Privacy lifecycle policy
Explains collection, use, retention, rights requests, legal holds and anonymisation boundaries, including annual survey data.
Read the applicable public page →Governance directory
This directory explains the current standards behind GFSA privacy, membership, institution accounts, service delivery, public content, industry data and digital tools. Each item links to the public page where its practical effect can be understood.
The label identifies the applicable public edition. It is not an outcome guarantee, practitioner licence, regulator replacement or individual professional advice. Material changes create a new edition rather than silently rewriting an earlier acceptance.
25 current public standards and decisions across seven areas. Exact internal identifiers, historical versions and security or release contracts remain in the protected administrator directory.
Explains collection, use, retention, rights requests, legal holds and anonymisation boundaries, including annual survey data.
Read the applicable public page →Defines member, institution, publication, service and site-use responsibilities.
Read the applicable public page →Explains sensitive data, evidence, confidentiality limits and governance use at complaint intake.
Read the applicable public page →Records confirmation for minimised identity checks, human review and public-badge boundaries.
Read the applicable public page →Requires genuine activities and verifiable evidence, subject to sampling, rejection or revocation.
Read the applicable public page →Sets annual credits, ethics credits, minimum activities, grace dates and member types.
Read the applicable public page →Confirms truthful applications, independent review, no guaranteed outcome and minimum public status.
Read the applicable public page →Sets reviewer counts, conflict recusals, evidence thresholds, reasons and public-status boundaries.
Read the applicable public page →Requires accountable data-control, privacy and complaint contacts and confirmation of accuracy.
Read the applicable public page →Defines invitation purpose, role scope, token lifetime, revocation and invitee responsibilities.
Read the applicable public page →Sets ownership, role permissions, personnel changes, publication boundaries and accountability.
Read the applicable public page →Confirms authority and accuracy and that publication is not licensing, government recognition or outcome endorsement.
Read the applicable public page →Each member independently chooses whether to appear and can withdraw publication.
Read the applicable public page →Requires a lawful source, adequate de-identification, no outcome guarantee and independent human review.
Read the applicable public page →Confirms no guaranteed outcome, no replacement of regulated or emergency professionals, and data minimisation.
Read the applicable public page →Records scope, limitations, fees, cancellation, privacy and referral boundaries before service.
Read the applicable public page →Stores only necessary scheduling, consent, status and report metadata, excluding card data and consultation bodies.
Read the applicable public page →Uses allowed, restricted and prohibited rules for terminology, claims, cases and editorial content, with human final decisions.
Read the applicable public page →Requires generalised time, location, age and context, excludes identifiers and checks combined re-identification risk.
Read the applicable public page →Explains voluntary participation, update or withdrawal, controlled choices and non-public individual responses.
Read the applicable public page →Publishes only immutable aggregates passing fixed sample, share, grouping and human-review thresholds.
Read the applicable public page →Deterministic checks provide prompts only; authorised humans own final reasons and decisions.
Read the applicable public page →Provides fixed, non-personalised education without storing raw questions, professional advice or outcome guarantees.
Read the applicable public page →Reuses human-approved public snapshots and provides no writes, account automation, personal advice or tenant administration.
Read the applicable public page →Records the small read-only public API and defers multi-tenant, white-label and write-enabled SaaS capabilities.
Read the applicable public page →Use the privacy policy for data rights, the complaints process for conduct or publication concerns, and the developer documentation for public API details.