Privacy Notice

The Helm is provided by GGO Systems Ltd, a company registered in England and Wales (company number 17268411). GGO Systems Ltd is the data controller for The Helm and is registered with the Information Commissioner’s Office (registration number ZC174006). For any data query, contact info@ggo-systems.com.

The Helm is the authenticated workspace clinicians and their staff use to author, govern and sign off the content their patients see in the Patient Compass Suite (Polaris and The Compass). It is not patient-facing and holds no patient data — no PHI, no PII about patients. The patient apps remain anonymous, with no accounts and no sign-in.

This notice covers the clinicians and staff who sign in to The Helm. We process:

• Your identity, handled by our managed identity provider (Clerk). Your name and email stay with the provider; The Helm itself stores only an opaque user identifier and your role.
• Sign-off and audit records — when a clinician signs off clinical content, we keep an immutable record of who signed off, when, and the professional registration number given, for medico-legal traceability.
• The content you create — pathway and recovery content, brand and tone settings. This is clinical/operational content, not personal data.

We set a single, strictly-necessary session cookie (httpOnly) to keep you signed in. We set no advertising, cross-site or profiling cookies.

For aggregate workflow statistics we use Plausible Analytics — privacy-preserving, EU-hosted, cookieless. It stores no personal data, sets no cookies and cannot identify you, so no consent is required. It never sees patient data. Our identity provider (Clerk) processes your sign-in. No other data is shared with any third party.

The Helm is served from a hosting platform (currently Vercel), which receives standard request metadata (IP address, page requested, user-agent, referrer) on each request, as is intrinsic to the web. Content is stored in our content platform (Sanity). Identity is held by Clerk. Each provider acts under its own data-processing terms.

Under UK GDPR you may ask about the data we hold about you, request correction or erasure, or object to processing — subject to our need to retain sign-off audit records for medico-legal reasons. Contact info@ggo-systems.com. You may also complain to the Information Commissioner’s Office (ICO).

If we make material changes to this notice, we will update the date shown above.