ThePractice Standard

Legal

Privacy Policy

Last updated: 23 May 2026

1. Who We Are

The Practice Standard operates thepracticestandard.co.uk. We are the data controller for personal data collected through this website. If you have any questions about how we handle your data, contact us at hello@thepracticestandard.co.uk.

2. Data We Collect

All users: email address, account type, and usage data (pages visited, actions taken).

Candidates: full name, profession, registration number (optional), location, years of experience, bio, and CV (optional).

Practices: practice name, type, address, website, phone number, and billing information (processed by Stripe — we do not store card details).

Applications: cover letters and any information you include when applying for a role.

3. How We Use Your Data

  • To provide the service — creating accounts, posting jobs, submitting applications, processing payments.
  • To communicate with you — application notifications, account updates, and (with your consent) relevant job alerts.
  • To improve the platform — understanding how the site is used to make it better.
  • To comply with legal obligations — financial records, fraud prevention.

Our lawful basis under UK GDPR is contract performance (to provide the service you signed up for) and legitimate interests (improving the platform, preventing fraud).

4. Sharing Your Data

We share data only where necessary:

  • With practices — when you apply for a role, your application and profile information is shared with the hiring practice.
  • Stripe — payment processing. Stripe is PCI-DSS compliant. See stripe.com/gb/privacy.
  • Supabase — our database and authentication provider, hosted in the EU.
  • Resend — transactional email delivery.

We do not sell your personal data to third parties.

5. Data Retention

We retain your data for as long as your account is active. If you delete your account, we will delete your personal data within 30 days, except where we are required to retain it for legal or financial reasons (e.g. billing records, which we keep for 7 years as required by HMRC).

6. Your Rights

Under UK GDPR, you have the right to:

  • Access — request a copy of the personal data we hold about you.
  • Rectification — ask us to correct inaccurate data.
  • Erasure — ask us to delete your data (“right to be forgotten”).
  • Restriction — ask us to limit how we use your data.
  • Portability — receive your data in a portable format.
  • Objection — object to processing based on legitimate interests.

To exercise any of these rights, email hello@thepracticestandard.co.uk. We will respond within 30 days.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO).

7. Cookies

We use essential cookies only — specifically, authentication session cookies set by Supabase to keep you logged in. We do not use tracking or advertising cookies. No consent banner is required for essential cookies under UK law.

8. Security

We use industry-standard security measures including encrypted connections (HTTPS), secure password hashing, and row-level security on our database. No system is 100% secure — if you believe your account has been compromised, contact us immediately.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by email. The date at the top of this page shows when it was last revised.

10. Contact

For any privacy-related queries: hello@thepracticestandard.co.uk