlying source documents are held by the vendor (uCheck or Checkr) under their own retention rules.
- Location pings: 90 days, then automatically deleted. Deleted immediately on account deletion.
- Support & security logs: 12 months.
Your rights
Under UK and EU data protection law you can:
- Access the personal data we hold about you.
- Correct inaccurate or incomplete data.
- Erase your data (subject to the retention rules above for tax/audit data).
- Restrict or object to processing.
- Receive a copy of your data in a portable format.
- Withdraw consent for any consent-based processing.
- Lodge a complaint with the UK Information Commissioner's Office at ico.org.uk/make-a-complaint.
Self-serve account deletion is available at /account/delete. For other rights, email privacy@allcare4u.co.uk and we will respond within one calendar month.
California (CCPA / CPRA) rights
If you are a California resident, you have the right to:
- Know what personal information we collect, use, disclose, and retain about you.
- Delete personal information.
- Correct inaccurate personal information.
- Opt out of the "sale" or "sharing" of personal information for cross-context behavioural advertising. We do not sell or share for that purpose, and we do not knowingly collect personal information from anyone under 16.
- Limit the use of sensitive personal information.
- Be free from discrimination for exercising these rights.
To exercise CCPA rights email privacy@allcare4u.co.uk with the subject "CCPA request". We will verify your identity by matching the email address on your SpecialCarer account and respond within 45 days.
Security
- All traffic to specialcarer.com is encrypted with TLS 1.2+.
- Passwords are hashed with bcrypt by Supabase Auth; we never see them.
- Card data is held by Stripe under PCI-DSS Level 1 controls. We only see the last four digits.
- Database access is restricted by row-level security. Internal access is audited.
- We will notify affected users and the ICO within 72 hours of becoming aware of a personal data breach that creates a risk to your rights.
Children
SpecialCarer is for adults aged 18 and over. We do not knowingly collect personal information from anyone under 18. Care recipients in a household may be minors, but the booking is always made by an adult account-holder. If we discover an account has been created by someone under 18 we will delete it.
Background checks
Caregivers must clear a country-specific bundle before they can accept paid bookings:
- UK: Enhanced DBS + Children & Adults Barred Lists, Right to Work confirmation (IDVT), and Digital Identity verification — all delivered via uCheck.
- US: County & federal criminal history, OIG/SAM healthcare-sanctions screening, and (where applicable) a Motor Vehicle Report — delivered via Checkr.
SpecialCarer pays the vendor fee directly. Caregivers consent to the check before submission. Vendors retain the underlying certificate copies under their own data policies; we receive only the result code, certificate number, and a clearance status.
Location data — important detail
Live caregiver location is one of the most sensitive things we process. Our rules:
- We collect it only while a paid booking is in its scheduled window. Server-side checks reject any ping outside that window.
- The caregiver explicitly taps "Start sharing my location" on the booking screen. They can stop at any time.
- On Android the foreground notification stays visible while tracking is on — you always know it's running.
- Location data is visible only to the caregiver and the booking family. It is never shown to the public or used for marketing.
- Pings are deleted after 90 days, or immediately on account deletion.
Cookies & tracking
We use a small number of strictly-necessary cookies for sign-in sessions, security, and load-balancing. Non-essential cookies (for anonymous analytics) are only set with your consent — see our cookie notice for the full list and controls.
Changes to this policy
We will post any material changes here and bump the "last updated" date. For changes that affect your rights, we will notify account holders by email at least 14 days before the change takes effect.
Contact us
Privacy queries: privacy@allcare4u.co.uk
General office: office@allcare4u.co.uk
Post: All Care 4 U Group Limited, 85 Great Portland Street, London, England, W1W 7LT