Last updated: 29 May 2026
Privacy Policy
This Privacy Policy explains how SimHQ ("SimHQ", "we", "us", or "our") collects, uses, stores, shares, and protects personal information when you visit our website, create an account, use SimHQ products and services, contact us, request support, join a waitlist, participate in testing programmes, or otherwise interact with SimHQ.
SimHQ is currently operated as a sole trader business by its founder.
We are committed to protecting your privacy and handling personal information transparently and responsibly in accordance with applicable data protection laws, including the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and other applicable privacy legislation.
By accessing or using SimHQ, you acknowledge that you have read and understood this Privacy Policy.
Who We Are
SimHQ is a software platform designed to support the management and operation of simulation centres, clinical skills facilities, educational environments, healthcare training programmes, and related operational workflows.
For privacy-related enquiries, requests, or concerns, please contact:
Email: hello@simhq.app
Scope of this Privacy Policy
This Privacy Policy applies to:
- simhq.app
- rooms.simhq.app
- Customer workspaces hosted by SimHQ
- SimHQ applications and modules
- SimHQ APIs
- SimHQ support services
- SimHQ communications and marketing activities
This Privacy Policy does not apply to third-party websites, services, or applications that may be linked from SimHQ or integrated with SimHQ.
Data Controller and Data Processor Roles
Depending on the circumstances, SimHQ may act as either a Data Controller or a Data Processor.
Data Controller
SimHQ acts as a Data Controller when processing information relating to:
- Website visitors
- Prospective customers
- Waitlists and access requests
- Marketing communications
- Customer support enquiries
- Billing and account administration
- Product analytics
- Platform security and monitoring
Data Processor
Where organisations use SimHQ to manage bookings, schedules, resources, users, or operational data, SimHQ generally acts as a Data Processor on behalf of that organisation.
Customer organisations are responsible for determining:
- What information is entered into SimHQ
- The legal basis for processing
- Retention requirements
- User access permissions
- Internal governance and compliance obligations
Information We Collect
Information You Provide
We may collect information that you voluntarily provide, including:
- Name
- Email address
- Telephone number
- Organisation name
- Job title
- Professional role
- Account credentials
- Profile information
- Communications with us
- Support requests
- Feedback submissions
- Survey responses
- Beta testing information
Account Information
When you create or receive access to a SimHQ account, we may collect:
- Name
- Email address
- Organisation membership
- User role
- Permissions
- Profile preferences
- Authentication identifiers
Usage Information
We may collect information about how SimHQ is used, including:
- Login history
- User actions
- Activity logs
- Audit records
- Device information
- Browser information
- IP address
- Session information
- Feature usage metrics
- Error reports
- Performance information
Information Collected Automatically
When you visit our website or use SimHQ, we may automatically collect:
- IP address
- Browser type
- Device type
- Operating system
- Referring pages
- Usage statistics
- Cookie information
- Security logs
SimHQ Rooms
SimHQ Rooms is a booking and scheduling module designed for simulation centres, educational institutions, healthcare organisations, and training environments.
Depending on how an organisation configures SimHQ Rooms, information processed may include:
- Booking titles
- Session names
- Room names
- Dates and times
- Organiser information
- User details
- Staff assignments
- Equipment requirements
- Consumable requirements
- Setup instructions
- Workflow information
- Approval records
- Checklists
- Notifications
- Operational notes
- Attendance information
- Audit logs
Sensitive Information
SimHQ Rooms is not intended for storing:
- Patient records
- Medical records
- NHS numbers
- Clinical documentation
- Biometric information
- Genetic information
- Unnecessary special category personal data
Users and organisations should avoid entering sensitive personal information unless specifically required and lawfully authorised.
Organisations remain responsible for ensuring information entered into SimHQ complies with their own governance, regulatory, and legal obligations.
Authentication and Identity Services
SimHQ may use authentication and identity providers including:
- WorkOS
- Microsoft
- OpenID Connect providers
- SAML providers
- Enterprise Single Sign-On services
Where authentication services are used, SimHQ may receive:
- Names
- Email addresses
- Organisation identifiers
- User identifiers
- Authentication status
- Security claims
This information is used solely for:
- Identity verification
- Access control
- Security
- Account management
- Service delivery
Calendar Integrations
SimHQ may provide integrations with calendar providers, including:
- Google Calendar
- Microsoft Outlook
- Microsoft 365
- Exchange Online
Calendar integrations are optional.
Where authorised by a user or organisation, SimHQ may access information necessary to create, update, synchronise, or remove calendar events, including:
- Event titles
- Event descriptions
- Dates and times
- Locations
- Attendee information
- Calendar identifiers
- Synchronisation status
Calendar information is used solely to provide requested functionality.
We do not use calendar information for advertising, profiling, or marketing purposes.
We do not sell calendar information.
Users may disconnect integrations through SimHQ, their calendar provider, or their organisation's administrator.
Google API Services
SimHQ's use and transfer of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
Manual Calendar Exports
SimHQ may allow users to manually add bookings to external calendar systems through downloadable calendar files or similar functionality.
When information is manually exported or imported into a third-party calendar system, that third-party provider is responsible for its own processing of that information.
How We Use Information
We use personal information to:
- Provide SimHQ services
- Manage user accounts
- Authenticate users
- Deliver customer support
- Process bookings
- Synchronise calendars
- Improve platform functionality
- Monitor system performance
- Detect and prevent fraud
- Maintain platform security
- Communicate service updates
- Process access requests
- Respond to enquiries
- Meet legal obligations
- Maintain business records
Legal Bases for Processing
Where UK GDPR or EU GDPR applies, we process personal information under one or more of the following legal bases:
Contract
Processing necessary to provide SimHQ services and fulfil contractual obligations.
Legitimate Interests
Processing necessary for:
- Service operation
- Security
- Fraud prevention
- Product improvement
- Customer support
- Business administration
Legal Obligations
Processing necessary to comply with legal and regulatory requirements.
Consent
Where required by law, we rely on consent for specific activities such as certain marketing communications and optional integrations.
Consent may be withdrawn at any time.
Analytics
We may use analytics and monitoring services to understand platform performance, usage trends, reliability, and customer experience.
Analytics information may include:
- Page views
- Session information
- Device information
- Usage patterns
- Performance metrics
Where possible, analytics information is aggregated, anonymised, or pseudonymised.
Cookies and Similar Technologies
SimHQ uses cookies and similar technologies to:
- Maintain user sessions
- Authenticate users
- Improve security
- Store preferences
- Analyse website performance
- Measure service usage
Where required by law, we will seek consent before using non-essential cookies.
Users may control cookie preferences through browser settings and any consent mechanisms provided.
Sharing Information
We do not sell personal information.
We may share information with trusted service providers where necessary to operate SimHQ, including providers of:
- Hosting services
- Authentication services
- Email delivery
- Analytics
- Monitoring
- Database services
- Support systems
- Calendar integrations
We may also share information:
- To comply with legal obligations
- To protect our rights and interests
- To investigate misuse or security incidents
- In connection with business restructuring, acquisition, or sale
International Data Transfers
Some service providers used by SimHQ may process information outside the United Kingdom or European Economic Area.
Where international transfers occur, we take reasonable steps to ensure appropriate safeguards are in place, including:
- Standard Contractual Clauses
- UK International Data Transfer Addendum
- Contractual safeguards
- Equivalent lawful transfer mechanisms
Data Retention
We retain personal information only for as long as reasonably necessary to:
- Provide services
- Meet contractual obligations
- Resolve disputes
- Maintain audit records
- Comply with legal obligations
- Protect legitimate business interests
Retention periods may vary depending on:
- Customer requirements
- Legal obligations
- Security requirements
- Operational needs
Where appropriate, information may be deleted, anonymised, or archived.
Security
We implement appropriate technical and organisational measures designed to protect personal information, including:
- Access controls
- Role-based permissions
- Encryption in transit
- Secure authentication
- Audit logging
- Security monitoring
- Backup procedures
- Vulnerability management
No online service can guarantee absolute security. However, we take reasonable steps to protect personal information against unauthorised access, disclosure, alteration, or destruction.
Data Breaches
Where required by law, SimHQ will investigate security incidents and notify affected organisations and relevant authorities in accordance with applicable legal obligations.
Your Rights
Depending on your location and applicable law, you may have rights to:
- Access personal information
- Correct inaccurate information
- Request deletion
- Restrict processing
- Object to processing
- Request data portability
- Withdraw consent
- Lodge a complaint with a supervisory authority
To exercise your rights, contact: hello@simhq.app
We may need to verify your identity before responding.
California Privacy Rights
Residents of California may have additional rights under applicable California privacy laws, including rights to:
- Access personal information
- Correct personal information
- Delete personal information
- Know how personal information is used
- Request information about categories of data collected
SimHQ does not sell personal information.
SimHQ does not share personal information for cross-context behavioural advertising.
Children's Privacy
SimHQ is intended for professional, educational, and organisational use.
We do not knowingly collect personal information directly from children under the age of 13.
Organisations using SimHQ remain responsible for ensuring lawful use involving learners, students, trainees, and other participants.
Third-Party Services
SimHQ may integrate with third-party providers.
Your use of third-party services remains subject to their own:
- Terms of service
- Privacy policies
- Data processing practices
We encourage users to review those policies independently.
Changes to this Privacy Policy
We may update this Privacy Policy from time to time to reflect:
- Legal changes
- Regulatory requirements
- New products or modules
- New integrations
- Changes to our services
The latest version will always be available through SimHQ.
Where required, we will provide notice of material changes.
Contact Us
For privacy-related questions, requests, or concerns:
Email: hello@simhq.app
If you are located in the United Kingdom and believe your data protection rights have been infringed, you may contact the Information Commissioner's Office (ICO):
If you are located in the European Economic Area, you may contact your local supervisory authority.