GDPR Compliance

Institutional Data Protection Statement

Our Commitment to GDPR

FosterFlow is built with "Privacy by Design" at its core. Given the sensitive nature of foster care data, we adhere to the strict requirements of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Data Protection Oversight

Data protection oversight is managed by our founding team. As we scale, we will appoint a dedicated Data Protection Officer. All data protection enquiries can be directed to dpo@fosterflow.uk.

Key GDPR Principles in FosterFlow

• Lawfulness and Transparency: We only process data for legitimate professional fostering purposes, clearly detailed in our Privacy Policy.
• Data Minimisation: We only collect the data necessary to provide transcription and reporting services.
• Accuracy: Our "Legal Vault" feature ensures that once a log is finalized, it is frozen to maintain an accurate and immutable historical record.
• Storage Limitation: We retain fostering records only as long as necessary for professional compliance or as dictated by your fostering agency's data retention policy.
• Integrity and Confidentiality: We use industry-standard encryption (AES-256) and secure multi-tenancy isolation to protect data from unauthorized access.

Exercising Your Rights

If you wish to request a copy of your data (Subject Access Request) or exercise your "right to be forgotten," please submit a formal request to: dpo@fosterflow.uk.