Privacy policy
How Sessional Limited (company number 17159781) collects, uses, and protects your personal data.
1. Who we are
Sessional Limited (company number 17159781) ("Sessional", "we", "us") is the data controller for personal data processed through sessional.uk and sessional.co.uk. We provide workflow software for UK locum healthcare professionals.
Data protection contact: [email protected]
2. What data we collect
We collect the following categories of personal data:
Account information
- First name, last name, and email address
- Phone number (optional)
- Professional registration number (optional)
- Profile photo (optional)
- Password (stored as a one-way cryptographic hash. We cannot read your password.)
Professional information
- Employment type and pension scheme
- Primary specialty and professional biography
- Postcode (used for location-based search via postcodes.io. Only the postcode is sent, not your name or other details)
- National Insurance number and pension reference number (used for NHS pension form generation, stored encrypted at rest)
Workflow data
- Booking records (dates, times, rates, organisation details, payment terms, cancellation terms)
- Invoice data (amounts, payment status, organisation references, delivery tracking)
- Billing details (bank name, sort code, account number, UTR, company registration, stored encrypted at rest)
- Expense records (category, amount, mileage, dates, receipt uploads)
- Professional documents (DBS, indemnity certificates, training records, stored encrypted in transit)
- Booking requests from organisations
- Availability calendar entries
- NHS pension form calculations and submission records
- Notification preferences
- Support tickets and correspondence (Pro tier)
Technical and security data
- Authentication session records (login times, last activity)
- Audit logs of account actions (for security and compliance)
- Email delivery status (sent, delivered, bounced, via Postmark)
- API keys and usage logs (Pro tier)
3. How we use your data
| Purpose | Lawful basis |
|---|---|
| Providing the Sessional service (bookings, invoicing, pension forms, expenses) | Contract performance |
| Account creation, authentication, and email verification | Contract performance |
| Processing payments and managing subscriptions via Stripe | Contract performance |
| Sending transactional emails (booking confirmations, password resets, verification, invoice delivery to organisations) | Contract performance |
| Storing uploaded documents and receipts securely | Contract performance |
| Displaying your public profile to organisations in the locum directory | Contract performance (you control visibility) |
| Providing API access for automation (Pro tier) | Contract performance |
| Processing support tickets | Contract performance |
| Security monitoring, fraud prevention, and audit logging | Legitimate interests |
| Product updates and new feature announcements | Consent (you can unsubscribe at any time) |
4. Who we share your data with
We share your data only with the following third-party processors, and only to the extent necessary to provide the service:
| Provider | Purpose | Data shared |
|---|---|---|
| Stripe | Payment processing and subscription management | Email, name, payment method details |
| Postmark | Transactional email delivery | Email address, name |
| Cloudflare | CDN, security, and file storage (R2) | Profile photos, invoice PDFs, receipts, professional documents |
| postcodes.io | Postcode geocoding for location search | Postcode only (no personal data) |
| Xero (if connected by user) | Accounting sync | Invoices, expenses, contacts (only when user initiates connection) |
We do not sell your data. We do not share it with advertisers. We do not use your data for purposes other than providing and improving the service.
If you connect a third-party accounting integration (e.g. Xero), your invoice, expense, and contact data will be shared with that provider under their own privacy policy. You can disconnect at any time from your integrations page.
5. International data transfers
Your data is stored and processed in the United Kingdom. Stripe and Postmark are US-based companies that process some data outside the UK under approved transfer mechanisms (Standard Contractual Clauses and UK adequacy decisions). Xero is Australia/NZ-based and processes data under UK-approved transfer mechanisms. We assess each processor to ensure your data receives equivalent protection to UK GDPR standards.
6. How long we keep your data
| Data type | Retention period | Reason |
|---|---|---|
| Account and profile data | Until you delete your account + 30 days | 30-day grace period allows account recovery |
| Invoices and financial records | Duration of account + 30 days | Deleted with account. HMRC record-keeping is the locum's own responsibility. |
| NHS pension form records | Duration of account + 30 days | Deleted with account. Locums should retain their own copies. |
| Uploaded documents and receipts | Duration of account + 30 days | Deleted with account. Download copies before requesting deletion. |
| API keys | Until revoked + 30 days | Security audit trail |
| Support tickets | Duration of account + 30 days | Support history |
| Audit logs | Duration of account + 1 year | Security and compliance |
| Authentication sessions | 30 days from last activity | Session management |
When you request account deletion, we remove all your personal data within 30 days, including invoices, bookings, expenses, and pension records. We recommend you export your data before requesting deletion.
7. Your rights
Under UK GDPR, you have the right to:
- Access: request a copy of all personal data we hold about you
- Rectification: correct any inaccurate data (you can do this directly in your profile settings)
- Erasure: request deletion of your account and personal data
- Portability: export your data in a machine-readable format
- Object: object to processing based on legitimate interests
- Withdraw consent: unsubscribe from marketing communications at any time
You can exercise your right to access and portability directly from your dashboard using the data export feature. For other requests, contact [email protected]. We will respond within 30 days.
If you are not satisfied with our response, you have the right to complain to the Information Commissioner's Office (ICO) at ico.org.uk.
8. Data security
- Passwords are securely hashed with per-user salts. We never store or have access to your password in plain text.
- Sensitive personal data (bank details, registration numbers, pension references) is encrypted at rest using industry-standard encryption.
- All connections are encrypted in transit using TLS (HTTPS) with strict transport security enforced.
- Session management uses cryptographically secure tokens with appropriate browser security protections.
- Uploaded documents and receipts are stored securely with no public access. Files are only accessible through authenticated requests.
- Payment data is handled entirely by Stripe, a PCI DSS Level 1 certified payment processor. We never see or store card numbers.
- Access to production systems is restricted to authorised personnel and subject to audit logging.
- We implement standard web application security protections including cross-site scripting prevention, cross-site request forgery protection, and rate limiting.
9. Cookies
We use only strictly necessary cookies for authentication. We do not use analytics, advertising, or tracking cookies. See our cookie policy for full details.
10. Age restriction
Sessional is designed for qualified healthcare professionals. You must be at least 18 years old to create an account.
11. Changes to this policy
We may update this policy to reflect changes in our practices or legal requirements. We will notify you of material changes by email or through a notice in the application. The date at the bottom of this page shows when it was last updated.
12. Contact
For any questions about this policy or how we handle your data:
Sessional Limited (company number 17159781)
128 City Road, London, EC1V 2NX
Email: [email protected]
Last updated: April 2026