Privacy policy

1. Who we are

Sessional Limited (company number 17159781) ("Sessional", "we", "us") is the data controller for personal data processed through sessional.uk and sessional.co.uk. We provide workflow software for UK locum healthcare professionals.

Data protection contact: [email protected]

2. What data we collect

We collect the following categories of personal data:

Account information

• First name, last name, and email address
• Phone number (optional)
• Professional registration number (optional)
• Profile photo (optional)
• Password (stored as a one-way cryptographic hash. We cannot read your password.)

Professional information

• Employment type and pension scheme
• Primary specialty and professional biography
• Postcode (used for location-based search via postcodes.io. Only the postcode is sent, not your name or other details)
• National Insurance number and pension reference number (used for NHS pension form generation, stored encrypted at rest)

Workflow data

• Booking records (dates, times, rates, organisation details, payment terms, cancellation terms)
• Invoice data (amounts, payment status, organisation references, delivery tracking)
• Billing details (bank name, sort code, account number, UTR, company registration, stored encrypted at rest)
• Expense records (category, amount, mileage, dates, receipt uploads)
• Professional documents (DBS, indemnity certificates, training records, stored encrypted in transit)
• Booking requests from organisations
• Availability calendar entries
• NHS pension form calculations and submission records
• Notification preferences
• Support tickets and correspondence (Pro tier)

Technical and security data

• Authentication session records (login times, last activity)
• Audit logs of account actions (for security and compliance)
• Email delivery status (sent, delivered, bounced, via Postmark)
• API keys and usage logs (Pro tier)

3. How we use your data

4. Who we share your data with

We share your data only with the following third-party processors, and only to the extent necessary to provide the service:

We do not sell your data. We do not share it with advertisers. We do not use your data for purposes other than providing and improving the service.

If you connect a third-party accounting integration (e.g. Xero), your invoice, expense, and contact data will be shared with that provider under their own privacy policy. You can disconnect at any time from your integrations page.

5. International data transfers

Your data is stored and processed in the United Kingdom. Stripe and Postmark are US-based companies that process some data outside the UK under approved transfer mechanisms (Standard Contractual Clauses and UK adequacy decisions). Xero is Australia/NZ-based and processes data under UK-approved transfer mechanisms. We assess each processor to ensure your data receives equivalent protection to UK GDPR standards.

6. How long we keep your data

When you request account deletion, we remove all your personal data within 30 days, including invoices, bookings, expenses, and pension records. We recommend you export your data before requesting deletion.

7. Your rights

Under UK GDPR, you have the right to:

• Access: request a copy of all personal data we hold about you
• Rectification: correct any inaccurate data (you can do this directly in your profile settings)
• Erasure: request deletion of your account and personal data
• Portability: export your data in a machine-readable format
• Object: object to processing based on legitimate interests
• Withdraw consent: unsubscribe from marketing communications at any time

You can exercise your right to access and portability directly from your dashboard using the data export feature. For other requests, contact [email protected]. We will respond within 30 days.

If you are not satisfied with our response, you have the right to complain to the Information Commissioner's Office (ICO) at ico.org.uk.

8. Data security

• Passwords are securely hashed with per-user salts. We never store or have access to your password in plain text.
• Sensitive personal data (bank details, registration numbers, pension references) is encrypted at rest using industry-standard encryption.
• All connections are encrypted in transit using TLS (HTTPS) with strict transport security enforced.
• Session management uses cryptographically secure tokens with appropriate browser security protections.
• Uploaded documents and receipts are stored securely with no public access. Files are only accessible through authenticated requests.
• Payment data is handled entirely by Stripe, a PCI DSS Level 1 certified payment processor. We never see or store card numbers.
• Access to production systems is restricted to authorised personnel and subject to audit logging.
• We implement standard web application security protections including cross-site scripting prevention, cross-site request forgery protection, and rate limiting.

9. Cookies

We use only strictly necessary cookies for authentication. We do not use analytics, advertising, or tracking cookies. See our cookie policy for full details.

10. Server-side visit logging

To count visitors accurately and detect abuse, we record each visit to our website with a daily-rotating SHA-256 hash of your IP address combined with your User-Agent string, the page URL, country and city derived from Cloudflare network-edge headers, the type of device used, and, if you are signed in, your account ID. We also record any UTM campaign parameters and click identifiers present in the inbound URL, and the page that referred you (if any).

We do not store raw IP addresses, do not set tracking cookies, do not use third-party analytics scripts, and do not share this data with any third party. The daily hash rotation means we cannot link visits across days back to an individual.

Records are retained for 90 days and then automatically deleted. The lawful basis is our legitimate interest in measuring website use, sizing infrastructure, and detecting abuse (UK GDPR Article 6(1)(f)). You can object to this processing at any time by contacting us at the address below; we will exclude your IP from future records on request.

11. Research / feedback emails (opt-in only)

Our free public tools (the invoice template, mileage calculator, and similar) include an optional tickbox that asks if you would like Sessional to email you occasionally to ask what we should build next. The box is unticked by default and you can use any of the tools without opting in.

When you tick the box we record: your email address, the tool you opted in from, the date and time, and a hashed copy of your IP and User-Agent (kept for audit so we can prove later that the consent came from a real session). We do not share this information with any third party. We send only research questions; we do not advertise products or promote pricing in these emails. Each message contains a one-click unsubscribe link that works without logging in.

The lawful basis for sending these emails is your consent (UK GDPR Article 6(1)(a)) and PECR Regulation 22. You can withdraw consent at any time by clicking unsubscribe or emailing us. Withdrawal does not affect the lawfulness of processing before withdrawal.

12. Age restriction

Sessional is designed for qualified healthcare professionals. You must be at least 18 years old to create an account.

13. Changes to this policy

We may update this policy to reflect changes in our practices or legal requirements. We will notify you of material changes by email or through a notice in the application. The date at the bottom of this page shows when it was last updated.

14. AI assistant, CV summaries, document sharing, and messaging

How we use AI, and what we never do with it

Where Sessional uses AI (the assistant and the CV profile-summary tool), the relevant text is sent to our AI sub-processor, Anthropic (the Claude API), only to generate a result for you. Anthropic does not use data submitted through its API to train its models, and we do not use your data to train any model. Only your own data is ever sent, never another user’s. Anthropic is US-based and processes the data under UK-approved transfer mechanisms.

AI assistant (Plus)

If you use the optional AI assistant, the text of your question, your recent chat turns, and a summary of your own Sessional data (your profession, plan, logged session count, your annualised earnings and tax-reserve estimates, and an operational snapshot such as outstanding invoices and upcoming sessions) are sent to Anthropic to generate a reply. The assistant provides general information, not regulated financial, tax, clinical, or regulatory advice.

CV profile summary

If you use the CV summary tool, the text of the CV you upload or paste is sent to Anthropic to draft a profile summary, which you review and edit before it is saved. It is not used to train any model. If you upload your CV as a file, a copy is saved to your own document store so you can reuse it; you can delete it there at any time. We do not retain the extracted CV text after the draft is generated.

Compliance document sharing (Plus)

When you create a compliance link, the documents you choose are made available to whoever holds the link (typically a practice) through a time-limited, revocable URL, with no Sessional account required on their side. You decide what to include and can revoke the link at any time. We store metadata about the link (the documents included, its expiry, and view counts). We do not verify or validate the documents themselves; that is for you and the practice.

Booking messages

Messages you exchange with a practice on a booking are stored so the conversation history is available to you, and may be delivered to the practice by email. We retain message content for the life of the booking record.

15. Contact

For any questions about this policy or how we handle your data:

Sessional Limited (company number 17159781)
128 City Road, London, EC1V 2NX
Email: [email protected]