Privacy Notice | EnterTheLoop

Version 1.0 — 12 June 2026. This notice explains how EnterTheLoop Ltd (company number 17169996, registered office Hunters Moon, Little Lane, Saunderton, Princes Risborough HP27 9NW) uses your personal data. It is a transparency notice, not a contract.

What this means (a plain-language summary to help you — it is not the full notice and does not replace it)

We use your data to run your account, check that you are a registered clinician, route tasks to you, and operate Units and payments. That processing is needed to perform our contract with you — so we will never ask you to "consent" to it, and you cannot be asked to.
The biometric identity check is optional. Manual document review works just as well and choosing it costs you nothing. If you choose the biometric route, the biometric data is deleted the moment verification completes — we keep only the result and an audit note.
Clients who license datasets receive de-identified or pseudonymised data. Your name appears only if you switch attribution on. Your identity documents, selfies and biometric data are never transferred to or retained by clients — if a contract audit ever requires inspection of the evidential file, it happens under strict controls in our custody, never by handover, and we will tell you unless the law prevents us.
Some records survive after you close your account — because tax and platform-reporting law requires us to keep them, or because we need them to establish, exercise or defend legal claims (for example, the records showing what you accepted and signed). We list exactly which, and for how long, in section 8.
Calibration scoring is automated and can affect your access to paid work. You can always ask for a human clinical reviewer, make your case, and contest the outcome.
Every consent we ask for is separate, optional, off by default, and as easy to switch off as on. Withdrawing a consent never affects your account standing, your tasks, or your Units or fees.
You can complain to us (electronic form; acknowledged within 30 days) and to the Information Commissioner (ico.org.uk) at any time.

This notice is a transparency document, not a contract. When you create an account we ask you to confirm you have readit — never that you "consent" to it. Your statutory data-protection rights exist regardless of anything in this notice or in any agreement between us.

Page-1 summary: what we do with your data

What we do	Data we use	Legal basis	How long we keep it	Who sees it
Run your account: tasks, Contributions, Judgement Data, Units, payments	Account and profile data; Contributions; Judgement Data; payment records	Performing our contract with you	Account life; Contributions for the contract term + 6 years or per dataset licence; payment records 6 years from end of accounting period	Us; our hosting provider (EU); our payment processor
Check who you are	Identity documents, proof of address, CV, certificates	Performing our contract; our legitimate interests in a verified panel	6 years after account closure	Us; our identity-verification provider
Biometric identity check (optional — you choose it)	Facial image and liveness data	Performing our contract / our legitimate interests, plus your explicit consent for the biometric data itself (special category data). A manual alternative is always offered with no detriment	Deleted as soon as verification completes; we keep only the outcome and audit metadata	Our identity-verification provider, acting on our instructions
Check your professional registration	Your registration number, status and the date we checked, from the public register (GMC/NMC/HCPC/GPhC)	Our legitimate interests in a verified clinician panel	6 years after account closure	Us only — we read the public register; we send nothing to the regulator
Tax and platform-reporting duties	Name, address, date of birth, National Insurance number, account identifier	Legal obligation (UK platform-reporting rules)	5 years from the end of the reportable period — even if you delete your account	Us; HMRC
Detect fraud and duplicate identities	Account, verification and usage data	Recognised legitimate interest in preventing crime	For the investigation and any follow-up; logs otherwise per section 8	Us; law enforcement where required
Detect task gaming and integrity breaches	Task-integrity (anti-contamination) signals — see section 3.9	Our legitimate interests in dataset integrity	Routine logs 12 months; longer only if part of an investigation	Us only
Keep the platform secure and improve it	Usage, device and log data	Our legitimate interests	Routine logs 12 months	Us; our hosting provider
License evaluation datasets to clients	De-identified or pseudonymised Contributions and Judgement Data	De-identified: our legitimate interests in creating and assessing the datasets — once released, the data is engineered so it is no longer personal data in the client's hands. Pseudonymised: our legitimate interests, under strict contracts	Per dataset licence	AI developers and other clients, under contracts that ban re-identification
Show your name on dataset manifests (attribution)	Name, registration number	Your consent — optional, withdrawable	While your consent is in force	Clients receiving the manifest
Share your Reliability Report with a named buyer	Your Reliability Report	Your consent, per named buyer — optional, withdrawable	While your consent is in force	Only the named buyer
Email you marketing	Email address, preferences	Your consent — optional, withdrawable	Until you withdraw	Us; our email provider

The rest of this notice explains each row in full.

1. Who we are and how to contact us

1.1 The controller of your personal data is EnterTheLoop Ltd, a company registered in England and Wales (company number 17169996), registered office Hunters Moon, Little Lane, Saunderton, Princes Risborough HP27 9NW ("EnterTheLoop", "we", "us"). We operate the platform at entertheloop.ai.

1.2 Data protection contact: privacy@entertheloop.ai. General support: support@entertheloop.ai. You can use either address to exercise any right in section 9 — we will route it correctly.

1.3 The regulator.In this notice, "the Information Commissioner" means the Information Commissioner (or successor) — the UK's data-protection regulator, currently reachable at ico.org.uk.

1.4 Terms we use."Contributor" means a clinician with an account on the platform. "Contribution" means any work, judgement, rationale, critique, rubric, scenario, annotation, ranking, rating or other material created or submitted via the platform. "Judgement Data" means the structured signals generated by your platform activity — ratings, rankings, preference selections, judgement-shift responses, calibration and reliability metrics, and associated metadata. "Units", "Payment Schedule", "Clinical Integrity Rules", "Engagement" and "Reliability Report" have the meanings given in the Contributor Agreement and the Terms of Service. These capitalised terms mean the same thing in every EnterTheLoop document.

1.5 This notice covers contributors and prospective contributors on the platform, and visitors to entertheloop.ai. Client organisations and their staff are covered by separate notices provided in our commercial documentation.

2. About this notice

2.1 This notice is written to the UK GDPR as amended by the Data (Use and Access) Act 2025 (in force, for the parts relevant here, from 5 February 2026) and the Data Protection Act 2018. It follows the Information Commissioner's layered-notice pattern: the summary above, then the detail below.

2.2 We will never make your access to the platform conditional on consenting to processing we do not need for the contract. Where this notice says a processing activity rests on consent, that consent is genuinely optional: you can decline or withdraw it at any time, withdrawal is as easy as the grant, and declining or withdrawing never affects your account standing, your access to tasks, or your Units or fees.

3. What we collect

We collect the following categories of data. We do not collect data about you from data brokers, social media scraping, or advertising networks.

3.1 Account and profile data.Name, email address, password (stored hashed), multi-factor authentication data, profession and specialty, profile settings, and your account's verification state.

3.2 Identity documents. A government-issued photo ID, captured during identity verification. Whichever verification route you choose, the evidential file stays in our custody: we never hand your identity documents over to clients (see section 6.5).

3.3 Biometric verification data (special category data — optional route only). If — and only if — you choose the biometric identity-check route, our identity-verification provider processes your facial image and liveness data, on our instructions, solely to match you to your photo ID. This is special category biometric data, and we process it only with your explicit consent:

(a) A manual alternative is always offered on the same screen, with equal standing: you can upload your photo ID for human review instead. It takes longer (up to 5 working days) but makes no difference whatsoever to your account, your tasks, or how we treat you.
(b) Biometric templates, facial images and liveness data are deleted as soon as verification completes — typically within hours. We keep only the outcome (verified / not verified) and audit metadata (when we checked, by which method, and which provider performed the check).
(c) You can withdraw consent while verification is in progress: the check is abandoned, everything captured so far is deleted, and the manual route is offered instead.

3.4 Professional registration checks. We check your registration against the public register held by your regulator (GMC, NMC, HCPC or GPhC) and record only your registration number, registration status, and the date we checked. We do not collect or store fitness-to-practise history. We only read the public register — we do not notify your regulator that you have joined the platform (for the narrow circumstances in which we may make a report to a regulator, see section 6.7).

3.5 CV, certificates and proof of address. Submitted during onboarding to evidence eligibility, specialty and seniority.

3.6 Professional and conflict-of-interest declarations. The typed declarations you make in the Professional & Conflict of Interest Declaration: your employment cohort, employer outside-interest compliance, indemnity attestation and competence undertaking.

3.7 Contributions and Judgement Data. Everything you create or submit via the platform — Contributions as defined above — and the Judgement Data your activity generates, including calibration and reliability metrics and your Reliability Report.

3.8 Payment and tax data. Payout account details, payment history, and — because UK platform-reporting law requires digital platforms to collect and report them — your date of birth and National Insurance number (or tax identification number). We tell you at the point of collection exactly which fields are statutory.

3.9 Usage, device and security data, including task-integrity signals. Log data (IP address, browser and device type, timestamps, pages and actions), security events, and — we want to be straightforward about this — task-integrity ("anti-contamination") signals collected during task sessions: copy-and-paste events, window and tab focus changes during closed-book tasks, and timing and input-pattern metadata. These exist because clients pay for datasets whose provenance is trustworthy; the Clinical Integrity Rules (in the Acceptable Use & Clinical Integrity Policy) explain the conduct rules they support. An integrity flag never penalises you automatically — it routes the matter to human review (see sections 5 and 6.7, and the suspension provisions of the Terms of Service).

3.10 Communications and support. Messages you send us, support tickets, complaint records, and our replies.

3.11 What we do not collect. We do not intentionally collect health data or any other special category data about you, other than the optional biometric route in 3.3. Task content concerns synthetic, anonymised or simulated clinical material — never information about you, and you must never include information identifying any real patient (see the Acceptable Use & Clinical Integrity Policy).

4. Why we use your data, and the legal basis for each purpose

4.1 UK GDPR requires a legal basis for every use of personal data. Ours are mapped below. Where the basis is "legitimate interests" we have carried out and maintain a legitimate interests assessment, which you can ask about via privacy@entertheloop.ai.

Purpose	Legal basis
Creating and running your account; verifying eligibility; routing tasks; receiving and quality-controlling Contributions; generating Judgement Data; operating Units, the Payment Schedule and payouts; providing your Reliability Report	Contract(Art 6(1)(b)) — necessary to perform our contract with you. We will never ask you to "consent" to this processing
Vetting identity documents, CV, certificates and proof of address beyond strict contract necessity	Legitimate interests (Art 6(1)(f)) — maintaining a verified clinician panel, which is the product clients pay for
Biometric identity verification (optional route)	Contract / legitimate interests at the Art 6 layer, plus your explicit consent (Art 9(2)(a)) for the special category biometric data — valid only because the manual route is offered without detriment
Professional register checks (status, number, date checked)	Legitimate interests (Art 6(1)(f)) — a verified clinician panel. Public-register data is still personal data, so we tell you here (Art 14) what we check and keep
Collecting and reporting platform-seller details to HMRC (name, address, DOB, NINo/TIN, account identifier)	Legal obligation (Art 6(1)(c)) under the UK platform-reporting rules (SI 2023/817); where we collect fields before the reporting duty crystallises, legitimate interests in preparing to comply
Detecting fraud, identity misuse and duplicate accounts	Recognised legitimate interest (Art 6(1)(ea)) — preventing crime is recognised by law as a legitimate interest in its own right, so no balancing test is required; your right to object still applies (section 9.8)
Detecting task gaming, collusion and Clinical Integrity Rules breaches that are contract matters rather than crimes	Legitimate interests(Art 6(1)(f)) — protecting dataset integrity and the value of other Contributors' work; assessment maintained
Platform security, debugging, service analytics and improvement	Legitimate interests (Art 6(1)(f))
Creating and assessing de-identified datasets for licensing to clients	Legitimate interests (Art 6(1)(f)) — operating the dataset-licensing business, with a maintained assessment. Once released, the data is engineered and assessed so that it is no longer personal data in the client's hands (section 6.4)
Disclosing pseudonymised Contributions or Judgement Data to clients	Legitimate interests (Art 6(1)(f)) — operating the dataset-licensing business the contract describes, with the safeguards in section 6.4
Attribution — your name and registration number on dataset manifests	Consent (Art 6(1)(a)) — optional, withdrawable
Sharing your Reliability Report with a named buyer	Consent (Art 6(1)(a)) — granted per named buyer, withdrawable
Marketing emails	Consent — optional, withdrawable, unsubscribe in every email
Establishing, exercising or defending legal claims; responding to regulators, auditors and law enforcement	Legal obligation (Art 6(1)(c)) or legitimate interests (Art 6(1)(f)), minimised in every case
Reporting serious dishonesty or identifiable-patient-data breaches to your professional regulator (section 6.7)	Legitimate interests (Art 6(1)(f)) — upholding the professional-standards framework and patient confidentiality; minimised in every case, and we tell you unless the law prevents it

4.2 The consents, specifically. We ask for at most four consents — biometric verification (3.3), attribution, per-buyer Reliability Report sharing, and marketing. Each is presented separately, never bundled with the Terms of Service or anything else, off by default, and independently withdrawable from your settings in one action. Withdrawal takes effect going forward: it does not undo processing that already happened lawfully (for attribution, manifests already published may persist as described in the attribution provisions of the Contributor Agreement), and it never carries any detriment.

4.3 What we will never do. We will never: treat your terms acceptance as consent to anything; hand your raw identity documents or biometric data over to clients (section 6.5); sell your personal data; or use your name, image or likeness in marketing without a separate, specific consent.

5. Automated decision-making

5.1 What is automated.Calibration scoring is automated: your responses to calibration tasks are scored against reference standards, and the resulting calibration and readiness metrics determine which task tiers and Engagements are open to you. Because these decisions can gate access to paid work, we treat them as significant decisions under the UK GDPR's automated decision-making rules (Arts 22A–22D) and give you the full set of safeguards, whether or not the law strictly requires it in every case.

5.2 Your safeguards. For any automated decision that affects your access to tasks or tiers:

(a) Information — we tell you the decision has been made, what it affects, and the main factors behind it;
(b) Human review on request — a clinically qualified reviewer who was not involved in building the scoring system will re-take the decision;
(c) Representations — you can put your case and submit anything you want considered;
(d) Contest — you can challenge the outcome, and escalate through the Data Protection Complaints Procedure if you believe the decision process breached your rights.

Use the "Request human review" control on any results screen that communicates an automated decision, or email privacy@entertheloop.ai.

5.3 What automated decisions never use. Automated gating never uses your biometric data, health data, or any other special category data. Fraud and integrity signals (sections 3.9 and 4.1) never produce a solely automated significant decision: an integrity or fraud flag always routes to a human before anything that affects you is decided.

6. Who we share your data with

6.1 Our processors. Suppliers who process data only on our instructions, under contracts meeting UK GDPR Art 28:

Processor category	What they process	Where
Hosting and database provider	All platform data	EU data centres (Ireland)
Identity-verification provider	Identity documents; biometric data (optional route only)	—
Payment processor	Payout details and payment instructions	—
Email provider	Email address; message content	—

A current list of named processors is available from privacy@entertheloop.ai.

6.2 Our payment processor also acts as an independent controller for its own regulatory obligations (for example, anti-money-laundering law). Its own notice covers that processing.

6.3 Clients — the most important section of this notice. AI developers and other organisations license evaluation datasets from us. They are independent controllers, not our processors, and what they receive is strictly tiered:

6.4 The two rails (plus attribution).

(a) De-identified datasets.The default product. Before release, datasets are engineered and assessed against the Information Commissioner's anonymisation standards in force from time to time — including a documented motivated-intruder assessment that treats modern AI tooling as an intruder resource — so that you are not identified or reasonably identifiable from them. Clients are additionally contractually prohibited from attempting re-identification. We never describe a dataset as anonymous without the documented assessment behind it.
(b) Pseudonymised data. Where a client needs per-contributor signals (for example, rater-consistency analysis), it receives data keyed to a pseudonym. We keep the key; the client never gets it. Disclosure happens only under a controller-to-controller contract containing: a whitelist of permitted purposes; a ban on re-identification and on attempting it; onward-transfer limits; breach notification; deletion and return obligations; audit rights; and a flow-down of your erasure rights (section 9.5).
(c) Attributed data — only ever with your consent. Your name and registration number appear on dataset manifests and licensing documentation only while your attribution consent is in force.

6.5 Verification attestations — never raw KYC. Clients who need assurance that contributors are verified clinicians receive a signed attestation record: a verified-clinician flag, the verification date and method, and — only where your attribution consent is in force — your regulator and registration number. Your identity documents, your selfie and your biometric data are never transferred to or retained by clients. The evidential file stays in our custody. If a contract audit ever requires inspection of that file, it is inspected under strict contractual audit controls in our custody — never handed over — and we will tell you if that happens unless the law prevents us.

6.6 Auditors and professional advisers. Under confidentiality obligations, and only what the engagement requires.

6.7 Regulators and law enforcement. We disclose data to the Information Commissioner, to law enforcement, or to other public authorities where the law requires it, and we keep every such disclosure to the minimum required. We also reserve the right to report serious dishonesty or a breach involving identifiable patient data to your professional regulator, consistent with the professional-standards framework we both work under; if we ever do, we will tell you unless the law prevents us.

6.8 Corporate events. If EnterTheLoop is involved in a merger, acquisition or asset sale, your data may be disclosed under confidentiality to the parties involved; this notice (or one no less protective) continues to apply, and we will notify you before your data becomes subject to a different notice.

6.9 No advertising sharing. We do not share your data with advertising networks or data brokers, and we do not sell personal data.

7. International transfers

7.1 Your data is hosted in the EU (Ireland), which UK law treats as adequate. Transfers outside the UK and EEA arise mainly when a client outside the UK (most often in the United States) licenses pseudonymised or attributed data, or when a processor operates internationally.

7.2 How we protect transfers. For each restricted transfer we use one of:

(a) the UK–US Data Bridge (the UK Extension to the EU–US Data Privacy Framework), where the recipient holds a current certification — checked per recipient, per transfer; or
(b) the International Data Transfer Agreement (IDTA) or the UK Addendum to the EU standard contractual clauses, together with a transfer risk assessment confirming the protection is not materially lower than in the UK.

7.3 Fallback. Every contract with a US client embeds the UK Addendum as an automatic fallback, so that if the Data Bridge is ever suspended or invalidated, the contractual safeguard takes over without interruption to the protection of your data.

7.4 Copies. You can obtain a copy of the relevant safeguard (redacted of commercial terms) from privacy@entertheloop.ai.

8. How long we keep your data

8.1 The schedule below governs. Where a period survives account closure, that is because legislation requires it or because we need the records to establish, exercise or defend legal claims (UK GDPR Art 17(3)(e)) — we say so rather than retaining silently.

Data	Retention period	Why
Biometric templates, facial images, liveness data	Transient — deleted on verification completion (typically hours); only the outcome and audit metadata are kept	Data-minimisation: nothing else is needed once you are verified
Identity documents and register-check evidence	6 years after account closure	Limitation period for legal claims (Limitation Act 1980)
CV, certificates and proof of address	6 years after account closure	Limitation period for legal claims
Platform-reporting due-diligence fields (name, address, DOB, NINo/TIN, account identifier)	5 years from the end of the reportable period — survives account deletion	SI 2023/817 reg 3(4) (statutory duty)
Payment and tax records	6 years from the end of the accounting period	Finance Act 1998 Sch 18 (statutory duty)
Contributions (task submissions)	Contract term + 6 years, or as required by the dataset licence they are included in	Limitation period; licensed-dataset integrity
Judgement Data, including calibration/reliability metrics and your Reliability Report	Account life + 6 years after closure, or as required by the dataset licence they are included in	Limitation period; licensed-dataset integrity
Ledger rows (Units, Contributions, acceptance events)	Indefinite, in pseudonymous form	The ledger is append-only by design; erasure is delivered by crypto-shredding the key that links rows to you (section 9.5)
Account and profile data	Account life + 6 years after closure	Limitation period
Acceptance, consent and withdrawal records	6 years after account closure; for Engagements involving trade-secret material, acceptance records are kept for as long as any surviving obligation subsists plus 6 years	Establishing, exercising or defending legal claims (Art 17(3)(e)) — these records evidence what you accepted, consented to and signed; held in isolation after erasure (section 9.5)
Communications and support records (other than data-protection complaint records — next row)	2 years after resolution, or longer where relevant to a live dispute	Service quality; legal claims
Data-protection complaint records	6 years from closure of the complaint (or conclusion of any Information Commissioner or court process, if later)	Establishing, exercising or defending legal claims; accountability for the statutory complaints procedure (section 10)
Routine usage and security logs	12 months; longer only where part of a specific investigation	Security operations
Marketing data	Until consent withdrawn; suppression record kept thereafter	The suppression record is what stops us emailing you again

8.2 When a retention period ends, we delete the data or render it permanently de-identified.

9. Your rights

You have the following rights over your personal data. They are free of charge, except that where a request is manifestly unfounded or excessive the law lets us charge a reasonable fee or refuse it — if we ever rely on that, we will tell you why and you can complain (section 10). Exercising any right never affects your account standing.

9.1 How to exercise any right. Email privacy@entertheloop.ai or use the in-platform privacy controls. We may need to verify your identity before acting — normally by confirming control of your registered email and account; we will only ask for more where we have a genuine doubt, and never more than is proportionate.

9.2 Timescales. We respond within one month. For complex or numerous requests we may extend by up to two further months — we will tell you within the first month, with reasons. If we genuinely cannot identify what you are asking for, we may ask you to clarify; the response clock pauses until you reply, and we log every such pause.

9.3 Access. You can ask for a copy of your personal data and the supplementary information in this notice. The law entitles you to the results of a reasonable and proportionate search; we will tell you how we scoped the search and you can ask us to widen it.

9.4 Rectification. You can have inaccurate data corrected and incomplete data completed. Registration details are re-checked against the public register on correction.

9.5 Erasure. You can ask us to delete your personal data. Because our platform is built on an append-only ledger, here is — candidly — how erasure works and what it can and cannot reach:

(a) Crypto-shred design.Ledger rows (Contributions, Units, acceptance events) do not contain your name; they link to you only through a separate registry key. On erasure we destroy that key and delete your registry entry ("crypto-shredding"), so that we can no longer connect those rows to you, and re-identification by anyone else is not reasonably likely, assessed against the Information Commissioner's anonymisation standards. This is how we deliver erasure without destroying the integrity record that other Contributors, clients and auditors rely on.
(b) Ordinary records (profile, documents, communications) are deleted, subject to (c) and to the section 8 schedule.
(c) Statutory and legal-claims carve-outs. Fields UK law obliges us to keep survive erasure for their statutory periods only: the platform-reporting fields (5 years from the end of the reportable period) and tax records (6 years from the end of the accounting period). Records we need to establish, exercise or defend legal claims (Art 17(3)(e)) — including identity-verification evidence and the records evidencing your acceptance and signature of our agreements — survive erasure for the periods in section 8 (6 years after account closure; for Engagements involving trade-secret material, for as long as any surviving obligation subsists plus 6 years). We hold every carved-out record in isolation, use it for nothing else, and delete it when the relevant period runs out.
(d) Accrued but unpaid Units or fees. Erasure never forfeits anything you have earned. If you have accrued entitlements when you ask for erasure, we will tell you before completing it: you can have any payable amounts paid out first, or proceed immediately — in which case the entitlements are frozen, not forfeited, and can be revived if you later re-verify your identity. We cannot pay an account we can no longer connect to a person; the choice is yours and we will set it out clearly at the time.
(e) Downstream notification. If attributed copies of your data have gone to clients under your attribution consent, we take reasonable steps to notify those clients of your erasure request so they can act on it — this obligation is written into every dataset licence. De-identified datasets contain nothing identifying you, so there is nothing in them for erasure to reach.

9.6 Restriction. You can ask us to hold but not use your data — for example while accuracy or an objection is being resolved.

9.7 Portability. You can receive the data you provided to us — account data and your Contributions — in a structured, commonly used, machine-readable format, and have it transmitted to another controller where technically feasible. Your professional credentials, CPD evidence and Reliability Report are always yours to use and share freely.

9.8 Objection. You can object to any processing we run on legitimate interests (Art 6(1)(f)) or on the recognised legitimate interest ground (Art 6(1)(ea)) — including register checks, analytics, integrity monitoring, fraud detection and pseudonymised client disclosures. We will stop unless we demonstrate compelling legitimate grounds that override your interests, rights and freedoms, or the processing is needed for legal claims. Objection to marketing is absolute: we stop, no questions.

9.9 Consent withdrawal. Every consent (biometric verification, attribution, per-buyer Reliability Report sharing, marketing) is withdrawable from your settings in one action, with effect going forward, and with no detriment of any kind. Once biometric verification has completed there is nothing left to withdraw — the data is already deleted; your settings screen shows the deletion date.

9.10 Automated decision-making rights. As set out in section 5: information, human review, representations and contest, for any significant automated decision.

9.11 If we refuse a request (for example, where an exemption applies), we tell you why, and tell you about your right to complain to the Information Commissioner and to seek a court remedy.

10. Complaints

10.1 To us first, if you wish — but it is never a precondition. We operate a data-protection complaints procedure as required by the Data Protection Act 2018 (s 164A): an electronic complaint form is available in the platform and at entertheloop.ai/privacy/complaints, we acknowledge within 30 days, and we respond without undue delay. The full procedure is in the Data Protection Complaints Procedure document.

10.2 To the Information Commissioner. You can complain at any time to the Information Commissioner (or successor) at ico.org.uk or by post to the address published there. You do not need to complain to us first, and complaining to us never limits your right to go to the Commissioner or to court.

11. Cookies and local storage

11.1 We use only cookies and local storage that do not require consent: session authentication and security (including fraud and abuse prevention), which are strictly necessary, and remembering your settings, which is permitted without consent under the rules for functionality preferences. There is no advertising, cross-site tracking, or third-party analytics cookie on the platform.

11.2 If we ever introduce a non-essential cookie or similar technology, we will publish a separate cookie notice and ask for your consent before setting it — never after.

12. Changes to this notice

12.1 When we change this notice we will notify you by email and in-platform, with a summary of what changed and a dated version history. For material changes we give at least 30 days' notice before the change takes effect.

12.2 We will never treat your continued use of the platform as consent or agreement to a changed notice. This notice is a transparency document: where a change involves processing that needs your consent, we will ask for that consent separately and specifically; where it changes something the contract governs, the variation provisions of the Terms of Service and the Contributor Agreement apply.

13. Who can use the platform

13.1 The platform is for registered healthcare professionals aged 18 or over. We do not knowingly collect personal data from anyone under 18; if you believe we have, contact privacy@entertheloop.ai and we will delete it.