PathoSensePathoSense
Sign inRequest access

Data processing agreement

Article 28 processor terms incorporated into every PathoSense subscription.

Last updated: 28 June 2026

Roles

The customer is the controller. PathoSense is the processor. Sub-processors are listed below.

Subject matter and duration

Processing of personal data of care home staff and residents in the course of providing the PathoSense platform for the duration of the subscription.

Categories of data

  • Care worker contact and role data.
  • Resident pseudonyms, symptom dates, locations and outbreak signals.
  • Microbiology references and antimicrobial decisions.

Security

UK-hosted infrastructure, encryption in transit and at rest, RBAC, tenant isolation by row-level security, audit logging, vulnerability management and 24-hour breach notification.

Sub-processors

  • Lovable Cloud (UK/EU) — hosting and authentication.
  • Mailgun (EU region) — transactional email delivery.
  • Sentry (EU region) — error monitoring.

International transfers

No data leaves the UK or EEA other than via UK GDPR adequacy or Standard Contractual Clauses.

Return and deletion

On termination we return or delete personal data within 30 days at your choice, subject to retention required by law.