Skip to main content
Privacy and security in smart home technology for elderly care
GDPR Compliant

Your Family's Privacy Comes First

We understand you're trusting us with sensitive family information. Here's exactly how we protect it.

Our Commitment

Our Privacy Promise

We never sell your data. Your trust is more valuable than any sale.

Your information, your family's information, and the data from your home monitoring system belongs to you. We don't sell it, rent it, or share it with marketers, data brokers, or advertisers. Not now, not ever.

We built Croft because we understand the trust you're placing in us. Your parents' independence and dignity matter more than any sale.

We only use your information to:

Provide the service you've signed up for
Send you alerts when something important happens at home
Improve our systems to better serve your family
Communicate with you about your service and account

Transparency

What Data Do We Collect?

Account Information

When you sign up, we collect:

  • Your name and contact information
  • Your parent's name and address
  • Emergency contact details
  • Payment information (processed securely by a fully regulated, PCI-compliant payment processor)

Home Monitoring Data

Our sensors collect:

  • Motion detection (not video)
  • Temperature readings
  • Door/window events
  • Light levels
  • Device status

We Do NOT Collect

Privacy protected:

  • Video or audio recordings
  • GPS location tracking
  • Biometric data
  • Medical information

Security

How Do We Protect Your Data?

Bank-Level Encryption

All data is encrypted using the same technology banks use to protect financial transactions. This means even if someone intercepted the data, they couldn't read it.

Secure UK & European Data Centers

We host all data with Cloudflare, a trusted provider used by major UK banks and healthcare providers. Their data centres have physical security, backup systems, and round-the-clock monitoring.

Limited Access

Only essential Croft staff can access your data, and only when necessary to provide support or resolve issues. All access is logged and audited.

Secure Login

Family dashboard access requires strong passwords when accessing from outside the home to keep your account protected and private.

Access Control

Who Has Access to the Data?

You control who sees what.

Your Parents:

Can see their own home status and adjust settings. They control what family members can see and can disable monitoring at any time.

Authorised Family Members:

You choose who gets access to alerts and the family dashboard. Each person must be explicitly invited and can be removed at any time.

Croft Support Team:

Can access data only when troubleshooting issues or providing support, with your permission. All access is logged.

Third Parties:

We do NOT share your data with marketers, advertisers, or data brokers. Ever.

Your Rights

Your Rights (UK GDPR Compliance)

Under UK data protection law, you have the right to:

Access Your Data

Request a copy of all data we hold about you. We'll provide it within 30 days, free of charge.

Correct Your Data

Update incorrect or incomplete information at any time through your dashboard or by contacting us.

Delete Your Data

Request deletion of your account and all associated data. We'll permanently delete it within 30 days of your request.

Export Your Data

Download all your data in a standard format to take to another service provider.

Withdraw Consent

Object to how we use your data or withdraw consent at any time without affecting service quality.

Lodge a Complaint

If you're unhappy with how we handle your data, you can complain to the UK Information Commissioner's Office (ICO).

To exercise any of these rights, contact our Data Protection Officer:

Submit Privacy Request

Or email directly: [email protected]

We will respond within 30 days of receiving your request.

For Compliance Officers

Technical Details & Compliance

For security professionals and compliance officers

• Data in transit: TLS 1.3 (Transport Layer Security) • Data at rest: AES-256 encryption • End-to-end encryption for sensitive personal data • Regular security audits and penetration testing
• Primary hosting: Cloudflare (UK & EU data centers) • Certifications: ISO 27001, SOC 2 Type II • GDPR-compliant data processing agreements in place • Automatic daily backups with 30-day retention • DDoS protection and WAF (Web Application Firewall)
• Legal basis: Contract performance and legitimate interest • Data minimisation: Only collect necessary information • Purpose limitation: Data used only for stated purposes • Accuracy: Regular data quality checks • Storage limitation: Automatic deletion after retention period
• Payment processing: Stripe (PCI DSS Level 1) • Email service: Resend (GDPR-compliant) • Newsletter subscriptions: Mailjet (GDPR-compliant, EU-based) • Analytics: Google Analytics 4 and Microsoft Clarity (privacy-focused) • All processors have signed GDPR Data Processing Agreements
• Right to access (Article 15 GDPR) • Right to rectification (Article 16 GDPR) • Right to erasure / "Right to be forgotten" (Article 17 GDPR) • Right to restriction of processing (Article 18 GDPR) • Right to data portability (Article 20 GDPR) • Right to object (Article 21 GDPR) • Rights related to automated decision making (Article 22 GDPR)
• Notification to ICO within 72 hours of discovery • Affected individuals notified without undue delay • Documented breach response procedures • 24/7 security monitoring and incident response

Data Management

How Long Do We Keep Your Data?

We only keep your data as long as necessary to provide the service and meet legal requirements.

Active Account Data

Kept for the duration of your subscription plus 12 months for billing and support purposes.

After Account Deletion

We permanently delete all personal data within 30 days of your deletion request. We can't recover it after that.

Monitoring Data

Home sensor data is kept for 90 days, then automatically deleted. You can delete it sooner anytime.

Legal Requirements

Some financial records may be retained for up to 7 years to comply with UK tax and accounting laws.

Questions About Privacy?

We know privacy is complicated. If you have any questions, we're here to help.

Contact Us

Last updated: November 6, 2025