Iris ClinicalIris ClinicalBack to home

Privacy Policy

Last updated: 20 May 2026

Iris Clinical (“we”, “us”) is an AI assistant that helps UK optometrists draft structured referral letters and clinical notes. This policy explains what data we process and the choices available to you.

1. Who we are

Iris Clinical is operated from the United Kingdom and acts as the data controller for personal data processed through the service. For any data protection enquiries, contact us via the in-app Help centre.

2. What we collect

Account data

Your email address, and any name, practice name, and GOC/GMC number you choose to add to your profile.

Clinical input

The notes, findings, and history you paste or type into Iris Clinical to generate a referral or chat response.

Generated output

The drafts Iris Clinical produces for you and any edits you make.

Usage data

Error logs and basic request metadata so we can keep the service reliable.

Billing data

Card payments are handled by Stripe. We store a subscription record and Stripe customer reference; we do not store card numbers.

3. How we use it

  • To generate referral drafts and chat responses you ask for.
  • To maintain your account, sign-in, and access control.
  • To diagnose errors and keep the service reliable.
  • To send transactional emails related to your account (sign-in, password reset, billing).

4. Lawful basis

We process your personal data under UK GDPR on the basis of contract (to provide the service you have signed up for), legitimate interests (to keep the service secure, reliable, and improved), and legal obligation (to keep billing and tax records). We do not use your clinical input to train AI models.

5. Patient identifiers

You should avoid entering full patient identifiers (name, address, date of birth, NHS number) into Iris Clinical unless your practice's information governance policy permits it.

Iris Clinical is designed to work effectively from clinical findings alone.

6. Where data is stored

Your account, drafts, and chat history are stored in our managed database hosted within the UK/EU region. Some sub-processors (see below) may process data in other jurisdictions under appropriate safeguards such as the UK International Data Transfer Addendum.

7. Sub-processors

We use the following sub-processors to deliver Iris Clinical. Each is bound by a data processing agreement.

Lovable Cloud

Application hosting, database, authentication, and file storage.

Stripe

Subscription billing and card payment processing.

Google (Gemini) and OpenAI

Large language model inference for draft generation and chat responses.

Resend

Delivery of transactional emails (sign-in, password reset, billing).

8. Security

Data is encrypted in transit (TLS) and at rest. Access to production systems is restricted, authenticated, and logged. Sensitive fields containing patient information are encrypted at the application layer in addition to the database's own encryption. If we become aware of a personal data breach affecting you, we will notify you and the ICO where required by law.

9. Cookies

We use only strictly necessary cookies and local storage to keep you signed in and remember essential preferences. We do not use advertising or third-party tracking cookies, so no consent banner is required.

10. Retention & deletion

Drafts and chat history are kept while your account is active so you can refer back to them. You can delete individual drafts at any time. You can also request permanent deletion of your account from Settings → Delete your account; pending requests are scheduled to be actioned within 30 days of the request. Billing records may be retained for up to 6 years to meet UK tax and accounting obligations.

11. Your rights

Where UK or EU data protection law applies, you have rights to access, correct, export, restrict, object to, and delete the personal data we hold about you, and to complain to a supervisory authority (in the UK, the Information Commissioner's Office).

12. Contact

For any privacy questions, sign in and submit a request from the in-app Help centre.