GDPR & Data Protection

Overview

ReporaPro is designed to operate in full alignment with UK GDPR, the Data Protection Act 2018, and applicable data protection legislation. We take a privacy-first approach to all clinical and platform data.

Roles and Responsibilities

ReporaPro acts as:

• Data Controller for clinician account data and support communications
• Data Processor for all patient or clinical data entered into the reporting tools

Healthcare professionals using ReporaPro remain the data controller for any patient information they submit and are responsible for ensuring a lawful basis for processing.

How We Protect Data

• Encryption in transit for all data transfers
• Strict access controls and least-privilege administration
• Pseudonymisation of identifiers before any AI processing
• No retention of patient data on ReporaPro servers
• Secure infrastructure and audited operational logging

Patient data is processed only to perform the task requested by the healthcare professional and is deleted immediately after processing.

International Data Transfers

Where limited pseudonymised data is processed outside the UK, transfers are protected using recognised safeguards including the UK International Data Transfer Agreement and Standard Contractual Clauses.

Privacy Policy

Your Rights

You may request access, rectification, erasure, restriction, objection, or data portability in relation to your platform user data. Requests relating to patient data must be handled by the healthcare professional acting as controller.

Privacy Policy

Contact

For any data protection or GDPR enquiries:

contact@reporapro.com