How Laminitis Tool handles personal and clinical data under UK GDPR.
VERSION 1 · EFFECTIVE 26 MAY 2026 · GOVERNED BY ENGLAND & WALES
In short. Laminitis Tool is a professional-use clinical tool. Personal data and case data are kept to the minimum needed to deliver the service. Data is stored locally on your device by default and synchronised to UK/EU-region cloud storage only when you sign in. We do not sell data. We do not use analytics or advertising cookies. We do not share clinical data with third parties.
1.Who we are (data controller)
The data controller for personal data processed through Laminitis Tool (the "Service") is:
We are not required to appoint a statutory Data Protection Officer, but the contact above is our point of contact for all data-protection questions and rights requests.
2.Who this Service is for
Laminitis Tool is intended for use by qualified farriers, veterinary surgeons, and other equine health professionals in the course of their professional work. It is not intended for use by horse owners, members of the public, or anyone under 18.
It is an analytical and decision-support tool, not a medical or veterinary diagnostic device. All clinical input is provided by the user; the Service performs biomechanical analysis on that input and returns farriery prescription recommendations. Diagnosis and clinical responsibility remain with the attending veterinary surgeon.
3.What data we collect, and why
We collect only what we need to operate the Service, and we explain each category here.
3.1 Account data (only if you sign in)
Email address — used to send you a magic sign-in link. Stored in our user database.
Practice name and role — your professional context. You set this when you create or join a practice.
Session cookie — an HttpOnlySecure cookie containing a random session token, valid for up to 60 days. Used to keep you signed in between visits.
3.2 Device data (used before you sign in, and as a fallback)
Device identifier — a random ID generated by your browser the first time you use the Service. Lets us associate cases you create before signing in with your account when you do.
3.3 Clinical case data
When you create or save a case, the Service stores the data you enter about that case. This may include:
Horse identity — name, breed, age, weight, owner details if you enter them
Radiograph and solar images — only if you upload them. Stored as binary blobs.
Free-text notes you write in the case
Created / modified timestamps
Owner names and contact details, where you choose to record them, are personal data of your clients. You are responsible for ensuring you have the appropriate basis under UK GDPR to record and store that information through the Service.
3.4 Technical data
Server logs — our infrastructure provider (Cloudflare) records standard request metadata (IP address, timestamp, URL, response status) for short-term operational and security purposes. We do not run analytics on these logs.
Email metadata — when we send you a magic sign-in link, our email provider (Resend) records the recipient address, send time, and delivery status.
4.Lawful bases for processing
We rely on the following UK GDPR Article 6 bases:
Contract (Art. 6(1)(b)) — processing necessary to deliver the Service you have signed up for: authentication, case storage, prescription generation.
Legitimate interests (Art. 6(1)(f)) — operating, securing and improving the Service. We have weighed your interests against ours and consider this proportionate; you may object at any time (see Section 8).
Consent (Art. 6(1)(a)) — for the optional anonymised-measurement opt-in described in Section 7. You may withdraw this consent at any time.
Owner data you enter about your clients is processed by us as a data processor on your behalf — you are the controller for that data. See Section 11.
5.Where your data is stored
We use a small, audited set of service providers. Here is a complete list:
Cloudflare D1
Account, practice and case metadata. Hosted in the Western Europe region (Amsterdam, NL).
Cloudflare R2
Radiograph and solar image binaries. Stored in the same Western Europe region.
Cloudflare Pages
The web application itself and its server-side functions. Globally distributed; processed at the edge node nearest you.
Resend
Transactional email delivery (magic sign-in links). Operates from the United States under Standard Contractual Clauses for EU/UK transfers.
Stripe
Payment processing for chargeable events (report generation, patient record saves). Payment card data does not pass through our systems. See Stripe's own privacy policy.
Your device
The Service is offline-capable. The current case, an autosave snapshot (kept up to 7 days), and a cache of your recent cases are stored locally in your browser.
6.How long we keep your data
Account data
Kept until you delete your account, or for 18 months after your last sign-in if the account becomes dormant.
Case data and images
Kept until you delete the case or your account.
Sessions
Maximum 60 days; refreshed each time you visit.
Magic-link tokens
15 minutes. Single-use. Discarded immediately after use.
Local autosave snapshot
7 days, cleared on successful save.
Server logs
Cloudflare's standard retention (typically < 30 days).
Email send records
Resend's standard retention.
You may export or delete your data at any time — see Section 8.
7.What we do and do not do with your data
We do
Use your data to operate the Service: authenticate you, save and retrieve your cases, generate prescriptions and reports
Use aggregated, non-identifying technical data to debug and improve the Service
Encrypt data in transit (TLS 1.2+) and at rest
Restrict internal access to data on a need-to-know basis
We do not
Sell your data. Ever. To anyone.
Use advertising or marketing cookies. The Service uses only the strictly-necessary session cookie and locally-stored functional state. No ad-tech runs in the Service.
Run third-party analytics. No Google Analytics, no Mixpanel, no Segment, no Hotjar, no Facebook pixel.
Share clinical data with third parties. Cases, images and prescriptions are visible only to you and to members of your practice you have invited.
Train AI models on your data by default. The Service has two opt-in settings, both off by default:
Anonymised measurements. Landmark coordinates and computed clinical values from a case, stripped of all personal data (horse, owner, practice), pseudonymised, may be used to improve the Service's automatic landmark-detection capability.
Anonymised radiograph image (separate consent). Only if the first setting is enabled, you may additionally consent — per case — to share the radiograph image itself. The image is re-encoded as WebP on your device before transmission, which strips all metadata (EXIF, DICOM tags) and original filename.
Both consents are independent and per-case. You may toggle either at any time on the Patient screen of any case. You may withdraw both retrospectively (and request deletion of past contributions) from Settings → "Auto-markup training contributions". See docs/AI_TRAINING.md for the full pipeline specification, including the pseudonymisation procedure, retention policy (30-day soft-delete window before hard-delete), and the limitation that models already trained on contributed data cannot be untrained.
8.Your rights
Under UK GDPR and the Data Protection Act 2018, you have the following rights:
Right of access — request a copy of the personal data we hold about you
Right to rectification — ask us to correct inaccurate or incomplete data
Right to erasure — ask us to delete your account and all associated personal data
Right to restriction — ask us to pause processing while a query is resolved
Right to portability — receive your data in a structured, machine-readable format (we provide JSON case exports)
Right to object — object to processing based on legitimate interests
Right to withdraw consent — where we rely on consent, you may withdraw it at any time without affecting prior processing
Right to lodge a complaint — with the UK Information Commissioner's Office (ico.org.uk)
To exercise any of these rights, contact us at [email protected]. We will respond within one month, as required by UK GDPR.
9.Cookies and local storage
The Service uses two categories of browser storage. Both are strictly necessary to deliver the Service; no consent banner is required for either.
9.1 Session cookie (strictly necessary)
shc_session — HttpOnly, Secure, SameSite=Lax. Contains a random session token. Issued when you sign in. Used to keep you signed in. Maximum lifetime 60 days. Set on the same domain as the Service.
9.2 Local storage (strictly necessary functional state)
shc_device_id — a random device identifier, see Section 3.2
shc_autosave — your current in-progress case, refreshed every 30 seconds, kept up to 7 days
shc_cases_cache — a recent copy of your case list, for offline use
shc_case_* — recently-viewed individual cases, for offline use
shc_last_email — your most recent sign-in email, pre-filled for convenience
shc_theme — your chosen light/dark theme
shc_offline_queue — pending save operations queued while offline
shc_consent — record of your acceptance of the consent gate shown on first run
You may clear any of these at any time through your browser. Doing so will sign you out and clear cached case data; cases saved to the cloud will be re-fetched the next time you sign in.
10.International data transfers
Your data is stored in the European Economic Area (the Netherlands, in Cloudflare's WEUR region). One sub-processor, Resend, operates from the United States. Transfers to Resend are governed by Standard Contractual Clauses (SCCs) and the UK International Data Transfer Addendum, as required under UK GDPR Articles 44–49.
11.Data you record about your clients
When you record details about a horse's owner (name, contact details) inside a case, you are processing personal data of your client. In that processing:
You are the data controller
We are a data processor acting on your instructions, limited to providing the storage and analysis service
You must have your own lawful basis for processing your client's data (typically contract or legitimate interest)
You must provide your client with the information UK GDPR Articles 13–14 require, including who you share their data with (us, in this case)
If you require a written Data Processing Agreement to support your own UK GDPR compliance position, contact us. {LEGAL REVIEW: confirm whether a standalone DPA is offered, or whether terms here suffice.}
12.Security
We take reasonable and proportionate technical and organisational measures to protect your data, including:
TLS 1.2+ encryption for all data in transit
Encryption at rest for database and object storage
HttpOnly, Secure, SameSite cookies for session management
Magic-link authentication (no passwords to be stolen)
No system is perfectly secure. If you become aware of any vulnerability or suspected breach, please contact us immediately at [email protected].
13.Children
The Service is not intended for use by anyone under 18. We do not knowingly collect data from children. If you believe a child has provided data to the Service, contact us and we will delete it.
14.Changes to this policy
We may update this policy from time to time. Material changes will be notified to signed-in users by email at least 30 days before they take effect. The effective date at the top of this page indicates when this version was published. Prior versions are available on request.