Privacy Policy

Last updated: 15 April 2026

This notice describes how BetterCall.ie handles information in line with transparency expectations under the GDPR. It is not legal advice. If you use BetterCall in a hospital or agency context, your organisation may have additional obligations—please involve your data protection officer or legal team where required.

1. Who we are

BetterCall.ie ("BetterCall", "we", "us") provides clinical reference tools, optional signed-in features (tasks, topics, portfolio-style tracking), team collaboration features for healthcare teams, and related services for healthcare professionals in Ireland and similar jurisdictions.

For general privacy questions: privacy@bettercall.ie. For operational matters you may also contact bettercallireland@gmail.com.

2. What this policy covers

This policy applies to the BetterCall.ie website, Progressive Web App behaviour where applicable, and the BetterCall mobile apps when they communicate with our services. It should be read together with our GDPR information sheet (including health data and Teams) and Terms of Use.

3. Categories of personal data

Depending on which features you use, we may process:

  • Account and authentication: identifiers from your sign-in provider (e.g. Google via Firebase Authentication), such as user ID, display name, and email address.
  • Clinical reference usage (signed-in): activity that supports in-app features (for example topics viewed, tasks, or similar product analytics tied to your account where those features exist).
  • Doctor / locum profile and documents: information and files you upload to your profile (for example CV, training certificates, referee contact details, professional identifiers) stored in Firebase Firestore and Firebase Storage.
  • Jobs and applications: application materials you submit through BetterCall Jobs flows.
  • Calendar and rota-style features: events and metadata you save for scheduling or on-call tracking.
  • Team collaboration (clinical): patient identifiers, clinical notes, thread entries, tasks, and related data entered by authorised team members into team-scoped workspaces. Team instant messaging may use end-to-end encryption: message payloads are stored as ciphertext on our infrastructure; limited metadata (for example sender id, timestamps, optional patient id references on messages) may still be visible to the service for delivery and abuse prevention.
  • Reference requests: where you use email-based referee flows, we process referee email addresses and related request metadata; transactional email may be sent through our email provider when configured.
  • Support and feedback: content you send when contacting us or suggesting edits to clinical content.
  • Technical data: standard server and security logs (IP address, user agent, timestamps) generated when you use the site or APIs.

4. Purposes and legal bases (summary)

We process personal data to provide the service you request, maintain security, improve reliability, and meet legal obligations. Typical GDPR bases include: contract (providing the platform to account holders), legitimate interests (securing accounts, debugging, proportionate product improvement, abuse prevention), and consent where we ask for it (for example optional marketing or clearly consent-gated features). Special category (health) data in Teams and similar clinical modules should only be processed with an appropriate Article 9 basis (often explicit consent and/or provision of health care) obtained by the responsible clinician or organisation—see the GDPR information sheet.

5. AI-assisted features

Some features send text or images to Google's generative AI (Gemini) via our servers to produce summaries, suggested wording, document checks, or similar outputs—for example thread summaries, encounter listen finalisation, clinical image transcription helpers, and document-type hints. Unless separately stated in the product, we do not use those submissions to train our own models; Google's terms and safeguards apply to their processing. Do not paste identifiable patient information into tools that are not explicitly designed and consented for clinical processing.

6. Recipients and subprocessors

We use reputable infrastructure and service providers who process data on our instructions or as joint arrangements require, including:

  • Google Firebase / Google Cloud — authentication, database, file storage, and (via server APIs) Google AI for the features described above.
  • Hosting and edge providers (for example Vercel or similar) — delivery of the website and APIs, and technical logs.
  • Resend (or comparable email providers) — transactional email when enabled (such as referee invitations).

We do not sell your personal data. Providers may be located outside the European Economic Area; where required we rely on appropriate safeguards (such as Standard Contractual Clauses) offered by the relevant vendor.

7. Retention

We keep information for as long as your account exists and as needed to provide features, comply with law, resolve disputes, and enforce our terms. Some clinical artefacts may be subject to longer retention under healthcare law—teams and organisations using BetterCall remain responsible for statutory medical records retention where applicable. Ephemeral product settings (for example encrypted chat TTL where configured) may delete ciphertext automatically after a stated period unless pinned or retained under your team's workflow.

8. Security

We use TLS in transit, access rules on databases, authenticated APIs for sensitive operations, and defence-in-depth practices appropriate to a small platform. No method of transmission or storage is 100% secure; you should protect your device and account credentials.

9. Cookies and local storage

We use cookies and local storage needed for authentication, preferences, and lightweight consent flags (for example cookie banner dismissal). Analytics, if enabled, are described at collection time. See our cookie banner text for the current concise description.

10. Your rights

Subject to applicable law, you may have the right to access, rectify, erase, restrict, port, or object to certain processing, and to withdraw consent where processing is consent-based. To exercise rights against BetterCall-held account data, contact privacy@bettercall.ie. For patient records entered by a hospital team, the healthcare organisation or clinician is typically the controller for clinical decisions and SAR routing—we will assist where we are permitted.

You may lodge a complaint with the Irish Data Protection Commission (DPC) or your local supervisory authority.

11. Children

BetterCall is intended for qualified healthcare professionals. It is not directed at children, and we do not knowingly collect children's personal data.

12. Changes

We will update this page when practices change materially. The "Last updated" date reflects the latest revision.

13. Related documents