⚠ DEMO ENVIRONMENT
Enterprise AuthHub

Privacy Notice

Version 1.0 — Effective 1 June 2026

Who we are

Enterprise AuthHub is a Relationship-Based Access Control service operated for healthcare organisations. This privacy notice explains how we collect, use, and protect personal information when you register for and use the AuthHub platform.

What data we collect

  • Your name and email address (provided during registration)
  • Your national identity provider token (used for authentication)
  • Your organisation's ODS code and details
  • API usage logs and access patterns
  • Authorization relationship data you create within the platform

How we use your data

We process your personal data for the following purposes:

  • Verifying your identity and organisation during registration
  • Providing the authorization-as-a-service platform
  • Maintaining audit trails as required by healthcare governance
  • Sending service notifications and security alerts
  • Monitoring platform health and detecting anomalies

Legal basis for processing

We process your data on the following legal bases under UK GDPR: (a) performance of a contract (Article 6(1)(b)) for service delivery; (b) legitimate interests (Article 6(1)(f)) for security monitoring and fraud prevention; (c) legal obligation (Article 6(1)(c)) for audit retention requirements.

Data retention

Registration data is retained for the duration of your organisation's subscription plus 90 days. Audit logs are retained for 7 years in accordance with records management policy. You may request deletion of your personal data at any time, subject to legal retention requirements.

Your rights

Under UK GDPR, you have the right to:

  • Access the personal data we hold about you
  • Rectify inaccurate personal data
  • Request erasure of your personal data
  • Restrict processing in certain circumstances
  • Data portability (receive your data in a structured format)
  • Object to processing based on legitimate interests
  • Lodge a complaint with the ICO (ico.org.uk)

Data security

All data is encrypted at rest and in transit. Access to personal data is restricted to authorised personnel via role-based access control. We conduct regular security assessments and maintain ISO 27001 alignment.

Contact

For data protection queries, contact our Data Protection Officer at dpo@authhub.cloud. To exercise your rights, email privacy@authhub.cloud.

← Back to Registration