Privacy Policy

This Privacy Policy explains how Leveret AI Ltd ("Leveret AI", "we", "us", "our") collects, uses, stores, and protects personal data when you use our platform available at viewer.leveret.ai and our website at leveret.ai.

We are committed to complying with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and all applicable privacy legislation.

1. Who We Are

Leveret AI Ltd is the data controller for personal data processed through the Leveret platform. For data protection enquiries, contact us at hello@leveret.ai.

2. What Data We Collect

2.1 Account Data

When you register, we collect your name, email address, country, and professional details. This data is necessary to create and manage your account.

2.2 Content You Create

We store clinical notes, documents, and templates that you create using the platform. Leveret does not store patient records. We strongly encourage users not to enter identifiable patient data directly into the platform. Any patient-identifiable content you choose to enter is used solely to generate the document you request and is not stored as a record by us.

2.3 Usage Data

We collect usage logs and aggregate metrics to improve the platform. This data is anonymised before analysis and does not identify individual patients.

2.4 Payment Data

Payment processing is handled by Stripe. We store transaction references, plan details, and billing history. We do not store full card details. Stripe's privacy policy governs card data.

2.5 Technical Data

IP addresses, browser type, device identifiers, and access timestamps are logged for security and fraud prevention.

3. Patient Data and Your Responsibilities

Leveret is a productivity and documentation tool, not a patient records system. We do not store patient records. Generated documents belong to you and should be saved in your own practice management system.

If you choose to enter any patient information into Leveret for the purpose of generating a document, you are responsible for:

• Ensuring you have a lawful basis for processing that information (e.g. patient consent or legitimate interest under UK GDPR).
• Informing patients that you use AI-assisted documentation tools where required by applicable guidance.
• Obtaining patient consent before using AI tools in their care, in accordance with ICO guidance and GDC standards.
• Minimising the identifiable patient data you enter — only include what is necessary to generate the document.

When acting as a processor for any patient data you submit, Leveret AI processes it in accordance with the terms of our Terms and Conditions.

4. Lawful Basis for Processing

• Contract: To provide the services you have agreed to use.
• Legitimate interests: Security monitoring, fraud prevention, service improvement.
• Legal obligation: Retaining financial records for 7 years as required by UK law.
• Consent: Where you have opted in to optional communications.

5. How We Use Your Data

• To provide, maintain, and improve the Leveret AI platform.
• To process payments and manage your subscription.
• To send account-related notifications (security alerts, billing).
• To generate aggregate, anonymised usage analytics.
• To comply with legal obligations.

Your clinical content and any patient-related input is never used to train AI models.

6. Data Sharing

We do not sell your personal data. We share data only with:

• Stripe: Payment processing.
• Cloud infrastructure providers: Hosting and database services within the UK/EEA.
• AI model providers: Session-scoped content for AI generation. No persistent patient data is retained by model providers after the request completes.
• Law enforcement: Where legally required.

7. Data Retention

Account data is retained for as long as your account is active. Upon account deletion, personal data is removed within 30 days. Financial transaction records are retained for 7 years as required by UK accounting law. Generated documents and content are retained only as long as needed to provide the service.

8. Your Rights Under UK GDPR

• Right of access: Request a copy of your personal data.
• Right to rectification: Correct inaccurate data.
• Right to erasure: Request deletion of your personal data.
• Right to restriction: Limit how we process your data.
• Right to data portability: Receive your data in a machine-readable format.
• Right to object: Object to processing based on legitimate interests.

To exercise any right, contact us at hello@leveret.ai. We will respond within 30 days.

9. Cookies

We use strictly necessary cookies for authentication and session management only. See our Cookie Policy for details.

10. Security

We implement industry-standard security measures including TLS encryption in transit, encrypted storage at rest, access controls, and regular security reviews. In the event of a data breach, we will notify affected users and the ICO as required by law.

11. International Transfers

Your data is stored and processed within the UK and EEA. Where any transfer outside these regions is required, we apply appropriate safeguards (Standard Contractual Clauses or equivalent).

12. Changes to This Policy

We may update this policy periodically. We will notify you of material changes via email or in-app notice. Continued use of the platform after such notice constitutes acceptance.

13. Complaints

You have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk if you believe we have mishandled your data.

14. Contact

Data protection and privacy enquiries: hello@leveret.ai
Leveret AI Ltd, United Kingdom