FairDealWizard

Privacy Policy

Last updated: 26 April 2026

Who we are

FairDealWizard ("we", "us", "our") is a service operated from Ireland that helps families prepare HSE Fair Deal (Nursing Homes Support Scheme) applications. We are the data controller for personal data you submit through the wizard. We are not affiliated with the HSE.

Contact for data protection queries: privacy@fairdealwizard.ie

What personal data we collect

To prepare your Fair Deal application, the wizard collects:

  • Identity: name, date of birth, PPS Number, gender, marital status, contact details
  • Address: home address, current address (if different), eircode
  • Spouse / partner: name, PPS, date of birth, care details where applicable
  • Financial: income, cash assets, property valuations, deductions, mortgage details
  • Health-related: Medical Card / GP Visit Card status, GP details (if you choose to add them)
  • Supporting documents: bank statements, pension letters, valuation certificates, etc. that you upload
  • Account: email address, hashed password
  • Payment: handled directly by Stripe — we do not see or store full card numbers
  • Technical: IP address, browser type, page activity (only with your cookie consent)

This includes special-category and sensitive data (health information, financial assessments, family relationships). We process it only because you provide it to us with the specific purpose of preparing your Fair Deal application.

Lawful basis for processing

Under GDPR Article 6 and Article 9, our lawful bases are:

  • Performance of a contract — to deliver the service you have purchased
  • Your explicit consent — for special-category data, given when you submit it through the wizard
  • Legitimate interest — for security, fraud prevention, and service improvement
  • Legal obligation — where we are required to retain financial records for tax purposes

How we use your data

  • To pre-fill the official HSE Fair Deal application form (Parts 1-7) with your answers
  • To generate a personalised document checklist based on what you declare
  • To run the AI Health Check that flags gaps and quality issues
  • To process your €89 payment via Stripe
  • To send you the completed PDF and any service-related emails
  • To support your account and respond to queries

We do not sell your data. We do not use your data to train AI models. We do not share your data with third parties for marketing.

Who we share data with

We use a small number of carefully selected processors to deliver the service:

  • Microsoft Azure (Ireland) — encrypted hosting of the database, files, and API. Data stays in the EU.
  • Stripe (Ireland / USA) — payment processing. Stripe sees payment details, not your wizard answers.
  • Anthropic (USA) — for the AI Health Check, your wizard answers are sent to Anthropic's Claude API after server-side PII redaction. Names, PPS numbers, addresses, eircodes, phone numbers, email addresses, and dates of birth are replaced with format-preserving markers (e.g. [FILLED:5chars], [PPS_VALID_FORMAT], [DATE_1942]) before they leave our infrastructure. Categorical answers (gender, marital status, Yes/No questions) and numeric financial values pass through unchanged. Anthropic does not retain or train on this data.
  • Brevo (France) — transactional email delivery (welcome, receipts, password reset).
  • Netlify (USA) — hosting of the public website front-end.
  • Google Analytics — only if you opt in via the cookie banner.

Each of these providers has signed Data Processing Agreements with us and is GDPR-compliant.

How long we keep your data

  • Wizard answers: kept until you delete your account, or for up to 7 years for tax / accounting evidence (encrypted, access-restricted)
  • Uploaded supporting documents: automatically deleted 90 days after you download your completed pack
  • Generated PDF: kept until you delete your account
  • Payment records: kept for 7 years per Irish accounting law
  • Email logs: 90 days
  • Account if unused: deleted after 24 months of inactivity (we email you first)

Your rights

Under GDPR you have the right to:

  • Access — get a copy of the data we hold about you
  • Rectification — correct inaccurate data
  • Erasure — request deletion ("the right to be forgotten")
  • Restriction — limit how we use your data
  • Portability — receive your data in a portable format
  • Object — object to processing based on legitimate interest
  • Withdraw consent — withdraw cookie / analytics consent at any time

To exercise any of these, email privacy@fairdealwizard.ie. We respond within 30 days.

If you are unhappy with our response, you can lodge a complaint with the Irish Data Protection Commission (DPC) — dataprotection.ie.

Security

All data is encrypted in transit (TLS 1.2+) and at rest. Passwords are hashed with bcrypt. Sensitive blob storage is access-restricted and rotated. The platform runs in Microsoft Azure's EU region with role-based access controls.

International transfers

Most of your data stays in the EU (Azure Ireland). The AI Health Check, Stripe, and Netlify involve transfers to the USA, covered by Standard Contractual Clauses (SCCs) and the EU-US Data Privacy Framework.

Cookies

See our Cookie Policy for details. You can manage your cookie preferences at any time via the banner or the link in the footer.

Changes to this policy

We may update this policy from time to time. Material changes will be notified by email and via a banner on the site. Continued use after a change constitutes acceptance.