Back to Legal Hub

Privacy Policy

Last updated: 14 January 2026|Version 1.0

This Privacy Policy explains how JG Core Ltd, trading as Revitaco ("we", "us", or "our") collects, uses, and protects personal data when you use our care home management software.

1. Who We Are

JG Core Ltd (trading as Revitaco) is a UK-based company providing cloud-based care management software to residential care homes, nursing homes, and supported living services. We are the data controller for personal data we collect about our customers and website visitors.

Data Controller: JG Core Ltd (trading as Revitaco)
Contact: legal@revitaco.io

2. Personal Data We Collect

2.1 Customer Account Data

When you create an account or subscribe to our services, we collect:

  • Name and job title
  • Email address and phone number
  • Organisation name and address
  • Payment and billing information

2.2 Care Home Data (Processed on Your Behalf)

As a data processor acting on behalf of care home operators, we process personal data about residents, staff, and family members that you enter into the platform. This includes:

  • Resident personal details and health information
  • Care notes, assessments, and medical records
  • Staff information and activity logs
  • Family member contact details and communications

Important: Care home operators remain the data controllers for resident and staff data. We process this data only as instructed and in accordance with our Data Processing Addendum.

2.3 Website Analytics

We collect anonymised usage data including:

  • Pages visited and features used
  • Device type and browser information
  • IP address (anonymised)
  • Referral source

3. Lawful Basis for Processing

We process personal data under the following lawful bases:

  • Contract: To provide our services and manage your subscription
  • Legitimate Interests: To improve our services, prevent fraud, and ensure security
  • Legal Obligation: To comply with applicable laws and regulations
  • Consent: For marketing communications (where applicable)

3.1 Special Category Data (Health Information)

Where we process health data and other special category personal data on behalf of care home operators, this processing is permitted under Article 9(2)(h) UK GDPR: processing necessary for the provision of health or social care, or the management of health or social care systems and services.

Care home operators (as data controllers) are responsible for ensuring they have appropriate lawful bases for collecting and processing resident health data. As their data processor, we process this data strictly in accordance with their documented instructions and our Data Processing Addendum.

4. How We Use Your Data

We use personal data to:

  • Provide, maintain, and improve our care management platform
  • Process payments and manage subscriptions
  • Provide customer support and respond to enquiries
  • Send service updates and important notifications
  • Ensure platform security and prevent abuse
  • Comply with legal and regulatory requirements

5. Who We Share Data With

We may share personal data with:

  • Service Providers: Cloud hosting, payment processing, and email services (see our Sub-Processors list)
  • Professional Advisors: Legal, accounting, and audit services as necessary
  • Regulatory Bodies: When required by law or to protect our rights

We do not sell personal data to third parties.

6. International Data Transfers

Your data is primarily stored and processed in the United Kingdom. Where we use service providers located outside the UK, we ensure appropriate safeguards are in place, such as:

  • UK adequacy decisions
  • Standard Contractual Clauses (SCCs)
  • Provider certifications (e.g., ISO 27001)

7. Data Retention

We retain personal data for as long as necessary to:

  • Provide our services under your subscription
  • Comply with legal obligations (e.g., financial records for 7 years)
  • Resolve disputes and enforce agreements

Care records processed on behalf of care homes are retained according to your instructions and applicable care sector regulations.

8. Your Rights

Under UK GDPR, you have the right to:

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate or incomplete data
  • Erasure: Request deletion of your data (subject to legal requirements)
  • Restriction: Limit how we process your data
  • Portability: Receive your data in a portable format
  • Objection: Object to certain processing activities

To exercise your rights, contact us at legal@revitaco.io. We will respond within 30 days.

9. Data Security

We implement appropriate technical and organisational measures to protect personal data, including:

  • Encryption in transit and at rest using industry-standard methods
  • Access controls and authentication
  • Security assessments and vulnerability scanning
  • Employee training and confidentiality agreements

For more details, see our Trust & Compliance page.

10. Cookies

We use cookies and similar technologies on our website. For details, see our Cookie Policy.

11. Children's Privacy

Our services are designed for care professionals and are not directed at individuals under 18. We do not knowingly collect personal data from children except where required for care provision and with appropriate consent from guardians.

12. Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices or legal requirements. We will notify you of significant changes via email or through our platform.

13. Complaints

If you have concerns about how we handle your data, please contact us first at legal@revitaco.io. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO):

Information Commissioner's Office
Website: ico.org.uk
Phone: 0303 123 1113

14. Contact Us

For questions about this Privacy Policy or our data practices, contact us at:

JG Core Ltd (trading as Revitaco)
Email: legal@revitaco.io

If you have questions about this document, please contact us at legal@revitaco.com