Privacy notice
Pilot release · last updated 8 June 2026
Who we are (data controller)
Scanlog is operated by Ratnadeep Ghadge as an individual data controller, based in the United Kingdom, registered with the ICO (registration number C1954195). For any privacy question or request, contact privacy@scanlog.co.uk.
About this app
Scanlog is a personal ultrasound logbook used by clinicians in training and their supervisors to record their own learning. It is currently in pilot release with a small invited group of users. It does not hold NHS clinical records or patient-identifiable data.
What we store
- Your email address and a hashed password (for sign-in).
- Your profile: name, grade, specialty, ultrasound role. You control this and can update it at any time.
- Logbook entries you create: anonymous study ID, scan type, findings, scan date, supervision details, and any images or short videos you upload.
- Security audit records (sign-ins, exports, share changes, admin actions) so we can investigate misuse.
Lawful basis
Under UK GDPR we rely on the following lawful bases:
- Consent (Article 6(1)(a)) — for creating your account, storing your profile, and processing the logbook entries you choose to record. You may withdraw consent at any time by deleting your account.
- Legitimate interests (Article 6(1)(f)) — for keeping security and audit logs needed to protect the service against misuse, and for sending essential service emails (sign-in, password reset, account approval).
What you must NOT enter
Scanlog is not a clinical record system and is not approved for patient-identifiable data. Do not enter or upload:
- Patient names, NHS numbers, hospital numbers, or dates of birth.
- Images or videos that show patient identifiers on the scanner overlay.
The app will warn you if it detects these patterns, but you remain responsible for anonymising any media before upload.
Where data is stored and who processes it
Your data is stored in EU/UK-region managed databases and object storage, with row-level security so only you (and any colleague you explicitly share your logbook with) can read your scans. We use the following categories of processors / sub-processors who act on our instructions:
- Supabase (database, authentication, file storage) — EU region.
- Lovable (application hosting and delivery platform).
- Cloudflare (edge network, DNS and CDN for scanlog.co.uk).
- Transactional email provider used to send essential service emails from
noreply@scanlog.co.uk(sign-in confirmation, password reset, account approval).
Some providers may process data outside the UK/EU (for example in the US). Where that happens we rely on appropriate safeguards such as the UK International Data Transfer Addendum or EU Standard Contractual Clauses.
Cookies and analytics
Scanlog uses only a strictly-necessary session cookie required to keep you signed in. We do not use advertising cookies, third-party analytics, or tracking pixels.
How long we keep it
Logbook entries are kept for as long as your account is active. Deleted scans stay recoverable for 30 days, then are permanently removed. Audit records are kept for up to 12 months during the pilot.
Your rights
Under UK GDPR you have the right to:
- Access a copy of the personal data we hold about you.
- Rectification of inaccurate or incomplete data.
- Erasure of your account and associated data.
- Restriction of how we process your data.
- Object to processing based on legitimate interests.
- Data portability — download your full logbook from Settings at any time.
- Withdraw consent at any time, without affecting earlier lawful processing.
To exercise any of these rights, contact privacy@scanlog.co.uk. We will respond within 30 days.
How to complain
If you have a concern about how Scanlog handles your personal data, please contact us at privacy@scanlog.co.uk. We will acknowledge your complaint within 30 days and let you know how we intend to resolve it. If you are not satisfied with our response, or believe we are processing your data unlawfully, you have the right to complain to the Information Commissioner's Office (ICO), the UK's data protection regulator. You can reach the ICO at ico.org.uk/make-a-complaint or by calling 0303 123 1113. We would, however, appreciate the chance to address your concerns before you approach the ICO, so please do contact us first where possible.
Contact
Data controller: Ratnadeep Ghadge. Questions, complaints, or data requests: privacy@scanlog.co.uk.