Privacy Policy

Last updated: March 2026

1. Data Controller

stoaix ("we", "us", "our") is the data controller for personal data processed through the stoaix clinic management platform. We are committed to protecting your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. What Data We Collect

  • Clinic account data: Name, email address, phone number, clinic name and type, address
  • Professional data: Doctor names, credentials, years of experience, areas of expertise
  • Patient interaction data: WhatsApp/SMS conversation logs processed through our AI system (anonymised for analytics)
  • Usage data: Log data, IP addresses, browser type, pages visited
  • Cookie data: Session cookies, preference cookies (see our Cookie Policy)

3. Lawful Basis for Processing

We process your personal data on the following lawful bases:

  • Contract performance: To provide you with the stoaix service
  • Legitimate interests: To improve our platform, prevent fraud, and ensure security
  • Consent: For marketing communications and non-essential cookies
  • Legal obligation: To comply with applicable laws and regulations

4. How We Use Your Data

  • To provide and operate the stoaix platform
  • To train and configure AI assistant responses specific to your clinic
  • To send service notifications and account updates
  • To respond to support requests
  • To improve platform features and performance

5. Data Sharing

We do not sell your personal data. We share data only with trusted service providers necessary to deliver our service:

  • Supabase: Database and authentication hosting
  • Anthropic: AI model processing (Claude API)
  • Vercel: Frontend hosting
  • GoHighLevel: CRM and messaging integration

6. Data Retention

We retain your data for as long as your clinic account is active plus 12 months after account termination, unless a longer retention period is required by law. Conversation logs are retained for 24 months for analytics purposes.

7. Your Rights

Under UK GDPR, you have the right to:

  • Access your personal data
  • Rectify inaccurate data
  • Erase your data ("right to be forgotten")
  • Restrict processing of your data
  • Data portability — receive your data in a machine-readable format
  • Object to processing based on legitimate interests
  • Withdraw consent at any time (where processing is based on consent)

To exercise your rights, contact us at privacy@stoaix.com. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

8. Security

We implement appropriate technical and organisational measures to protect your personal data, including encryption in transit (TLS) and at rest, access controls, and regular security reviews.

9. Contact Us

For privacy-related queries, contact: privacy@stoaix.com

Terms of ServiceCookie Policy← Back to Login