Legal information

Privacy

This privacy policy explains how CareBuddy and Thesmon Technologies Ltd. collect, use, protect, and share personal information when you visit this website, contact us, or use the CareBuddy platform.

Last updated: 9 June 2026

Important UK data protection notice

This policy is written for the UK GDPR, the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations. Company number, registered office, VAT number if applicable, and ICO registration details should be added once confirmed for Thesmon Technologies Ltd.

Who we are

CareBuddy is operated by Thesmon Technologies Ltd. We provide software for care providers, including children's home records, care notes, incident workflows, audit trails, document management, and reporting.

For privacy questions, email hello@thesmon.com.

For personal information entered into CareBuddy by a care provider, that care provider will usually be the data controller. CareBuddy/Thesmon Technologies Ltd. will usually act as a processor under the provider's instructions.

Personal information we collect

Website and enquiries

Name, organisation, job title, email address, telephone number, and message content when you contact us.
Technical information such as IP address, browser type, device information, pages visited, timestamps, and security logs.

Platform users and care records

Account details, role, organisation, home assignment, access permissions, authentication records, audit logs, and document access logs.
Care notes, incident records, risk assessments, medical records, documents, reports, whereabouts, and safeguarding-related records entered by authorised customer users.
This may include special category data and information about children or young people.

How we use personal information

To provide, maintain, secure, and improve CareBuddy.
To authenticate users, manage sessions, control permissions, and keep audit trails.
To respond to enquiries and provide support.
To investigate errors, security events, suspected misuse, or unauthorised access.
To meet legal, safeguarding, accounting, regulatory, contractual, and dispute-resolution obligations.

We do not sell personal information.

Lawful bases

Depending on the context, we may rely on contract, legal obligation, legitimate interests, vital interests, public task, or consent where required. Non-essential cookies and certain optional communications require consent.

Cookies and similar technologies

CareBuddy uses essential cookies for login, session management, CSRF protection, security, and platform functionality. These are necessary for the service to work.

If analytics, marketing, embedded media, or other non-essential cookies are introduced, users must receive clear information and a real choice to accept or reject them before those cookies are set.

Sharing, transfers, and retention

We may share personal information with customer organisations, hosting and support providers, professional advisers, insurers, auditors, regulators, courts, law enforcement, or safeguarding bodies where needed. If information is transferred outside the UK, an appropriate safeguard should be used.

We keep personal information only for as long as necessary. Care records controlled by customer organisations should follow that organisation's statutory, regulatory, safeguarding, and internal retention schedule.

Your rights

Under UK data protection law, you may have rights to access, correct, delete, restrict, object to processing, request portability, withdraw consent, and complain to the Information Commissioner's Office. If your request relates to records held by a care provider, that provider may need to handle it as controller.