Privacy Policy

Last updated: 22 May 2026

Who we are

Clinic Clock ("the app") is a staff time-tracking tool provided to employees of South Ken Clinic. The app is operated by the clinic's management. If you have any questions about this policy or how your data is used, please contact your clinic administrator.

What data we collect

We collect the minimum information needed to record your attendance:

• Account details — your full name, work email address, role/job title, and (optionally) phone number. These are entered by your clinic administrator.
• Authentication data — your password (stored as a salted hash by our authentication provider, Supabase) and session tokens.
• Time-tracking data — the date and time you sign in and sign out of each shift, plus the lunch break length you select.
• Location data — your device's GPS coordinates at the moment you sign in or sign out. This is used solely to verify you are physically at the clinic. We do not track your location at any other time.
• Scheduled hours — your weekly rota as set by your administrator.

How we use it

• To let you sign in and sign out of shifts.
• To verify you are on-site when clocking in/out.
• To produce attendance records, timesheets and payroll exports for clinic management.
• To enforce account access (e.g. disabling accounts when staff leave).

We do not use your data for advertising, analytics profiling, or sell it to third parties.

Where it's stored

All data is stored in Supabase (EU region), an industry-standard managed database service. Data is encrypted in transit (HTTPS) and at rest. Only authorised clinic administrators can read identifiable attendance records.

How long we keep it

Attendance records are retained for as long as legally required for employment and payroll purposes (typically 6 years under UK HMRC rules), or until you request deletion — whichever is later.

Your rights

Under UK GDPR you can:

• Request a copy of your data.
• Correct any inaccurate data.
• Delete your account — you can do this from the mobile app at any time by going to Settings → Delete account. This permanently removes your login and personal profile. Historical attendance entries may be retained in an anonymised form to satisfy payroll/legal retention rules.
• Object to processing or restrict its use.

To exercise any of these rights, contact your clinic administrator.

Permissions on your device

• Location (when in use) — only read when you tap Sign in or Sign out, to verify you are at the clinic. Never read in the background.

Children

The app is intended for use by clinic employees only and is not directed at children under 16.

Changes to this policy

If we make changes we will update the "Last updated" date above. Continued use of the app after changes constitutes acceptance.

Contact

For privacy questions or to exercise your rights, contact your clinic administrator at admin@md.co.uk.

Terms of Service