Privacy Policy

Last updated: November 2025

1. Introduction

LifePath Solutions ("LifePath", "we", "us", or "our") is committed to protecting the privacy and security of your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform and services.

LifePath provides a digital platform for disability support services, enabling person-centred planning, assessment, and outcome measurement. We process personal data on behalf of disability service providers (our customers) and directly from individuals who use our platform.

Data Controller: LifePath Solutions
Contact: privacy@lifepath.solutions

2. Information We Collect

2.1 Information You Provide

  • Account Information: Name, email address, phone number, organisation details, and role when you create an account or are invited to the platform.
  • Profile Information: Information provided during assessments, including personal details, support needs, preferences, goals, and quality of life indicators.
  • Communication Data: Messages, feedback, and correspondence with us or through the platform.
  • Payment Information: Billing details processed through our payment provider, Stripe. We do not store full payment card details.

2.2 Information Collected Automatically

  • Usage Data: Pages visited, features used, time spent on the platform, and interaction patterns.
  • Device Information: Browser type, operating system, device identifiers, and IP address.
  • Cookies and Similar Technologies: See our Cookie Policy for details.

2.3 Special Category Data

Our platform processes special category (sensitive) personal data including health information and disability-related data. This data is processed with explicit consent or where necessary for the provision of health or social care services under Article 9(2)(h) of the GDPR.

3. Legal Basis for Processing

We process your personal data under the following legal bases (GDPR Article 6):

  • Contract: To provide our services to you or your organisation.
  • Consent: Where you have given explicit consent, particularly for family/carer access to personal plans and for marketing communications.
  • Legitimate Interests: To improve our services, ensure security, and prevent fraud.
  • Legal Obligation: To comply with applicable laws and regulations.
  • Vital Interests: In safeguarding situations where necessary to protect life.

4. How We Use Your Information

  • Provide, maintain, and improve our platform and services
  • Process assessments and generate personal support plans
  • Enable communication between service users, staff, and family members (where consented)
  • Process payments and manage subscriptions
  • Send service-related communications and updates
  • Provide customer support
  • Ensure platform security and prevent fraud
  • Comply with legal obligations
  • Generate anonymised, aggregated analytics for service improvement

5. Data Sharing

We may share your personal data with:

  • Service Providers: Your disability service provider organisation and authorised staff members.
  • Family/Carers: Only with your explicit consent and according to your consent settings.
  • Third-Party Processors: Including:
    • Amazon Web Services (AWS) - cloud hosting
    • Stripe - payment processing
    • Email service providers for transactional emails
  • Regulatory Bodies: Where required by law or for regulatory reporting (aggregated/de-identified where possible).
  • Legal Requirements: When required by law, court order, or to protect our rights.

We do not sell your personal data. All third-party processors are bound by data processing agreements and are required to protect your data in accordance with GDPR.

6. Data Retention

We retain personal data for as long as necessary to:

  • Provide our services under active contracts
  • Comply with legal and regulatory requirements
  • Resolve disputes and enforce agreements

Specific retention periods:

  • Account data: Duration of service plus 7 years
  • Assessment and plan data: As required by healthcare record retention laws (typically 8 years from last entry, or longer for certain records)
  • Payment records: 7 years for tax and accounting purposes
  • Audit logs: Minimum 12 months

7. Your Rights

Under GDPR, you have the following rights:

  • Right of Access: Request a copy of your personal data.
  • Right to Rectification: Request correction of inaccurate data.
  • Right to Erasure: Request deletion of your data (subject to legal retention requirements).
  • Right to Restriction: Request limited processing of your data.
  • Right to Portability: Receive your data in a structured, machine-readable format.
  • Right to Object: Object to processing based on legitimate interests.
  • Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent.

To exercise your rights, contact us at privacy@lifepath.solutions. We will respond within 30 days.

8. Data Security

We implement appropriate technical and organisational measures to protect your data, including:

  • Encryption of data in transit (TLS 1.2+) and at rest (AES-256)
  • Multi-factor authentication (MFA) for all users
  • Role-based access controls (RBAC)
  • Regular security assessments and penetration testing
  • Staff training on data protection
  • Incident response procedures

9. International Transfers

Your data is primarily stored and processed within the European Economic Area (EEA). Where we use service providers outside the EEA, we ensure appropriate safeguards are in place, including Standard Contractual Clauses approved by the European Commission.

10. Children's Privacy

Our platform may process data relating to children where they are service users of disability support providers. Such processing is conducted under the authority of the service provider and with appropriate safeguards. We do not knowingly collect data directly from children under 16 without parental consent.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by email or through the platform. The "Last updated" date at the top indicates when the policy was last revised.

12. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

Email: privacy@lifepath.solutions

You also have the right to lodge a complaint with the Irish Data Protection Commission (DPC) or your local supervisory authority.

Data Protection Commission
21 Fitzwilliam Square South, Dublin 2, D02 RD28, Ireland
www.dataprotection.ie