Privacy Policy

Last updated: April 2026

Who we are

NoteItAll is operated by Neulife Therapy Limited, a company registered in England and Wales (company number 15205398) with registered office at 159 Lentons Lane, Aldermans Green, Coventry, CV2 1NZ. Thomas Miller is the appointed data controller.

Registered address:
159 Lentons Lane, Aldermans Green, Coventry, CV2 1NZ

Contact: hello@noteitall.io

What data we collect

We collect and process the following categories of personal data on behalf of the clinics using NoteItAll:

  • Client name and contact details (address, phone number, email address)
  • GP details and referral information
  • Diagnosis and clinical notes (including SOAP notes and treatment records)
  • Appointment history
  • Billing information (invoices and payment records)

We also collect account information for clinicians using the platform, including name, email address, and role within the practice.

Why we collect it

We collect this data to deliver practice management services to UK allied health practices. This includes storing and retrieving clinical records, scheduling appointments, generating invoices, and facilitating communication within the practice.

Legal basis for processing

We process personal data on the following legal bases under UK GDPR:

  • Legitimate interests and contractual necessity — for account management, appointment scheduling, and billing administration.
  • Article 9(2)(h) — healthcare provision — for special category health data (clinical notes, diagnoses, treatment records). This data is processed for the purposes of providing healthcare and managing healthcare services by health professionals.

Who we share data with

We use the following third-party data processors. All are engaged under written data processing agreements and we take reasonable steps to ensure they provide adequate data protection guarantees.

  • Supabase — database hosting and user authentication. Data is hosted in the EU.
  • Stripe — payment processing and subscription billing.
  • Resend — transactional email delivery (e.g. invitations and notifications).

We do not sell personal data and do not share data with third parties for marketing purposes.

How long we keep data

  • Clinical records — retained for 8 years from the date of the last appointment, in line with guidance from the Chartered Society of Physiotherapy (CSP).
  • Billing and financial records — retained for 7 years in line with HMRC requirements.

On account termination, clinics may request a full data export. Following export, data will be deleted within 14 days unless retention is required by law.

Your rights

Under UK GDPR, you have the following rights in relation to your personal data:

  • Right of access — to request a copy of the data we hold about you.
  • Right to rectification — to request correction of inaccurate data.
  • Right to erasure — to request deletion of your data in certain circumstances.
  • Right to restriction — to request that we limit how we use your data.
  • Right to data portability — to receive your data in a structured, machine-readable format.
  • Right to object — to object to processing based on legitimate interests.

To exercise any of these rights, please email hello@noteitall.io. We will respond within one calendar month.

Cookies

NoteItAll uses only strictly necessary cookies required for the service to function. We do not use any tracking, analytics, advertising, or third-party marketing cookies, and no consent banner is required under UK PECR.

The cookies we set are:

  • Authentication cookies (set by Supabase): keep you signed in securely. Session-based, expire on logout or after inactivity.
  • Payment session cookies (set by Stripe during checkout): required to process subscription payments securely. See Stripe's privacy policy for details.
  • Theme preference (stored in your browser's localStorage, not a cookie): remembers your light/dark mode choice. Contains no personal data.

You can clear these at any time through your browser settings, though doing so will sign you out and may affect functionality.

ICO registration

Neulife Therapy Limited is registered with the Information Commissioner's Office (ICO) as a data controller.

Contact and complaints

If you have any questions or concerns about how we handle your data, please contact us at hello@noteitall.io.

If you are not satisfied with our response, you have the right to lodge a complaint with the ICO at ico.org.uk.