Privacy Policy

Introduction: Empower Aid Technologies Ltd ("Elyndra") is committed to protecting personal data privacy. This policy outlines how we collect, process, and manage data in compliance with UK GDPR, the Data Protection Act 2018, and ICO guidelines, in connection with our Bridge platform — a decision-support tool used by children's residential care providers to manage and assess placement referrals.

What Data We Collect:

• Personal information (name, contact details, role) of care provider staff and users of the Bridge platform

• Referral information relating to children and young people, including special category data (health, safeguarding, and welfare information) shared with care providers as part of the placement referral process

• Usage data and decision reasoning captured within the platform to support audit, accountability, and service improvement

Why We Collect Data:

• To provide care providers with a structured platform for receiving, assessing, and responding to placement referrals

• To support safer, more accountable placement decisions through structured risk intelligence and decision capture

• To meet our contractual obligations to care provider customers and support their regulatory and safeguarding duties

How We Handle Your Data:

• Data is hosted within UK/EU regions on secure Microsoft Azure infrastructure

• Retention periods are set in accordance with customer instructions and the regulatory requirements applicable to children's residential care records

• Personal data is processed only for the purposes described in this notice and our agreements with customers

Data Sharing and Third Parties:

• Microsoft Azure UK: secure cloud hosting

• AI/LLM service providers: used to support structured analysis within the Bridge platform; no personal data is used to train third-party models

• Langfuse: observability and platform monitoring

• Any additional sub-processors will be notified to customers in advance and listed in our processor schedule

Your Rights:

• Request access to your personal data

• Request correction or deletion of your data

• Object to or restrict certain processing activities (subject to operational and legal feasibility)

• Request your data in a portable format

• Lodge a complaint with the Information Commissioner's Office (ico.org.uk)

Where Elyndra acts as a data processor on behalf of a care provider customer, requests relating to children, families, or third-party data subjects should be directed to the relevant care provider as the data controller.

Security Measures:

• Encryption of data at rest and in transit

• Role-based access controls and authentication requirements

• Regular security reviews and vulnerability testing

ICO Registration:

• We are registered with the Information Commissioner's Office (reference: ZB871667)

Contact Information: For privacy inquiries, access requests, or complaints, contact: marcus@elyndra.co.uk