Your Data & Your Rights

Data protection, privacy rights, and how we use personal information  |  Last updated: 21 June 2026

DementiaCareChoices.com (“DCC”, “we”, “us”, “our”) is committed to protecting your personal data and respecting your rights under the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and where applicable the EU General Data Protection Regulation (EU GDPR).

This page explains what personal data we collect, why we collect it, how we use it, how long we keep it, and what rights you have over it. It covers the DCC website, the DCC app, and Daybook — our Mood & Symptom Tracker.

Please read this page alongside our Privacy Policy at dementiacarechoices.com/legal/privacy/ and our Terms and Conditions at dementiacarechoices.com/legal/terms-conditions/

1. Who We Are

The data controller responsible for your personal data is:


Company Name: Aldwych Factors Limited
Trading As: David White Consulting
Company Number: 08608927
VAT Number: GB177780266
Address: Unit 107, 1 Rocks Lane, London, SW13 0DE, United Kingdom.
Email: [david@weboptimiser.com] (mailto:david@weboptimiser.com)

Trading as: DementiaCareChoices.com

If you have any questions about how we handle your data, or wish to exercise any of your rights, please contact us at the address above.

2. What Personal Data We Collect

2.1 When you create an account

  • Your name and email address
  • A password (stored securely as a hashed value — we never see your password in plain text)
  • The date and time your account was created

2.2 When you use the DCC app

  • Your current care stage (1–6) and when it was set
  • Your checklist progress
  • Robin’s Record diary entries you create
  • Emergency card information you choose to save (for your use only)
  • GP notes and medication records you choose to enter
  • Wellbeing check-in scores
  • Your care home shortlist
  • Forum posts and replies you submit
  • Reviews you write on articles
  • Your referral code and who referred you (if applicable)
  • Activity data: when you last opened the app, how many sessions you have had

2.3 When you use Daybook (Mood & Symptom Tracker)

Daybook is designed with privacy at its core. For anonymous users, all data is stored only on your own device and is never sent to our servers. When you create a free account or a PRO subscription, the following may be stored on our servers:

  • Daily mood, energy, anxiety, sleep, and pain scores (your own wellbeing)
  • Daily scores for the person you are caring for (if you choose to track them)
  • Symptom severity scores for symptoms you have selected
  • Free-text daily notes you choose to enter
  • Exercise type, duration, and step count (PRO users)
  • Medication names, doses, and taken status (PRO users)
  • Configuration settings: which symptoms you track, your parent’s first name (if entered), reminder preferences

Your parent’s first name is optional. You can use any name or nickname — it does not need to be their real name.

2.4 When you use our website

  • Pages you visit and how long you spend on them (via Google Analytics — anonymised)
  • How you arrived at the site (e.g. from a search engine or a link)
  • Your approximate location at country or region level (not precise location)
  • Your device type, browser, and operating system

2.5 What we do NOT collect

  • We do not collect your precise GPS location
  • We do not collect financial or payment card details (Stripe handles all payments — we never see your card number)
  • We do not collect the identity or personal details of the person you are caring for beyond what you voluntarily enter
  • We do not use cookies for advertising or tracking across other websites

3. Why We Collect Your Data — Our Legal Basis

Under UK GDPR, we must have a lawful basis for processing personal data. We rely on the following:

3.1 Contract performance

To provide you with the DCC app and Daybook, fulfil your subscription, and give you access to features you have paid for. Without this data we cannot deliver the service.

3.2 Legitimate interests

To understand how our services are used so we can improve them. To identify and fix technical problems. To prevent misuse of our systems. We have assessed that these interests do not override your rights.

3.3 Consent

For optional communications such as our newsletter or email updates about the app. You can withdraw your consent at any time by clicking Unsubscribe in any email or contacting us directly.

3.4 Legal obligation

We may be required to retain certain data for legal, regulatory, or tax purposes.

3.5 Health data — special category

The mood, symptom, and wellbeing data you enter in Daybook may constitute special category health data under UK GDPR Article 9. We process this data on the basis of your explicit consent, given when you choose to create an account and sync data to our servers. Anonymous Daybook users’ data never leaves their device, so no special category processing occurs on our servers for those users.

4. How We Use Your Data

  • To create and manage your account
  • To provide access to the DCC app and Daybook features
  • To back up your Daybook data to the cloud (signed-in users only)
  • To generate AI analysis of your Daybook data using the Claude API (PRO users — data is passed to Anthropic’s API and not stored by Anthropic beyond the duration of the API call)
  • To send you transactional emails (account confirmation, password reset, subscription receipts)
  • To send you optional communications if you have consented
  • To improve our services using anonymised, aggregated usage data
  • To detect and prevent fraud or misuse
  • To meet our legal obligations

We do not sell your personal data to any third party. We do not use your data for advertising. We do not share your health data with insurance companies, employers, or government bodies unless required by law.

5. Who We Share Your Data With

We share data only where necessary to provide our services:

Stripe

Payment processing. Stripe is PCI-DSS compliant. We receive only a confirmation of payment — your card details are never shared with us. Stripe Privacy Policy: stripe.com/gb/privacy

Anthropic

AI analysis in Daybook (PRO users only). When you request an AI analysis, your anonymised daily log data is sent to Anthropic’s Claude API. Anthropic does not train its models on API inputs and retains data only as required by its data retention policy. Anthropic Privacy Policy: anthropic.com/privacy

Google Analytics

Website analytics. We use Google Analytics with IP anonymisation enabled. Analytics data is aggregated and does not identify you personally. Google Privacy Policy: policies.google.com/privacy

Hetzner Online

Our web hosting provider. Your data is stored on servers in Germany (EU). Hetzner Privacy Policy: hetzner.com/legal/privacy-policy

Cloudflare

Content delivery and DDoS protection. Cloudflare processes request data as a data processor on our behalf. Cloudflare Privacy Policy: cloudflare.com/privacypolicy

All third parties we work with are bound by data processing agreements and are required to handle your data in accordance with UK/EU GDPR.

6. International Data Transfers

Your data is primarily stored on servers in Germany (EU), which has equivalent data protection standards to the UK under the UK’s adequacy decision.

When we use Anthropic’s Claude API for AI analysis, data may be processed in the United States. Anthropic participates in the EU-US Data Privacy Framework and has implemented Standard Contractual Clauses (SCCs) to ensure adequate protection for EU and UK personal data.

Stripe processes payment data in the United States and the EU. Stripe is certified under the EU-US Data Privacy Framework and uses SCCs for UK transfers.

7. How Long We Keep Your Data

  • Account data (name, email): retained for as long as your account is active, plus 12 months after deletion to allow recovery if needed
  • DCC app content (records, checklist, care home shortlist): retained while your account is active
  • Daybook data: retained while your account is active
  • Payment records: 7 years (legal requirement for financial records in the UK)
  • Analytics data: 26 months (Google Analytics default, which we have not extended)
  • AI analysis results: retained in your account until you delete them or close your account

When you delete your account, we delete your personal data within 30 days, except where we are required to retain it by law (e.g. financial records).

8. Cookies

Our website uses the following types of cookies:

Strictly necessary cookies

Required for the website and app to function. These include session cookies for logging in, security tokens (WordPress nonces), and your cookie consent preference. These cannot be disabled.

Analytics cookies (optional)

Google Analytics cookies help us understand how visitors use our site. These are anonymised and aggregated. You can opt out using the cookie consent notice when you first visit, or at any time by adjusting your browser settings.

We do not use advertising cookies, social media tracking cookies, or cross-site tracking of any kind.

9. Your Rights Under UK GDPR

You have the following rights regarding your personal data. To exercise any of them, contact us at privacy@dementiacarechoices.com. We will respond within one calendar month.

Right of access

You can request a copy of all personal data we hold about you. We will provide this in a commonly used electronic format.

Right to rectification

You can ask us to correct any inaccurate data or complete any incomplete data we hold about you.

Right to erasure (“right to be forgotten”)

You can ask us to delete your personal data. We will do so unless we are required to retain it by law. You can also delete your account directly from the Account screen in the app.

Right to restrict processing

You can ask us to stop using your data while you contest its accuracy or object to our use of it.

Right to data portability

You can request your data in a structured, machine-readable format (JSON or CSV). Use the Export feature in the app, or contact us to request a full export.

Right to object

You can object to processing based on legitimate interests, including any profiling. We will stop unless we have compelling legitimate grounds to continue.

Rights related to automated decision-making

We do not make automated decisions that have legal or similarly significant effects on you. Our AI analysis (Daybook PRO) is a personal tool to help you understand your own data — it does not make decisions about you or affect your rights.

Right to withdraw consent

Where processing is based on consent (e.g. newsletter, Daybook cloud sync), you can withdraw your consent at any time. Withdrawal does not affect the lawfulness of processing before withdrawal.

Right to lodge a complaint

If you are unhappy with how we handle your data, you have the right to complain to the UK’s supervisory authority:

Information Commissioner’s Office (ICO)

Website: ico.org.uk

Helpline: 0303 123 1113

Address: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

We would always appreciate the opportunity to address your concerns directly before you contact the ICO, so please reach out to us first.

10. Children’s Data

Our services are intended for adults aged 18 and over. We do not knowingly collect personal data from children under 18. If you believe we have inadvertently collected data from a child, please contact us immediately and we will delete it.

11. Security

We take reasonable technical and organisational measures to protect your personal data, including:

  • HTTPS encryption for all data in transit
  • Encrypted passwords (bcrypt hashing — we cannot read your password)
  • Server-side access controls and firewalls
  • Regular security updates to our software stack
  • Limiting access to personal data to those who need it to provide the service

No system is completely secure. If you believe your account has been compromised, please contact us immediately at privacy@dementiacarechoices.com and change your password.

12. Daybook — Privacy by Design

Daybook was built with privacy as a core principle, not an afterthought:

  • Anonymous users: all data is stored exclusively on your device. No data is ever sent to our servers. No account is required. We have no visibility into what you log.
  • Free account users: data is synced to our servers as a backup and to enable multi-device access. You control this — you can export and delete your data at any time from within the app.
  • PRO users: the same as free, plus optional AI analysis. When AI analysis is requested, your log data is sent to Anthropic’s API. Anthropic processes this as a data processor on our behalf and does not train on API data.
  • Shared reports: when you generate a share link, a read-only snapshot of your selected data is stored temporarily (7 days) and then automatically deleted.

The person you are caring for is identified only by the first name you choose to enter — which can be a nickname, a pet name, or left blank. We never ask for their full name, date of birth, NHS number, or any other identifying information.

13. Changes to This Page

We may update this page from time to time to reflect changes in the law, our services, or our practices. When we make significant changes, we will notify signed-in users by email and display a notice in the app.

The date at the top of this page shows when it was last updated. We recommend reviewing it periodically.

14. Contact Us

For any questions about your data or to exercise your rights:

Email: david@weboptimiser.com

We aim to respond within 5 working days and will always reply within the statutory 30-day limit.

We use cookies in order to give you the best possible experience on our website. By continuing to use this site, you agree to our use of cookies.
Accept