Frequently Asked Questions

Folelse is an end-to-end GDPR and data protection management platform built specifically for NHS organisations and UK healthcare providers. It brings together ROPA, DPIAs, SAR management, breach reporting, policy management, supplier due diligence, and DSPT support in one place.

Our primary users are Data Protection Officers, Information Governance Leads, and their teams across NHS trusts, integrated care systems, GP practices, community health providers, and private healthcare organisations operating under UK GDPR.

Yes — all new organisations receive a 14-day fully featured free trial with no credit card required. After your trial, you can choose a plan that matches your organisation size and needs.

Most organisations are fully operational within one working day. We provide pre-loaded NHS template libraries, guided setup wizards, and dedicated onboarding support from our IG specialists.

Yes. Folelse supports unlimited users on our Trust and Enterprise plans. Role-based access controls allow you to assign different permissions to DPOs, IG administrators, department leads, and read-only stakeholders.

Folelse is priced per organisation, not per user. Plans are tiered by organisation size (measured by number of registered assets and data subjects) and the modules you require. Contact our sales team for a custom quote tailored to your ICS or trust.

Yes. We offer preferential pricing for NHS organisations procured via G-Cloud (Crown Commercial Service) and direct agreements. Discounts are also available for ICBs coordinating multi-trust deployments.

Yes. Annual subscriptions receive a 20% discount compared to monthly billing. Purchase orders are accepted for NHS organisations.

We accept credit/debit cards, BACS transfer, and purchase orders from NHS and public sector organisations. Invoicing in GBP only.

You will retain access to export all your data in standard formats (CSV, DOCX, PDF) for 30 days after cancellation. After this period, data is securely deleted from our systems in line with our data retention policy.

Folelse works on all modern browsers (Chrome, Edge, Firefox, Safari) and is fully responsive on desktop, tablet, and mobile. We recommend Edge or Chrome for the best experience.

Yes. We support integrations with Microsoft 365 (SharePoint, Teams), Entra ID SSO, NHS CIS2 Smartcard authentication, and provide webhooks and a REST API for custom integrations with PAS, EPR, and other clinical systems.

Yes. Our REST API allows you to push asset data, retrieve compliance status, and trigger workflows programmatically. API keys are managed from your account settings. Full API documentation is available in the support centre.

Yes. We support bulk import via CSV and Excel for assets, data flows, users, and ROPA entries. Our onboarding team can assist with migrating data from spreadsheets or legacy IG tools.

We guarantee 99.9% uptime for all production environments, measured monthly. Planned maintenance windows are communicated at least 48 hours in advance and are scheduled outside NHS core hours.

Folelse maps every evidence item directly to DSPT assertions. As you complete your ROPA, risk register, and policy library, the platform automatically marks relevant assertions as evidenced. You can generate a full DSPT evidence pack with one click before your submission deadline.

We track the current DSPT toolkit version released by NHS England and update our assertion mapping within 10 working days of any new version being published. Your evidence is automatically re-mapped to any revised assertions.

Yes. Folelse supports NHS CIS2 (Care Identity Service 2) OIDC authentication, allowing NHS staff to sign in using their existing Smartcard credentials with no separate username or password required.

Yes. The platform includes a National Data Guardian standards module that maps your controls to the 10 Data Security Standards. Gap analysis reports highlight areas requiring attention ahead of annual assessments.

Yes. We offer a tailored plan for PCNs, GP practices, and primary care networks with simplified ROPA templates aligned to primary care data flows and pre-loaded DSPT guidance for smaller organisations.

All data is stored exclusively in UK-based datacentres (Microsoft Azure, UK South region). No data is transferred outside the UK. We are compliant with UK GDPR data residency requirements.

Yes. Folelse undergoes independent penetration testing at least annually, conducted by CREST-accredited testers. Summary results are available to enterprise customers under NDA.

All data is encrypted at rest using AES-256 and in transit using TLS 1.3. Database backups are encrypted with separate key management. Client secret values (SSO credentials) are stored using one-way encryption and never exposed via the API.

Yes. MFA is enforced by default via Microsoft Authenticator or NHS CIS2 Smartcard. Credential-based logins support TOTP authenticator apps. Organisation admins can enforce MFA for all users from the security settings panel.

Folelse acts as a data processor for the personal data you manage on the platform. We provide a standard Data Processing Agreement (DPA) to all customers. Our DPA is pre-approved for NHS use and available from the support centre.