Log in Start trial
Privacy

Privacy notice

TheOldBear Platform processes information so care providers can run safer, better-documented services. This notice explains what we collect in the product, why we use it, and how long we keep it in typical deployments.

Who we are

TheOldBear Platform is operated by TheOldBear (the data controller for the platform). Your organisation remains the controller for the personal data of the people you support; the platform is a processor under your instructions except where we process limited account and security data as controller for service delivery.

What we process

  • Account and access data: names, work emails, roles, authentication events and security logs needed to operate sign-in and RBAC.
  • Operational care data you enter: records your authorised users create in the workspace (for example profiles, notes, incidents, rotas, documents metadata) as configured for your subscription.
  • Support and commercial data: messages you send via contact forms, billing identifiers where you use invoicing or payment integrations, and audit trails required for regulated environments.

Lawful bases

Depending on the processing activity, we rely on contract performance (delivering the service you subscribe to), legitimate interests (security, product improvement, and fraud prevention), legal obligation where applicable, and consent where we ask for it explicitly (for example marketing cookies).

Retention

Retention follows your organisation’s policies where the platform allows configuration, and otherwise defaults required for audit, billing, and dispute resolution. Your administrator can export or request deletion paths subject to legal holds.

International transfers

Primary hosting is intended within the United Kingdom or European Economic Area unless your contract specifies otherwise. Transfers outside those areas use appropriate safeguards where required.

Your rights

Under UK GDPR / GDPR you may have rights of access, rectification, erasure, restriction, portability, and objection. Requests about data entered by your organisation are usually handled by your organisation’s data protection lead; requests about platform account data may be sent via contact.

Updates

We may update this notice when we change the product or legal requirements. Material changes will be communicated through the platform or by email to organisation administrators.

Legal review: Have your solicitor approve this text for your entity, jurisdiction, and hosting arrangement before relying on it as your sole privacy statement.