Back Novintel
Terms privacy@novintel.uk

Privacy Policy

This Privacy Policy explains how Novintel processes personal data when providing our SaaS revenue protection platform to private UK healthcare clinics. Last updated: 9 April 2026.

Who we are

Novintel (“we”, “us”) provides a revenue protection platform for private healthcare clinics in the United Kingdom. Our website is novintel.uk.

If you have questions about this policy, contact us at privacy@novintel.uk.

What data we collect

We collect and process different categories of information depending on how you use the platform.

  • Clinic account and admin user data: clinic name, contact details, business address, admin user names, email addresses, roles/permissions, authentication data, and support communications.
  • Patient booking data: patient name and contact details, appointment details (date/time, clinician/service selection), booking metadata, and any information submitted through the booking widget. Clinics determine what fields are collected in their booking flow.
  • Stripe payment and billing data: subscription billing details, payment status, and transaction identifiers. Card details are processed directly by Stripe; we do not store full card numbers.
  • Google Calendar data (optional): calendar availability information needed to sync appointment availability when a clinic connects Google Calendar.
  • Usage and device data: logs and analytics such as IP address, browser type, pages visited, timestamps, error logs, and feature usage to operate and improve the service.

How we use data

  • Provide the booking widget and manage appointment workflows.
  • Operate the admin dashboard and manage clinic accounts and access controls.
  • Process subscriptions and payments for no-show/cancellation fees and platform billing (via Stripe).
  • Sync appointment availability with Google Calendar where enabled by the clinic.
  • Provide customer support, service communications, and incident response.
  • Monitor performance, security, and prevent fraud or misuse.
  • Comply with legal obligations and enforce our Terms of Service.

Legal basis under UK GDPR

Where UK GDPR applies, we process personal data under one or more of the following legal bases:

  • Contract: to provide the platform and related services to clinics.
  • Legitimate interests: to operate, secure, and improve the platform, prevent fraud, and provide support (balanced against individual rights).
  • Legal obligation: where we must comply with applicable laws.
  • Consent: where required, such as when a clinic chooses to connect optional integrations (e.g. Google Calendar).

Google Calendar & Google API data (Limited Use)

Dedicated Google API data usage statement

  • Purpose: We access Google Calendar only to sync appointment availability.
  • No selling or third-party transfer: We do not sell, share, or transfer Google Calendar data to third parties.
  • No advertising: We do not use Google Calendar data for advertising or unrelated purposes.
  • Revocation: Users can revoke access via myaccount.google.com/permissions.
  • Policy compliance: Our use complies with the Google API Services User Data Policy, including the Limited Use requirements. See Google API Services User Data Policy.

When enabled, we use Google Calendar data to determine availability and avoid scheduling conflicts. We do not request or use access beyond what is necessary for availability sync.

Third parties and sharing

We use a limited number of third-party service providers to deliver core functionality:

  • Stripe: payment processing and subscription billing. Stripe processes payment data in accordance with its own policies and security standards.
  • Google: Google Calendar API, only if your clinic enables the integration.

We do not sell personal data. Other disclosures may occur if required by law or to protect our rights.

Data retention

We retain personal data only for as long as necessary for the purposes described in this policy, including to provide the service, comply with legal obligations, resolve disputes, and enforce agreements.

  • Clinic account data: retained for the duration of the subscription and a reasonable period afterwards.
  • Booking and appointment records: retained according to the clinic’s settings and business needs.
  • Billing records: retained as required for tax/accounting and financial compliance.
  • Google Calendar tokens/connection data: retained only while enabled and removed when access is revoked or disconnected.
  • Logs: retained for a limited period for security, diagnostics, and service improvement.

Your rights under UK GDPR

Subject to applicable law, individuals may have rights including access, rectification, erasure, restriction, objection, data portability, and the right to withdraw consent where processing is based on consent.

To exercise rights, contact privacy@novintel.uk. You may also have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO).

Security

We use technical and organisational measures designed to protect data, including access controls, least-privilege permissions, encryption in transit where supported, monitoring, and vendor security reviews for key providers.

No method of transmission or storage is 100% secure. If you believe data has been compromised, contact us promptly.

Contact

Email us at privacy@novintel.uk.