Privacy Policy

Last updated: 18 June 2026

The Foot in Diabetes Ltd ("we", "us", "our") is committed to protecting your privacy. This policy explains what personal data we collect through LimbWise Capability (the "Service"), why, and what rights you have under UK data protection law (UK GDPR and the Data Protection Act 2018).

1. What we collect

• Account information: your email address (used for magic-link sign-in), name and profession, which you provide during onboarding.
• Self-assessment data: the scores, target levels, notes and achievement entries you record against the capability framework, plus any practical assessment sign-offs.
• Progress data: snapshots of your capability profile over time, content/quiz completion, and certificates generated.
• Billing information: if you subscribe to a paid plan, billing and payment details are collected and processed directly by Paddle (see below) — we do not store your card details.
• Technical data: basic device/usage information collected automatically to keep the Service secure and working properly.

2. How we use your data

• To provide the Service — your account, capability profile, learning content and certificates.
• To process payments and manage subscriptions.
• To send essential account and service emails (e.g. sign-in links, billing receipts).
• To understand overall usage and improve the Service (using aggregated, non-identifying statistics wherever possible).

3. Third-party processors

We use a small number of trusted service providers to run LimbWise Capability, each acting as a data processor on our behalf:

• Supabase — database hosting and authentication for your account and assessment data.
• Paddle — payment processing and subscription billing, and acts as merchant of record for purchases.
• Resend — sending transactional emails (such as sign-in links).
• Vercel — hosting the LimbWise Capability web application.

We don't sell your personal data, and we don't share it with third parties for their own marketing purposes.

4. Legal basis for processing

We process your data on the basis of: performance of a contract (providing the Service you've signed up to), legitimate interests (keeping the Service secure and improving it), and consent where applicable (e.g. optional marketing communications, if introduced in future).

5. Data retention

We retain your account and assessment data for as long as your account remains active, so your capability history and progress snapshots stay available to you. If you delete your account, we will remove or anonymise your personal data within a reasonable period, except where we're required to retain records (e.g. billing records) for legal or accounting purposes.

6. Your rights

Under UK GDPR, you have the right to: access the personal data we hold about you; request correction of inaccurate data; request deletion of your data; object to or restrict certain processing; and request a copy of your data in a portable format. To exercise any of these rights, contact us using the details below.

7. Security

We use industry-standard security measures, including encrypted connections and row-level access controls on our database, to protect your data. No system is completely secure, but we take reasonable steps to keep your information safe.

8. Cookies

The Service uses only essential cookies/local storage needed to keep you signed in and remember your preferences. We don't use third-party advertising or tracking cookies.

9. Children

LimbWise Capability is intended for use by healthcare professionals and is not directed at children.

10. Changes to this policy

We may update this policy from time to time. If we make material changes, we'll let registered users know by email or via a notice in the Service.

11. Contact & complaints

For any questions about this policy or your data, contact info@thefootindiabetes.co.uk. If you're unhappy with how we've handled your data, you also have the right to complain to the UK Information Commissioner's Office (ICO) at ico.org.uk.