Introduction
Know My Health Ltd (“we”, “our”, “us”) is committed to protecting and respecting your privacy. This Privacy Policy explains how We collect, use, and protect your personal information.
For the purpose of this document, “Data Protection Legislation” means any data protection or privacy legislation in force in the UK, including the Data Protection Act 2018, the UK General Data Protection Regulation (UK GDPR), and any successor legislation.
This policy sets out the basis on which any personal data We collect from you, or that you provide to Us, will be processed by Us. Please read it carefully to understand our views and practices regarding your personal data and how We will treat it.
For the purpose of the Data Protection Legislation, the Controller is Know My Health Ltd. The Data Protection Officer for Know My Health Ltd is Rob Hilliard.
Our products and how We use your data
Know Me
- Collected & stored: email address, first name, last name, preferred name, whether sections of the health passport are completed, and each time you submit (preview, download, or email the passport). Device and browser analytics via Google Analytics (only if you consent). Profile photos are processed on your device and stored on our servers for 7 days, after which they are permanently deleted. No detailed health data is stored for this product.
- Processed (not retained): information you enter in the browser to create the health passport is processed in temporary session storage solely to generate your passport and is not stored long-term.
- Legal bases: consent (when you submit information or accept non-essential cookies) and legitimate interests (service analytics and improvement). See Our Legal Bases for Processing for details.
- Retention (summary): profile photos: 7 days. Locally stored information (on your device): up to 7 days unless you delete it sooner. For general retention rules, see Data Retention Periods.
- Special category data: not stored for Know Me. See Special Category Data for Our safeguards across products.
KnoMio / Mio
- Collected & stored: contact details (name and email) captured at registration and retained while your Mio account is active; conversation history by default (including prompts, responses, timestamps, and any health information you provide); Mio health summary entries you save (e.g., symptoms, adjustments, emergency contacts, NHS number); and optional feedback you provide.
- Processed (not retained): live prompts are processed to generate responses. If you delete a conversation or individual entry, it is removed from your account and scheduled for deletion from backups in line with Our retention schedule.
- Legal bases: Explicit consent (when you interact with Mio or save health information), legitimate interests (service improvement, fraud/safety monitoring), and when supporting NHS partners, the provision of health or care services and substantial public interest.
- Retention (summary): conversation history and Mio health summary entries remain until you delete them or request deletion. Registration/contact details remain while your account is active or until you request deletion.
- Special category data: applies when you choose to share health information. We apply encryption, strict access controls, and audit logging.
Our legal bases for processing
- Consent: where you have given consent for features such as Mio conversations, marketing, or analytics cookies.
- Contract performance: to fulfil Our contractual obligations.
- Legitimate interests: for analytics, improving user experience, and keeping services secure.
Data retention periods
- Analytics logs: retained for 24 months.
- Marketing consents: retained until withdrawn.
- Health record data: retained until you delete your account or request deletion, unless legally required to retain longer.
| Data type |
Retention period |
| Analytics logs |
24 months |
| Health record data |
Until you delete your account or request deletion (unless legally required longer) |
| Marketing consents |
Until withdrawn |
| Mio conversations you save |
Until you delete or request deletion (unless legally required longer) |
| Profile photos (Know Me) |
7 days |
| Locally stored device/session data (Know Me) |
Up to 7 days unless you delete sooner |
International data transfers
We rely on UK adequacy decisions and Standard Contractual Clauses when transferring personal data outside the UK/EEA to ensure appropriate safeguards. Some of Our service providers may be located in the United States or other countries outside the UK/EEA. Where this is the case, We use Standard Contractual Clauses to ensure your data receives equivalent protection to that required by UK law. Google Analytics: data may be transferred to Google’s servers in the United States. Google is certified under the EU-US Data Privacy Framework.
Your rights
Under UK Data Protection Legislation, you have the following rights:
- Right of access;
- Right to rectification;
- Right to erasure;
- Right to restrict processing;
- Right to data portability;
- Right to object;
- Right to withdraw consent.
To exercise these rights, contact our DPO at privacy@knowme.health. We will respond to your request within one month, extendable by two months for complex cases. We may request identity verification.
Children’s privacy
Our services are designed for people aged 16 and over. We do not knowingly register KnoMio/Mio accounts for individuals under 16. Parents or guardians may, however, use their own account to capture information or seek guidance on behalf of a child they are responsible for; by doing so they confirm they have authority to share that child’s data. If We learn that We have collected personal data directly from a child without parental or guardian consent, We will delete that information. Please contact Us if you believe this has happened.
Information We collect
We collect personal information when you use Our website or services, including:
- Contact information (name, email address).
- Technical information about your device and how you use Our website.
- Details of your visits to Our site and the resources that you access.
- Internet Protocol (IP) address, login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform, information about your visit (including URL clickstream to, through, and from our site, including date and time), page response times, download errors, length of visits to certain pages, page interaction information, and methods used to browse away from the page.
- Usage, engagement, approximate location/device info, and aggregated analytics information through Google Analytics (used only for internal reporting).
- Mio health summary information you save, such as pronouns, communication preferences, NHS number, emergency contacts, allergies, adjustments, symptoms, medications, and other personal notes.
- Mio conversation content (prompts, responses, summaries, attachments) when you use the service, including any health information you choose to share.
Special category data
Some of the information We collect may be classified as “special category data” under UK Data Protection Law. We will only process this data where you have given your explicit consent, where it is necessary for the provision of health or care services, or where there is a substantial public interest (such as supporting statutory NHS services). Additional safeguards are applied to special category data, including encryption, strict access controls, segregated environments, and audit logging.
How We use your information
We may use information you provide to:
- Carry out Our obligations arising from any contracts entered into between you and Us and provide you with the information, products, and services that you request from Us.
- Generate, save, and share your Mio health summary or conversation extracts at your request.
- Provide you with information about other services We offer that We feel may be of interest to you (you can opt out at any time).
- Notify you about changes to Our service(s).
- Ensure that content from Our site is presented in the most effective way for you and for your device.
We may use information We collect about you to:
- Administer Our site and for internal operations, including troubleshooting, data analysis, testing, research, statistical, and survey purposes.
- Improve Our site to ensure that content is presented in the most effective way for you and for your device/computer.
- Keep Our site and Mio service safe and secure, including monitoring for abuse or misuse.
- Make suggestions and recommendations to you and other users about services that may interest you.
- Support research carried out internally or by trusted third parties who provide statutory services.
Data security
Where We store your personal data:
- All information you provide to Us is stored on secure servers held in GDPR compliant international data processors only. Where international data processors are used, all appropriate technical and legal safeguards will be put in place to ensure that you are afforded the same level of protection as within the EEA.
- Where We have given you (or where you have chosen) a password which enables you to access certain parts of Our Site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
- The transmission of information via the internet is not completely secure. Although We will do Our best to protect your personal data, We cannot guarantee the security of your data transmitted to Our site; any transmission is at your own risk. Once We have received your information, We use strict procedures and security features to prevent unauthorised access.
We use encryption for your data, apply strict role-based access controls, require multi-factor authentication for access to personal data, follow secure coding and development practices, and conduct regular security audits. All staff are trained on data protection and information security.
Disclosure of your information:
- We may share your information with selected third parties, including organisations commissioning or delivering health services for the National Health Service (NHS), but only in an anonymised manner.
- We may disclose your personal information to third parties if we are under a duty to do so in order to comply with any legal obligation.
Marketing preferences & access
You have the right to ask Us not to process your personal data for marketing purposes. We will inform you (before collecting your data) if We intend to use your data for such purposes or if We intend to disclose your information to any third party for such purposes. You can exercise your right to prevent such processing by checking certain boxes on the forms We use to collect your data or by contacting us at any time.
Our site may, from time to time, contain links to and from other websites. If you follow a link to any of these websites, please note that these websites have their own privacy policies, and We do not accept any responsibility or liability for these policies.
The Data Protection Legislation gives you the right to access information held about you. Your right of access can be exercised in accordance with the Data Protection Legislation.
Changes to this privacy policy
Any changes We may make to our privacy policy in the future will be posted on this page and, where appropriate, notified to you by email. Please check back frequently to see any updates or changes to our privacy policy.
Cookies
Our site uses cookies to distinguish you from other users of Our site. This helps Us to provide you with a good experience when you browse Our site and also allows Us to improve Our site. Non-essential cookies (such as analytics or marketing cookies) will only be placed with your consent. You can accept, reject, or customise your cookie preferences at any time through Our cookie banner.
We use cookies to:
- Strictly necessary cookies: required for site operation. Lifespan: session.
- Analytical/performance cookies: for visitor analytics and site improvement. Lifespan: 24 months.
- Functionality cookies: remember preferences. Lifespan: 12–24 months.
- Targeting cookies: track visit history for relevant content. Lifespan: 12–24 months.
You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the site. If you do not accept Our cookies, some features of the website may not function as intended.
Contact us
If you have any questions about this Privacy Policy or Our data practices, please contact privacy@knowme.health.
Effective date: December 08, 2025
Last updated: December 08, 2025
Version history:
v1.1 – December 08, 2025 – Updated Know Me and Mio data handling
v1.0 – August 26, 2025 – Initial publication. We will maintain an archive of prior versions upon request.
