Privacy Policy

Last updated: 9 August 2025

Your Privacy Matters

Fyllio is committed to protecting your privacy and handling your data transparently, lawfully, and securely in accordance with UK GDPR and the Data Protection Act 2018.

UK-Based Hosting

Your data stays in the UK

You Own Your Data

Export anytime, delete anytime

1. Who we are

Fyllio Ltd (Company Number: 16520641) is the data controller for personal data processed through the Fyllio ePortfolio platform, unless your Organisation has contracted for your use (see section 3).

Contact our Data Protection Lead:
Email: privacy@fyllio.co.uk
Post: Fyllio Ltd, [Registered Office Address]

2. What data we collect

Account Information

  • Name, email address, GMC number (optional)
  • Professional role, specialty, grade
  • Training programme details
  • Account preferences and settings

Portfolio Content

  • Evidence uploads (documents, reflections, certificates)
  • Assessment records (WBAs, MSF responses)
  • CPD activities and learning logs
  • Personal development plans

Usage Data

  • Login times and session information
  • Features used and actions taken
  • Device and browser information
  • IP address (for security and support)

Communications

  • Support tickets and correspondence
  • Feedback and survey responses
  • Marketing preferences (opt-in basis)

3. How we use your data

We process your data for the following purposes:

PurposeLegal Basis
Provide the portfolio serviceContract performance
Process paymentsContract performance
Send service emailsContract performance
Improve our serviceLegitimate interests
Ensure securityLegitimate interests
Send marketing (if opted-in)Consent
Comply with legal obligationsLegal obligation

4. Who we share data with

We only share your data in limited circumstances:

Within the platform

  • Supervisors/assessors you explicitly share with
  • MSF respondents (limited to feedback requests)
  • Your designated educational supervisor

Service providers

  • UK-based cloud hosting (Supabase/AWS)
  • Email delivery service (for notifications)
  • Payment processor (Stripe - PCI compliant)
  • Analytics (privacy-focused, aggregated only)

Legal requirements

We may disclose data if required by law, court order, or regulatory authority.

We never: Sell your data, share with third-party marketers, or transfer data outside the UK without appropriate safeguards.

5. How long we keep your data

  • Active accounts: Data retained while account is active
  • Closed accounts: Portfolio data available for export for 90 days, then deleted
  • Assessment records: May be retained for 6 years for professional requirements
  • Financial records: 6 years for tax/accounting purposes
  • Security logs: 12 months for security and audit purposes
  • Marketing: Until you unsubscribe or withdraw consent

6. Your rights

Under UK GDPR, you have the following rights:

Access

Request a copy of your personal data

Rectification

Correct inaccurate or incomplete data

Erasure

Request deletion of your data

Portability

Export your data in a portable format

Restriction

Limit how we process your data

Object

Object to certain processing activities

To exercise any of these rights, contact us at privacy@fyllio.co.uk. We will respond within 30 days.

7. How we protect your data

We implement appropriate technical and organisational measures including:

  • Encryption in transit (TLS/SSL) and at rest
  • Regular security assessments and updates
  • Access controls and authentication
  • Regular backups and disaster recovery
  • Staff training on data protection
  • Incident response procedures

While we take security seriously, no system is 100% secure. We encourage you to use strong passwords and keep your credentials safe.

8. Cookies and tracking

We use essential cookies to:

  • Keep you logged in
  • Remember your preferences
  • Ensure security

We do not use tracking cookies for advertising. Analytics are privacy-focused and aggregated.

9. International transfers

Your data is stored in the UK. If we need to transfer data internationally (e.g., for support tools), we ensure appropriate safeguards are in place, such as UK GDPR-compliant data processing agreements.

10. Changes to this policy

We may update this policy from time to time. We will notify you of significant changes via email or in-app notification. The "Last updated" date at the top shows the latest version.

11. Contact us

For any privacy questions or concerns:

Data Protection Lead

Email: privacy@fyllio.co.uk

Post: Fyllio Ltd, [Registered Office Address]

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO):

Website: ico.org.uk
Phone: 0303 123 1113

Terms of ServiceHomeSign In