Last updated: May 2026

The short version: Your care records are encrypted with a password only you know. We cannot read them. Your data is deleted automatically when your account closes.

Who we are

Daily Care Hub is operated by Pudsoft. We build tools to help care teams for individuals with complex medical needs. You can contact us via the in-app support form.

What data we hold

We hold two types of data:

  • Account information — your name, Google email address, and subscription details. This is readable by us for account management purposes.
  • Care records — all care log entries, medications, feed plans, photos, handovers, and incidents. This data is encrypted and cannot be read by us.

How we protect your care data

Every piece of clinical information you enter is encrypted before it is saved — scrambled using a key that is derived from your vault password. The encrypted data is what gets stored on our servers.

Because we only ever store the scrambled version, and we never store your vault password, it is technically impossible for us to read your care records — even if someone demanded it of us.

Each team member has their own copy of the encryption key, protected by their own personal vault password. No passwords are shared.

Photos are encrypted before upload and stored in a private, access-controlled cloud storage bucket. They cannot be accessed directly via a URL.

Where your data is stored

Data is stored on Oracle Cloud Infrastructure servers located in the United Kingdom (London region). This is within the UK GDPR jurisdiction.

Who can access your data

  • Your care team — anyone you have invited, using their own vault password.
  • Pudsoft — we can see account/billing information only. We cannot read any care records.
  • Nobody else — care data is encrypted at rest and only decryptable with your vault password.

Data retention & deletion

Trial accounts:

  • 14-day free trial with full access.
  • After the trial ends, your account enters a 14-day read-only period — you can view and export records but not add new ones.
  • After the read-only period, your account and all associated data is permanently deleted from our systems. This deletion is automatic and irreversible.

Active subscriptions: Data is retained for the duration of your subscription. On cancellation, the same 14-day read-only then deletion process applies.

Your rights

Under UK GDPR you have the right to:

  • Access the data we hold about you
  • Request correction of inaccurate information
  • Request deletion of your data at any time
  • Export your data (use the Reports section for care records)
  • Object to processing

To exercise any of these rights, submit a support request and we will respond within 30 days as required by UK GDPR.

Cookies & tracking

We use a single session cookie to keep you logged in. We do not use advertising cookies, analytics trackers, or third-party tracking of any kind.

Third-party services

  • Google OAuth — used for sign-in only. We receive your name and email address from Google. We do not access any other Google account data unless you explicitly connect Google Photos.
  • Oracle Cloud — hosts the app and photo storage (UK region).
  • Google Photos (optional) — only connected if you choose to link it from the Admin panel. Only used to upload photos you explicitly send to it.

Changes to this policy

We will notify account owners by email if this policy changes in a material way.