Privacy Policy

How Laminitis Tool handles personal and clinical data under UK GDPR.

VERSION 1 · EFFECTIVE 26 MAY 2026 · GOVERNED BY ENGLAND & WALES

In short. Laminitis Tool is a professional-use clinical tool. Personal data and case data are kept to the minimum needed to deliver the service. Data is stored locally on your device by default and synchronised to UK/EU-region cloud storage only when you sign in. We do not sell data. We do not use analytics or advertising cookies. We do not share clinical data with third parties.

1.Who we are (data controller)

The data controller for personal data processed through Laminitis Tool (the "Service") is:

Controller
Scientific Horseshoeing Limited
Registered office
[REGISTERED COMPANY ADDRESS]
Company number
[COMPANIES HOUSE NUMBER]
Privacy contact
[email protected]
Jurisdiction
England & Wales

We are not required to appoint a statutory Data Protection Officer, but the contact above is our point of contact for all data-protection questions and rights requests.

2.Who this Service is for

Laminitis Tool is intended for use by qualified farriers, veterinary surgeons, and other equine health professionals in the course of their professional work. It is not intended for use by horse owners, members of the public, or anyone under 18.

It is an analytical and decision-support tool, not a medical or veterinary diagnostic device. All clinical input is provided by the user; the Service performs biomechanical analysis on that input and returns farriery prescription recommendations. Diagnosis and clinical responsibility remain with the attending veterinary surgeon.

3.What data we collect, and why

We collect only what we need to operate the Service, and we explain each category here.

3.1 Account data (only if you sign in)

3.2 Device data (used before you sign in, and as a fallback)

3.3 Clinical case data

When you create or save a case, the Service stores the data you enter about that case. This may include:

Owner names and contact details, where you choose to record them, are personal data of your clients. You are responsible for ensuring you have the appropriate basis under UK GDPR to record and store that information through the Service.

3.4 Technical data

4.Lawful bases for processing

We rely on the following UK GDPR Article 6 bases:

Owner data you enter about your clients is processed by us as a data processor on your behalf — you are the controller for that data. See Section 11.

5.Where your data is stored

We use a small, audited set of service providers. Here is a complete list:

Cloudflare D1
Account, practice and case metadata. Hosted in the Western Europe region (Amsterdam, NL).
Cloudflare R2
Radiograph and solar image binaries. Stored in the same Western Europe region.
Cloudflare Pages
The web application itself and its server-side functions. Globally distributed; processed at the edge node nearest you.
Resend
Transactional email delivery (magic sign-in links). Operates from the United States under Standard Contractual Clauses for EU/UK transfers.
Stripe
Payment processing for chargeable events (report generation, patient record saves). Payment card data does not pass through our systems. See Stripe's own privacy policy.
Your device
The Service is offline-capable. The current case, an autosave snapshot (kept up to 7 days), and a cache of your recent cases are stored locally in your browser.

6.How long we keep your data

Account data
Kept until you delete your account, or for 18 months after your last sign-in if the account becomes dormant.
Case data and images
Kept until you delete the case or your account.
Sessions
Maximum 60 days; refreshed each time you visit.
Magic-link tokens
15 minutes. Single-use. Discarded immediately after use.
Local autosave snapshot
7 days, cleared on successful save.
Server logs
Cloudflare's standard retention (typically < 30 days).
Email send records
Resend's standard retention.

You may export or delete your data at any time — see Section 8.

7.What we do and do not do with your data

We do

We do not

8.Your rights

Under UK GDPR and the Data Protection Act 2018, you have the following rights:

To exercise any of these rights, contact us at [email protected]. We will respond within one month, as required by UK GDPR.

9.Cookies and local storage

The Service uses two categories of browser storage. Both are strictly necessary to deliver the Service; no consent banner is required for either.

9.1 Session cookie (strictly necessary)

9.2 Local storage (strictly necessary functional state)

You may clear any of these at any time through your browser. Doing so will sign you out and clear cached case data; cases saved to the cloud will be re-fetched the next time you sign in.

10.International data transfers

Your data is stored in the European Economic Area (the Netherlands, in Cloudflare's WEUR region). One sub-processor, Resend, operates from the United States. Transfers to Resend are governed by Standard Contractual Clauses (SCCs) and the UK International Data Transfer Addendum, as required under UK GDPR Articles 44–49.

11.Data you record about your clients

When you record details about a horse's owner (name, contact details) inside a case, you are processing personal data of your client. In that processing:

If you require a written Data Processing Agreement to support your own UK GDPR compliance position, contact us. {LEGAL REVIEW: confirm whether a standalone DPA is offered, or whether terms here suffice.}

12.Security

We take reasonable and proportionate technical and organisational measures to protect your data, including:

No system is perfectly secure. If you become aware of any vulnerability or suspected breach, please contact us immediately at [email protected].

13.Children

The Service is not intended for use by anyone under 18. We do not knowingly collect data from children. If you believe a child has provided data to the Service, contact us and we will delete it.

14.Changes to this policy

We may update this policy from time to time. Material changes will be notified to signed-in users by email at least 30 days before they take effect. The effective date at the top of this page indicates when this version was published. Prior versions are available on request.

15.Contact

Questions, rights requests, complaints:

If you are not satisfied with our response, you may lodge a complaint with the UK Information Commissioner's Office at ico.org.uk/make-a-complaint.