OverviewAccount and sign upYour public profileBooking managementBooking requestsAvailability calendarCancellation protectionLocum directoryOrganisation managementInvoicingExpenses and mileageNHS Pension formsTax planningEarnings overviewAdvanced reportingPocketSmith integrationXero integrationIR35 for locumsAgency and PAYE trackingBecome a locum GPBecome a locum pharmacistBecome an agency nurseBecome a locum paramedicBecome a locum physiotherapistLocum tax calculatorHMRC mileage calculatorFree invoice templateLocum GP rates UKLocum pharmacist rates UKAgency nurse rates UKLocum paramedic rates UKLocum physio rates UKBilling and subscriptionsReferralsDocument storeCalendar syncNotification preferencesSupport ticketsREST APIData export and privacy
Help centre

Data export and privacy

Your data, your control. Export everything, understand your rights.

Exporting your data

Download a complete copy of all your personal data at any time from your profile page (Account tab). Click "Export my data" to download a JSON file containing:

  • Account details (name, email, phone)
  • Profile information (biography, specialty, GMC, pension details)
  • All bookings with organisation details
  • All invoices with line items and payment status
  • All expenses with categories and receipts
  • Subscription history
  • Availability calendar entries
  • Professional documents metadata
  • Referral records
  • Audit log of account actions

This satisfies your UK GDPR right to data access and portability.

CSV exports

Individual datasets can be downloaded as CSV files for use in spreadsheets or accounting software. Export buttons appear on each dashboard page:

  • Bookings: date, organisation, times, rate, status, notes
  • Invoices: invoice number, organisation, issued/due dates, subtotal, total, status, sent/settled
  • Expenses: date, category, description, amount, miles, notes
  • Earnings: date, organisation, booking type, rate, status (with date range filter)

All CSV exports respect your current date range filters.

Your privacy rights

Under UK GDPR you have the right to:

  • Access: download all your data via self-service export
  • Rectification: correct any inaccurate data in your profile settings
  • Erasure: request account deletion
  • Portability: receive your data in a machine-readable format (JSON)
  • Object: opt out of processing based on legitimate interests
  • Withdraw consent: unsubscribe from emails via one-click link or notification preferences

For erasure or objection requests, contact [email protected].

Data retention

  • All account data is deleted within 30 days of account deletion (grace period for recovery)
  • Invoices, pension records, bookings, and expenses are deleted with your account
  • Uploaded documents and receipts are permanently deleted from storage
  • Audit logs are kept for the duration of your account plus 1 year

Important

HMRC requires you to keep financial records for 6 years. Export your data before requesting account deletion.

Security

Sessional protects your data with:

  • TLS encryption on all connections (HTTPS everywhere)
  • AES-256-GCM field encryption for sensitive data (NI number, bank details, GMC, phone)
  • Passwords hashed with bcrypt (12 rounds, per-user salt)
  • HTTP-only session cookies with SameSite=Lax (not accessible to JavaScript)
  • CSRF protection on all form submissions
  • Payment data handled entirely by Stripe (we never see card numbers)
  • File uploads validated by magic bytes (not client-supplied type)
  • Rate limiting on public endpoints

Read our full privacy policy and cookie policy for complete details.

Profile settingsBilling and subscriptions