Privacy Notice & Terms of Use
Last updated: March 2026
SurgiCheck · surgicheck.net
SurgiCheck is a Clinical Decision Support System. It does not diagnose, prescribe, or make autonomous clinical decisions. All clinical responsibility remains with the treating clinician.
1. Platform Purpose and Scope
SurgiCheck is a perioperative risk screening and workflow management platform for aesthetic and plastic surgery clinics. The platform covers patient pre-assessment forms, clinician decision support, digital informed consent documentation, and post-operative follow-up modules.
SurgiCheck operates as a Clinical Decision Support System (CDSS). It does not generate autonomous surgical decisions; final clinical responsibility rests entirely with the treating clinician.
2. Personal Data Processed
The platform processes the following personal and special category data:
- Full name, telephone, email, date of birth, country
- Medical history (conditions, medications, lifestyle factors)
- Physical measurements (height, weight, BMI)
- Pre-operative and post-operative photographs
- Digital signature data
3. Lawful Basis for Processing (UK GDPR Art. 9(2)(h) / EU GDPR)
Health data processing is carried out under the following lawful bases:
- Art. 9(2)(h) — Medical purposes: Processing for the purposes of preventive medicine, medical diagnosis, and the provision of health care, carried out by or under the responsibility of a health professional.
- Explicit consent: Patient declaration submitted at intake.
- Legitimate interests: Clinical safety and documentation obligations.
Patients have the right to withdraw consent at any time. Withdrawal does not affect the lawfulness of processing carried out prior to withdrawal. Contact: privacy@surgicheck.net
4. Data Storage and Security
All data is stored on Firebase (Google Cloud) infrastructure. Data centre region: Europe (eur3).
TLS encryption in transit
Role-based access control
No deletion by design
Audit log
Medical records (cases, consents, follow-up responses) cannot be modified or deleted by the system after creation. Deletion can only be performed by an administrator via Firebase Console, in accordance with applicable data retention obligations.
Health data is retained for a minimum of 8 years from the date of last clinical activity, in line with standard UK medical records retention requirements.
5. Data Sharing
Patient data is not shared with third parties for commercial purposes. Data may be accessed or transferred only in the following circumstances:
- Treating clinician and authorised clinic staff (role-gated access)
- Competent public authorities where required by law
- Firebase / Google Cloud (infrastructure provider — acting as data processor)
6. Your Rights (UK GDPR / EU GDPR Art. 15–22)
Under UK GDPR and EU GDPR, you have the following rights:
- Right to be informed about processing of your data
- Right of access to your personal data
- Right to rectification of inaccurate data
- Right to restriction of processing
- Right to data portability
- Right to lodge a complaint with the ICO (UK): ico.org.uk
To exercise your rights: privacy@surgicheck.net
7. Terms of Use
By using the SurgiCheck platform, you agree to the following:
- You are responsible for providing complete and accurate medical history information.
- Clinical complications arising from incomplete or inaccurate declarations are the responsibility of the declarant.
- Platform outputs are produced solely for clinician decision support and do not constitute medical advice.
- Unauthorised reproduction or commercial use of platform content is prohibited.
8. Contact
For privacy and data processing requests: privacy@surgicheck.net
General enquiries: surgicheck.net