Skip to content
Ortho Outcomes

Privacy

Privacy at Ortho Outcomes

How this website and the self-hosted platform handle data. Last updated 30 May 2026.

This is information, not legal advice. Before deploying Ortho Outcomes in a clinical setting, review your data processing and information-governance arrangements with your organisation’s Data Protection Officer (DPO) and complete any required Data Protection Impact Assessment (DPIA).

Two distinct surfaces

There are two separate things to consider, and they are deliberately different:

  • This marketing website. A public site describing the product. It collects only what you choose to send via the contact form, and basic technical request data needed to serve pages.
  • The Ortho Outcomes platform. The self-hosted clinical application you run on your own hardware. Patient data processed by the platform never flows to us — it stays on the infrastructure you or your trust control.

The platform is self-hosted

Ortho Outcomes is not a cloud service. You install and run it on a machine you control — a surgeon’s own computer, or a trust-controlled server. As a result, the patient-identifiable data entered into the platform (demographics, operative records, patient-reported outcomes) is stored locally on your infrastructure, under your organisation’s control and your lawful basis for processing.

End-to-end encrypted patient questionnaires

When a patient completes a questionnaire, their identifying details are encrypted on their own device. The decryption key is held in the link fragment and is never transmitted to a server. Where an internet-facing relay is used to receive submissions, it only ever holds an encrypted blob; decryption happens client-side within your self-hosted application.

What this website collects

  • Contact form: if you submit the form, the name, email and message you enter. On this demonstration site the form validates and acknowledges your input but does not send email or persist it.
  • Checkout: if you purchase a licence, payment is processed by Stripe. We do not see or store your card details; Stripe processes them under its own privacy terms. We may record your email and a purchase reference to issue your licence key.
  • Technical data: standard server request information required to deliver the site securely.

Payment processing

Card payments are handled by Stripe. We receive a confirmation that a payment succeeded, together with the email used at checkout, so that a licence key can be issued. We never receive your full card number.

Your rights

Under UK GDPR you have rights over personal data we hold about you, including access, rectification and erasure. For data held inside the self-hosted platform, your organisation is the controller and the platform provides built-in subject-access and erasure tooling to help you respond. For data submitted to this website, contact us.

Contact

Questions about this notice can be raised via the contact page.