Compass AI
Sign inGet help

Privacy Policy

Last reviewed: 2026-05-25

1. What we collect

We collect only the minimum necessary to provide support. This can include your account identifier, display name, sign-in method, age group, address or postcode, consent choices, help conversations, case records, volunteer notes, evidence-pack material, accessibility preferences, and items you choose to save in your Digital Life Map. Voice clips are processed to create text and are not kept as permanent recordings unless a future feature clearly asks for that consent.

2. Why we collect it

We use your data to create and protect your account, triage your request, give practical help, keep your chat history available to you, match you with a volunteer when you ask for or need human support, produce evidence packs, send service emails, and maintain safety, audit, and fraud-prevention records.

3. How it's protected

Data is protected in transit and in storage using modern encryption controls. Session tokens are held in httpOnly cookies rather than browser local storage. Passwords and one-time tokens are stored as hashes. Staff access is role-based, limited to the work they are allowed to do, and audit logged.

4. Who can see your data

You can see your own account and case information. Volunteers, supervisors, managers, or coordinators may see case details only where the system's access rules allow it and where support, safeguarding, case management, or service oversight requires it. We do not sell your personal data.

5. Your rights

  • Access - ask for a copy of data we hold about you.
  • Rectification - ask us to correct inaccurate information.
  • Erasure - ask us to delete data where the law allows deletion.
  • Portability - request a machine-readable export where applicable.
  • Withdraw consent - change consent choices without affecting earlier lawful processing.

6. Logging

We log security and operational events such as sign-ins, session changes, consent changes, case actions, role changes, exports, and incident-bundle verification. Product analytics are kept limited and are used to understand service access, not to profile vulnerable users.

7. Retention

We keep account, case, audit, and notification records only for as long as needed for support, safeguarding, legal, security, and operational review. Development demo data is not production data and should not contain real resident information.

8. Contact

Email our Data Protection Officer at dpo@compass-ai.co.uk.