Vicarity
The UK's first integrated care-home management and care-worker marketplace — built for CQC. One platform that runs a home's rota, validates compliance, tracks attendance and pays workers, with security designed in from the first line.
Care operations run on spreadsheets, agencies and risk.
Care homes juggle internal staff and agency workers across constantly shifting rotas. Compliance — DBS checks, Care Certificates, NVQs — is tracked manually and easily falls out of date, while the Care Quality Commission expects evidence against a strict framework. Agencies take a heavy cut, payments are slow, and sensitive resident data sits in tools never designed to protect it.
One platform: manage the home, hire the staff, prove the compliance.
Vicarity unifies care-home management and a care-worker marketplace in a single full-stack SaaS product. Internal and marketplace staff appear in one rota view; compliance is validated automatically against every shift; attendance is captured by GPS; and workers are paid directly. It's built around the way regulators actually assess care — not bolted on afterwards.
What it does.
-
Unified rota
Internal employees and marketplace care-workers scheduled in one view — no more reconciling agency bookings against the in-house roster.
-
Compliance passporting
DBS, Care Certificate and NVQ credentials are auto-validated against the shifts a worker is allowed to take — non-compliant staff can't be rostered onto work they're not cleared for.
-
GPS check-in & automatic timesheets
Workers check in on-site via GPS, generating accurate timesheets automatically — removing disputes and manual data entry.
-
Stripe Connect payments
Payments flow direct to workers through Stripe Connect — faster pay, transparent fees, and no opaque agency middle-layer.
Designed for sensitive data, from day one.
Care records are some of the most sensitive data there is. Vicarity treats them accordingly — this is where my cybersecurity background does the heavy lifting:
- Architected around the CQC Single Assessment Framework and its 34 quality statements, so evidence maps to how the regulator actually assesses.
- Care records handled as UK-GDPR Special Category Data, with role-based access control and full audit trails.
- TLS 1.3 in transit and encryption at rest for data on disk.
- UK-hosted with no third-country data transfers — data stays in jurisdiction.
- ISO 27001 and NHS DSPT on the roadmap as the platform scales beyond pilot.
Built to scale safely.
| Type | Full-stack SaaS web application |
| Frontend | JavaScript, modern responsive UI |
| Backend | Node.js services & REST APIs |
| Data | SQL relational store, audit logging |
| Payments | Stripe Connect (direct-to-worker) |
| Security | RBAC, TLS 1.3, encryption at rest |
| Hosting | UK-based, no third-country transfers |
Currently in pilot.
Vicarity is at pilot stage — proving the model with real care providers before a wider rollout. It's the clearest demonstration of what I do: a genuinely full-stack product, in a regulated, high-stakes domain, where security and compliance aren't features but foundations.
It's also a template for how I approach any sensitive build — understand the rules first, design the data model around them, and make the secure path the easy path.
Got a regulated, data-sensitive product in mind?
This is exactly the kind of work I'm built for. Let's scope it.