NoLapse

Privacy Policy

Last updated: 9 April 2026

Who we are

NoLapse is operated by Paul Church, an independent software developer based in the United Kingdom. You can contact us at hello@nolapse.co.uk.

Data controller and data processor

Under UK GDPR, the roles of data controller and data processor are distinct.

Account data (your email address and subscription details): Paul Church is the data controller. We determine why and how this data is processed in order to provide the NoLapse service.

Practitioner records (the names, registration numbers, professions, and expiry dates you enter for your clinical staff): your organisation is the data controller. You determine what practitioner data is entered, and for what purpose. NoLapse processes this data only on your instructions and solely to operate the compliance monitoring features you have subscribed to. In this capacity, NoLapse acts as a data processor under UK GDPR Article 28.

A Data Processing Agreement covering the processing of practitioner data is available at nolapse.co.uk/dpa. By using NoLapse, you agree to the terms of that agreement.

What data we collect

We collect and process the following categories of data:

  • Account data: your email address, used to sign in via magic link.
  • Practitioner records: the names, registration numbers, professions, and registration expiry dates you enter for your clinical staff. This data is provided entirely by you.
  • Billing data: subscription and payment information is processed by Stripe and is subject to Stripe's Privacy Policy. We store a Stripe customer reference but do not hold card details.
  • Usage data: basic server logs including IP addresses and request timestamps, retained for up to 30 days for security and debugging purposes.

How we use your data

We use the data you provide solely to:

  • Provide and operate the NoLapse service (practitioner tracking, expiry alerts, compliance exports).
  • Send alert emails about upcoming registration expiries to the email address on your account.
  • Process subscription payments via Stripe.
  • Respond to support enquiries.

We do not sell your data, share it with third parties for marketing purposes, or use it for any purpose beyond operating the service.

Legal basis for processing

We process account data on the basis of contract (to provide the service you have subscribed to) and legitimate interest (to maintain the security and integrity of the platform). We process practitioner records on the basis of your instructions as data controller. Where we send expiry alert emails, we do so on the basis of contract.

Data storage and security

Your data is stored in a Supabase PostgreSQL database hosted in AWS eu-west-2 (London). All data is encrypted at rest and in transit. Access is restricted by row-level security policies that ensure you can only access your own organisation's data.

Data retention

We retain your account and practitioner data for as long as your account is active. If you close your account, we will delete your data within 30 days unless we are required by law to retain it for longer.

Your rights

Under UK GDPR, you have the right to:

  • Access the personal data we hold about you.
  • Request correction of inaccurate data.
  • Request deletion of your data.
  • Object to or restrict our processing of your data.
  • Request a portable copy of your data.

To exercise any of these rights, email hello@nolapse.co.uk. We will respond within 30 days. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

Cookies

NoLapse uses a single session cookie to keep you signed in. No third-party tracking or advertising cookies are used.

Changes to this policy

We may update this policy from time to time. Material changes will be notified by email to account holders. The current version is always available at this URL.