Privacy Policy

This Privacy Policy applies to:

• Healthcare organisations using Jump EHR
• Authorised users such as clinicians and administrators
• Patients whose data is processed through Jump EHR
• Visitors to our websites and support services

For Clinical and Patient Data

• Data Controller: The healthcare organisation
• Data Processor: Jump

The healthcare organisation determines why and how patient data is processed. We process that data only on their instructions and under our Data Processing Agreement.

For Account, Usage and Support Data

• Data Controller: Jump
• We determine how we process data relating to customer accounts, users and system usage.

Healthcare organisations may input:

• Patient demographics
• Medical history, diagnoses, notes and observations
• Prescriptions and medication information
• Test and investigation results
• Appointment records
• Communications sent to patients
• Clinical documents and uploads
• Care plans, tasks and workflow data

The legal basis for this processing is determined by the healthcare organisation.

We collect:

• Organisation details
• User names, emails and job roles
• Authentication data
• Professional registration details
• Billing and subscription information

Legal basis: contract performance, legal obligations and legitimate interests.

We automatically collect:

• Feature usage and activity logs
• Device and browser information
• IP addresses
• Error logs and performance data
• Security and access logs
• Aggregated analytics data

Legal basis: legitimate interests and contract performance.

Support emails, feedback, surveys and service communications.

Marketing communications are only sent with consent.

We process this data only to:

• Store and retrieve patient records
• Support clinical documentation and workflows
• Enable scheduling and communications
• Provide AI-supported tools when enabled
• Support document and report generation
• Enable integrations chosen by the organisation

We do not sell, market, or use patient data for our own commercial purposes.

We use this to:

• Manage accounts and access
• Provide support
• Process payments
• Improve the system
• Maintain security
• Send service communications

We use service providers including:

• Microsoft Azure for hosting
• Azure OpenAI for optional AI features
• Supabase for database services
• Communication providers for email and SMS
• Monitoring and analytics providers
• Stripe for subscription billing

All sub-processors operate under contractual data protection obligations.

When you enable integrations, those providers may act as independent controllers or processors under their own terms. You are responsible for appropriate agreements with them. Jump provides the technical connection but does not determine how those third parties process data.

We may disclose data where legally required to regulatory authorities, law enforcement or courts.

Retention is determined by the healthcare organisation according to applicable medical record retention guidance and professional standards.

Retained while subscription is active and for a limited period after termination.

Retained according to operational and security needs, with anonymisation where appropriate.