Privacy policy
How CheckGP collects, uses, and protects your personal information.
Effective from: 2 June 2026
Last updated: 2 June 2026
Version: 1.0
Introduction
This Privacy Policy explains how CheckGP collects, uses, and protects your personal information. It applies to checkgp.co.uk and checkgp.com.
If anything here is unclear or you’d like to exercise any of your rights, contact privacy@checkgp.co.uk.
1. Who we are
CheckGP is a trading name of Great Offers Limited, a company registered in England and Wales.
| Company number | 10866807 |
|---|---|
| Registered office | 71–75 Shelton Street, Covent Garden, London, England, WC2H 9JQ |
| Trading as | CheckGP |
| Service | A directory of private GP clinics in London, showing verified prices, locations, opening hours, ratings, and patient reviews. |
| Data controller | Great Offers Limited |
| Contact for privacy matters | privacy@checkgp.co.uk |
CheckGP is registered with the Information Commissioner’s Office (ICO).
We are not a healthcare provider. We do not give medical advice. We do not book or process appointments on your behalf. See our Terms of Use for the full scope of the service.
2. The information we collect
2.1 Information you give us
When you use the site, we collect personal information you submit to us through forms:
| Form | Information collected |
|---|---|
| Correction form (on individual clinic pages) | Clinic identifier, the field you’re correcting, your suggested correction, optionally your email address, optional notes. |
| Contact form | Your name, email address, the message you write. |
Clinic enquiry form (/for-clinics) | Business name, clinic website URL, contact name, contact email address, optional phone number. |
| Admin login | Email address (for staff use only, not applicable to general visitors). |
You don’t need to create an account to use CheckGP. There are no user profiles.
2.2 Information we collect automatically
Whenever anyone visits the site, our hosting provider records:
- Your IP address — used for rate-limiting form submissions, basic security, and aggregated location-level analytics. Stored in server logs for 30 days, then deleted.
- Your browser type and version (the “user-agent string”) — for the same purposes as above.
We also use Plausible Analytics to understand how the site is used (which pages are viewed, which filters are clicked, which outbound links are followed). Plausible is privacy-focused: it does not set cookies, it does not track you across other websites, and it does not store any information that could identify you. IP addresses are hashed and rotated daily before being processed.
2.3 Information about clinics and doctors
CheckGP displays factual information about clinics and the doctors who work at them:
- Clinic name, address, phone number, website, opening hours, prices.
- Doctor names and General Medical Council (GMC) registration numbers, where publicly listed.
- Care Quality Commission (CQC) inspection ratings and dates.
- Google reviews of clinics, served via the Google Places API.
This is publicly available professional information that we process under legitimate interest (see section 4). If you are a doctor or a clinic owner and want your information removed, contact privacy@checkgp.co.uk — see section 8 for your rights.
3. How we use the information
We use the personal information you give us only for the purposes connected with your interaction with CheckGP:
| Purpose | Information used |
|---|---|
| Reviewing and acting on clinic information corrections | Correction form submissions |
| Responding to your enquiries | Contact form submissions |
| Discussing clinic listings, premium tiers, or partnership opportunities with clinics | /for-clinics enquiries |
| Protecting the site from abuse and spam | IP address, user-agent |
| Understanding how the site is used in aggregate | Plausible event data |
We do not sell your personal information. We do not use it for advertising. We do not share it with third parties for their own marketing.
4. The legal basis for processing your information
Under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, we must have a lawful basis to process your personal information. The basis depends on the activity:
| Activity | Lawful basis |
|---|---|
| Displaying public information about doctors and clinics | Legitimate interest — operating a public directory in the interest of price transparency for users seeking private healthcare. |
| Processing correction form submissions | Your consent, given by submitting the form, plus our legitimate interest in maintaining an audit trail. |
| Responding to contact form messages | Your consent. |
Replying to clinic enquiries via /for-clinics | Your consent and the necessary steps to enter into a possible commercial agreement. |
| Logging IP addresses for security and rate-limiting | Our legitimate interest in protecting the site from abuse. |
| Aggregate site usage analytics (Plausible, cookieless) | Our legitimate interest in understanding how the service is used. |
You can withdraw consent at any time by contacting privacy@checkgp.co.uk. Where we rely on legitimate interest, you can object to processing — see section 8.
We do not process any special category data (such as data about your health, beliefs, or sexual orientation).
5. Who we share information with
CheckGP runs on a small number of carefully chosen service providers. Each acts as a data processor under contract to us.
| Provider | What they do for us | Where they process data |
|---|---|---|
| Supabase | Database and authentication for admin login | EU (London region) |
| Vercel | Website hosting and server logs | EU (configured) |
| Cloudflare | Domain name management | UK / global |
| Mapbox | Map tiles and geocoding on clinic and area pages | United States |
| Plausible Analytics | Cookieless aggregate analytics | EU (Frankfurt) |
| Google (Places API) | Powering the reviews shown on clinic pages | United States |
| Anthropic | Server-side processing to extract pricing from clinic websites (no personal data processed here) | United States |
| Google Workspace | Our staff email | United States / EU |
We do not share your personal information with anyone else, except where we are legally required to (for example, in response to a valid court order or to comply with regulatory requirements).
If you submit a clinic listing enquiry through /for-clinics, we will use the contact information you provide to reply to you about CheckGP. In the future, if you become a paying clinic partner, we may also use Stripe to process subscription payments and a transactional email provider to send receipts. We will update this policy before introducing those processors.
6. Transfers outside the UK
Some of the processors listed in section 5 are based in the United States. When your information is transferred outside the UK, we ensure that an appropriate safeguard is in place — usually the UK International Data Transfer Agreement (IDTA) or the EU Standard Contractual Clauses (SCCs) as adopted by the UK — under each processor’s standard data protection terms.
You can ask for a copy of these safeguards by emailing privacy@checkgp.co.uk.
7. Cookies and similar technologies
CheckGP uses as few cookies as possible.
- Plausible Analytics, our analytics provider, sets no cookies at all.
- We do not use any advertising or tracking cookies.
- The Supabase authentication cookie is set only on the staff
/adminarea, never on public pages. - Mapbox, our map provider, may set cookies on its embedded map tiles. These are only loaded after you interact with a map AND have accepted the cookie banner.
Our cookie banner is the place where you can accept or reject non-essential cookies. You can change your choice at any time via the cookie settings link in the site footer.
8. Your rights
Under UK data protection law, you have the following rights in relation to your personal information:
| Right | What it means in practice |
|---|---|
| Access | Ask us to confirm what information we hold about you, and to give you a copy of it. |
| Rectification | Ask us to correct information that is inaccurate or incomplete. |
| Erasure (“right to be forgotten”) | Ask us to delete information about you, in certain circumstances. |
| Objection | Object to processing we carry out based on legitimate interest. |
| Restriction | Ask us to limit how we use your information in certain circumstances. |
| Portability | Ask us to send certain information in a structured, machine-readable format. (Limited application to CheckGP because we don’t run user accounts.) |
| Withdraw consent | Where we rely on consent (such as for contact form replies), you can withdraw it at any time. |
How to exercise a right: email privacy@checkgp.co.uk with the right you want to exercise and any details that help us identify the information in question. We will reply within 30 days. There is no charge for a reasonable request.
Doctors and clinic owners. If you are a doctor or a clinic owner and you want your information removed from CheckGP, we will action a verified request within 7 working days. We may preserve the URL with a “this clinic has chosen not to be listed” note for SEO continuity; no personal data is retained. The removal process is documented on /methodology.
Complaints. If you are not satisfied with how we have handled your information, you have the right to complain to the Information Commissioner’s Office (ICO):
Information Commissioner’s Office
Wycliffe House, Water Lane
Wilmslow, Cheshire SK9 5AF
Helpline: 0303 123 1113
https://ico.org.uk/make-a-complaint
We’d appreciate the chance to address your concerns first — email privacy@checkgp.co.uk.
9. How long we keep your information
| Information | Retention period |
|---|---|
| Server logs (IP address, user-agent) | 30 days |
| Correction form submissions | 12 months |
| Contact form messages | 12 months from last correspondence |
Clinic enquiry messages (/for-clinics) | Until the commercial relationship ends, plus 6 years for accounting purposes |
| Google reviews cache | 28 days maximum (Google’s terms require us to delete or refresh) |
| Plausible aggregate analytics | Aggregate metrics indefinitely; no raw event-level data retained |
| Clinic, doctor, and pricing information | Indefinite — this is the directory itself |
When a retention period ends we delete the information securely, except where we are required to keep it for longer (for example, to comply with tax law).
10. How we protect your information
We follow industry-standard practices to protect your information:
- All data is transferred to and from the site over HTTPS only.
- HSTS is enforced.
- Our database uses Row-Level Security policies so that only the appropriate role can read or write each table.
- Administrative access uses passwordless magic-link authentication — no passwords are stored.
- Secrets such as API keys are held in environment variables, never committed to source code.
- We rate-limit form submissions to mitigate abuse.
- We monitor our software dependencies for known vulnerabilities (GitHub Dependabot).
- We do not process payment card details on CheckGP infrastructure. When clinic subscriptions launch, all payment processing will be handled by Stripe, which holds the relevant PCI DSS certifications.
No service can guarantee perfect security. If we become aware of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the ICO within 72 hours and, where required, notify you directly.
11. Children
CheckGP is intended for adults seeking information about private GP services for themselves or their family. We do not knowingly collect personal information from children under 16. If you believe a child has submitted personal information to us, please contact privacy@checkgp.co.uk and we will delete it.
12. Changes to this Privacy Policy
We may update this Privacy Policy from time to time. When we make material changes, we will update the “Last updated” date at the top of this page and, where appropriate, provide a more prominent notice. We encourage you to review this policy occasionally.
A summary of material changes is logged below.
| Version | Date | Changes |
|---|---|---|
| 1.0 | 2 June 2026 | Initial publication. |
13. Contact
For any questions about this Privacy Policy, your information, or your rights:
Email: privacy@checkgp.co.uk
Post: CheckGP (Privacy), c/o Great Offers Limited, 71–75 Shelton Street, Covent Garden, London, WC2H 9JQ