Legal FAQs - Revitaco

Answers to common questions about data protection, security, compliance, and contractual matters at Revitaco.

Data Protection

Who is responsible for resident data in the Revitaco platform?: Your care home remains the data controller for resident data. Revitaco acts as a data processor, processing data only on your instructions and in accordance with our Data Processing Addendum.
How long do you retain our data?: We retain your data for as long as your subscription is active. After termination, you have 30 days to export data, after which it is deleted within 90 days. Care records should be retained according to NHS guidelines (typically 8 years after last treatment for adults).
Can we get a copy of all our data?: Yes. You can export your data at any time using the built-in export features, which provide data in standard formats (CSV, PDF). For complete data exports, contact our support team.
What happens to our data if Revitaco ceases trading?: In the unlikely event of business closure, we would provide at least 90 days notice and full data export capabilities. Your data would never be sold to third parties.
Is Revitaco registered with the ICO?: JG Core Ltd (trading as Revitaco) is in the process of registering with the Information Commissioner's Office. Registration details will be published in our Privacy Policy once complete.

Where is our data stored?: All care and resident data is stored in UK-based data centres. Some supporting services (authentication, email) use GDPR-compliant providers that may process limited data outside the UK with appropriate safeguards in place.
Is our data encrypted?: Yes. All data is encrypted in transit and at rest using industry-standard encryption methods.
Do you perform security testing?: We implement continuous vulnerability scanning and secure coding practices. We plan to conduct regular penetration testing by independent security firms as we scale.
What happens if there's a data breach?: We have comprehensive incident response procedures. You would be notified within 72 hours of any breach affecting your data, with details of the breach and remediation steps.
Can staff see data from other care homes?: No. Strict data segregation ensures users can only access data from their own organisation. Our access controls prevent cross-organisation data access.

Does Revitaco help with CQC compliance?: Yes. Revitaco is designed to support CQC compliance through structured documentation, audit trails, and reporting. However, compliance remains your responsibility as a registered provider.
Can we use Revitaco records for CQC inspections?: Yes. All records in Revitaco are designed to be CQC-ready. You can generate reports, export care plans, and demonstrate audit trails during inspections.
Does Revitaco meet NHS Digital standards?: We design our platform to align with NHS Digital's Data Security and Protection Toolkit (DSPT) requirements and plan to pursue formal certification.
What audit trails does Revitaco maintain?: We maintain comprehensive audit logs including: who accessed/modified records, timestamps, previous values, and system events. These are immutable and retained for 7 years.
Is Revitaco GDPR compliant?: Yes. We comply with UK GDPR and the Data Protection Act 2018. This includes appropriate technical measures, data processing agreements, and support for data subject rights.

Do you provide a Data Processing Addendum?: Yes. Our DPA is available at /legal/agreements/dpa and meets GDPR Article 28 requirements. It's automatically included with your subscription.
What is the minimum contract term?: We offer monthly subscriptions with no minimum term. Annual subscriptions provide a discount but commit you for 12 months.
Can we terminate early?: Monthly subscriptions can be cancelled anytime, effective at the next billing date. Annual subscriptions run to term unless there's a material breach.
Who are your sub-processors?: Our sub-processors include Supabase (database), Vercel (hosting), Clerk (authentication), Stripe (payments), Resend (email), Sentry (monitoring), and AWS (file storage). The full list with details is available at /legal/trust#sub-processors.

If your question isn't answered here, please contact our team at legal@revitaco.io or use the in-app support chat.