Privacy Policy

Summary of changes

16 Nov, 2022: Re-ordered the privacy policy to draw attention to the NHS login specific section

Privacy Policy terms

my mhealth Limited my mhealth deliver digital tools to patients and healthcare teams managing long term health condition(s). Your privacy is important to us, and we are committed to respecting and protecting it. Our privacy policy is designed to tell you about us and what we do, how we protect your information, and your rights.

This privacy policy applies to users with respect to our service(s) and does not extend to include third party services that can be accessed or where links are provided, via our platform.

For the purposes of the relevant Data Protection Laws, my mhealth act as a Data Controller. We are therefore responsible for any information we receive through the use of our apps, and for determining how and why it is processed.

We provide our services to others, such as healthcare organisations. At times we may be processing your information on their behalf, as their Data Processor. This will mean that we will be processing your information subject to their lawful basis and/or for our own legitimate interests.

Signing up to use our app(s), you are entering into a contractual agreement with us, allowing us to collect and use your data, as outlined within this policy.

We will collect

  • Any information given to us by you. This will include your name, address, email and NHS number. We need your NHS number to check that it is you, and for your unique user identifier

  • Information from your device where you install or access our service(s). This will depend on the device permissions that you have granted. This can include connection and location information, such as your IP address, to allow us to efficiently balance service access loads to provide the fastest application response for you, and your geolocation, to provide you with the most accurate local weather forecasts, pollution, and pollen levels

  • Your activity when using our service(s), to understand what you find most useful and to review your progress through the educational material and courses available within the app(s)

  • Information given to us about you, working with you, to manage your condition(s). This can include healthcare professionals, and from approved linked healthcare devices, such as glucometers, blood pressure machines and smart halers

  • Cookies. We will use cookies, when you interact with our website to help us understand how you use it, and which parts of our website are most visited. This allows us to focus on delivering the best content and user experience. We do not collect identifiable data through the use of cookies; therefore, we will not use them for advertising or marketing purposes.

We will use your data;

1. To provide you with the service
  • To create, register and manage your user account, and to ensure your information is accurate and up to date
  • To enable users to work together in a safe and secure environment
  • To inform you of any changes, modifications, and updates to the service(s)
  • To review, investigate and address issues that may affect your use of our service
2. To exercise our legitimate interests
  • We will use your data to review and assess the quality of our service(s)
  • To provide you with a responsive service, and to support you, when you contact us
  • For our own internal operations. This could include troubleshooting, fraud detection and resolution, data quality checks, functional testing, security, audit, and statistical analysis to ensure that our app(s)/service(s) continues to satisfy the needs of our users
  • To contact you, to make you aware of any service evaluation(s), studies, or research trials that may be of interest to you. You will only be contacted where the above are relevant to your condition(s).
3. To respond to obligatory requirements
  • We will disclose information where it has been requested as part of a reasonable regulatory requirement or in response to a legal request.

Sharing of your data

Your information is used to support you to improve your self-management and for you, and us, to learn more about your condition(s). To do this, we will need to share some information with other parties, such as;

  • Data storage and back up provider(s), to record the information that is input to your account
  • Push notification software providers for medication reminders and to receive updates from your healthcare team
  • Your healthcare team(s), for them to support you, and to evaluate our service(s).
  • Research team(s), where you have expressed an interest to receive further information about a service evaluation, study, or research trial opportunity. Your information will be shared to allow them to contact you.
  • SMS and email messaging services for communicating to/with you, information relevant to your condition(s)
We will only ever share the minimal amount of information necessary to deliver the service and we will NOT sell or share any of your information for marketing purposes.

How do we keep your information secure?

You access your information via secure password credentials, set by you. Information kept by us is stored within Amazon Web Solutions, a cloud-based service, situated in their London region, and is encrypted both at rest and in transit.

We have strict procedures and security measures to prevent, as much as reasonably possible, unauthorised access to, or disclosure of, your information. We cannot guarantee the security of any information you transmit to us, such as emails containing information about you.

How long will we store your information?

We will keep your information for up to 20 years, from your last interaction within the platform or until you request that your data be deleted. If we delete your data, it can take up to 6 months of to remove from our back up facility, simply due to the way that they operate, and in some cases, it may remain on our back up facility for legal and regulatory purposes.

Following the confirmed death of a user, their data will be removed after a period of 10 years, again in line with medical guidelines.

What rights do you have regarding your information?

We are committed to complying with your rights to your information and will deal with any requests, outlined below without undue delay, and in line with regulatory timeframes. By law you have a number of rights that apply in certain circumstances. These include the right to

  • Object to processing
    This means you may not want your information used in some ways

  • Restrict processing
    This means we can no longer use your information, but we will store it and maintain your place on our data set of users whose information we hold but cannot use moving forward

  • Be informed
    You should have clear, accessible and transparent information provided to you so you understand how we work, protect and use your information

  • Have access to your information
    This enables you to check we are using your data correctly and is done by contacting us directly or your healthcare team.

  • Data rectification
    If you see incorrect or incomplete information, you can ask to have that corrected.

  • Be erased
    This means you can be "forgotten". It is important to know; this is not a general statement and is subject to some conditions, but the right means you could have all the information we hold on you deleted where there is no compelling reason for us to keep using it

  • Move your data
    This is referred to as portability. Your data should be provided for you in a way that is accessible and provides you with the option of reusing the data in other situations, as you own your data

  • Complain
    You have the right to lodge a complaint, and we will respect this and deal with it in a timely fashion in line UK regulations.

  • Withdraw consent
    This means you remove the right for us to use your data. You may do this at any point and without providing a reason for doing so. Removing your consent though means you will no longer be able to use our services.

Changes in the Privacy Policy and to the service

Any changes to the Privacy Policy will be notified to you via an in-service notification. For some notifications you may be required to read and accept the changes before you can continue using the service. This will be governed in line with our terms & conditions, to be read in conjunction with this privacy policy, when activating your user account.

NHS login

Please note that if you access our service using your NHS login details, the identity verification services are managed by NHS Digital. NHS Digital is the controller for any personal information you provided to NHS Digital to get an NHS login account and verify your identity, and uses that personal information solely for that single purpose. For this personal information, our role is a "processor" only and we must act under the instructions provided by NHS Digital (as the "controller") when verifying your identity. To see NHS Digital's Privacy Notice and Terms and Conditions, please click here. This restriction does not apply to the personal information you provide to us separately.

Contact Us

If you have further questions, you can contact us at the address:

Milton Gate,
60 Chiswell Street,
Telephone (+44) 01202 299 583

Our Data Protection Officer is Adam Kirk, at the above details and

If you would rather deal with an independent group or feel we have not satisfactorily dealt with your enquiry, you can contact the ICO by email OR phone 0303 123 1113.

Full details of the Data protection regulation, can be found at


Request a free demo or find out more

Contact us today

Call us on 01202 299 583

Open 8 am to 5 pm, Monday to Friday (except bank holidays)