Know Me Logo

Privacy Policy

How we protect and respect your data

Introduction

Know My Health Ltd ("we", "our", "us") is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, and protect your personal information.

For the purpose of this document, the Data Protection Legislation shall mean any data protection or privacy legislation in force in the UK including the Data Protection Act 2018, and the UK General Data Protection Regulation and any successor legislation.

This policy sets out the basis on which any personal data We collect from you, or that you provide to Us, will be processed by Us. Please read the following to understand Our views and practices regarding your personal data and how We will treat it.

For the purpose of the Data Protection Legislation, the Controller is Know My Health Ltd.

The Data Protection Officer for the Know My Health Ltd is Paul Shanahan.

Our Products and How We Use Your Data

Know Me Now

  • Collected & Stored: email address, first name, last name, preferred name, whether sections of the health passport are completed, and each time you submit (preview, download or email the passport). Device and browser analytics via Google Analytics (only if you consent). Profile photos are processed on your device and stored on our servers for 7 days, after which they are permanently deleted. No detailed health data is stored for this product.
  • Processed (not retained): Information you enter in the browser to create the health passport is processed in temporary session storage solely to generate your passport and is not stored long‑term.
  • Legal Bases: Consent (when you submit information or accept non‑essential cookies) and Legitimate Interests (service analytics and improvement). See Our Legal Bases for Processing for details.
  • Retention (summary): Profile photos: 7 days. Locally stored information (on your device): up to 7 days unless you delete it sooner. For general retention rules, see Data Retention Periods.
  • Special Category Data: Not stored for Know Me Now. See Special Category Data for our safeguards across products.

Know Me (This service is not currently available)

  • Collected & Stored: Health and wellbeing information you choose to save (health records), and account details (name, email, login history).
  • Processed (not retained): Session tokens, authentication data, and technical telemetry necessary for secure operation.
  • Legal Bases: Explicit Consent (for special category data), Contract (if you create an account), Provision of health or care services, and Substantial Public Interest. See Our Legal Bases for Processing.
  • Retention (summary): Health records are retained until you delete them or request deletion, unless we are legally required to retain them for longer. See Data Retention Periods.
  • Special Category Data: Applies. See Special Category Data for safeguards (encryption, access controls, audit).

Know Me AI (This service is not currently available)

  • Collected & Stored: Limited interaction logs (e.g., prompts, responses, timestamps, and technical metadata) retained for safety, quality assurance, and service improvement, then deleted or anonymised. See Data Retention Periods.
  • Processed (not retained): Your inputs may be temporarily processed by AI models to generate responses; model processing does not retain your inputs beyond the session unless captured in the interaction logs above.
  • Legal Bases: Consent (when you use the chatbot), Provision of health or care services, and Legitimate Interests (ensuring safe operation and improvement of AI). See Our Legal Bases for Processing.
  • Special Considerations: We do not make decisions with legal or similarly significant effects based solely on automated processing without your explicit consent. You may request human review and contest recommendations. See Special Category Data for safeguards if health data is involved.

Our Legal Bases for Processing

  • Consent: Where you have given consent for marketing or other purposes.
  • Contract Performance: To fulfil our contractual obligations.
  • Legitimate Interests: For analytics, improving user experience, and security.

Data Retention Periods

  • Analytics logs: retained for 24 months.
  • Marketing consents: retained until withdrawn.
  • Health record data: retained until you delete your account or request deletion, unless legally required to retain longer.
Data Type Retention Period
Analytics logs 24 months
Marketing consents Until withdrawn
Health record data Until you delete your account or request deletion (unless legally required longer)
Profile photos (Know Me Now) 7 days
Locally stored device/session data (Know Me Now) Up to 7 days unless you delete sooner
AI interaction logs (Know Me AI) Retained temporarily for safety and quality, then deleted or anonymised

International Data Transfers

We rely on UK adequacy decisions and Standard Contractual Clauses when transferring personal data outside the UK/EEA to ensure appropriate safeguards. Some of our service providers may be located in the United States or other countries outside the UK/EEA. Where this is the case, we use Standard Contractual Clauses to ensure your data receives equivalent protection to that required by UK law. Google Analytics: Data may be transferred to Google's servers in the United States. Google is certified under the EU-US Data Privacy Framework.

Your Rights

Under UK Data Protection Legislation, you have the following rights:

  • Right of access.
  • Right to rectification.
  • Right to erasure.
  • Right to restrict processing.
  • Right to data portability.
  • Right to object.
  • Right to withdraw consent.

To exercise these rights, contact our DPO at paul@knowme.health

We will respond to your request within one month, extendable by two months for complex cases. We may request identity verification.

Children’s Privacy

Our services are not directed at children under 13, and we do not knowingly collect personal data from children under 13. If you are a parent or guardian and believe your child has provided us with personal data, please contact us so we can take appropriate action. If you are under 13, you must not use our services without verifiable parental consent.

Information We Collect

We collect personal information when you use our website or services, including:

  • Contact information (name, email address).
  • Technical information about your device and how you use our website.
  • Details of your visits to Our Site and the resources that you access (Log Information).
  • Internet Protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform, information about your visit, including the full Uniform Resource Locators (URL) clickstream to, through and from Our Site, (including date and time). page response times, download errors, length of visits to certain pages, page interaction information, and methods used to browse away from the page.
  • Our Site may collect information about user demographics through Google Analytics. This information will only be used for internal reporting and not shared with third parties.

Special Category Data

Some of the information we collect may be classified as "special category data" under UK Data Protection Law. This includes information relating to your health, ethnicity, or other sensitive details. We will only process this data where you have given your explicit consent, where it is necessary for the provision of health services, or where there is a substantial public interest (such as supporting statutory NHS services). Additional safeguards are applied to special category data, including strict access controls and encryption.

How We Use Your Information

We may use information you provide to:

  • to carry out Our obligations arising from any contracts entered into between you and Us and to provide you with the information, products and services that you request from Us.
  • to provide you with information about other services We offer that we feel may be of interest to you. You can opt out of receiving any communication We send you relating to this at any time.
  • if you are an existing customer, We will only contact you by electronic means (e-mail) with information about services We feel may be of benefit to you. If you are a new customer, We will contact you by electronic means only if you have consented to this.
  • to notify you about changes to Our Service.
  • to ensure that content from Our Site is presented in the most effective way for you and for your computer.

We may use information we collect about you to:

  • to administer Our Site and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes.
  • to improve Our Site to ensure that content is presented in the most effective way for you and for your Device/computer.
  • as part of Our efforts to keep Our Site safe and secure.
  • to make suggestions and recommendations to you and other users of Our Site about services that may interest you or them.
  • for research purposes carried out internally or by trusted third parties who provide statutory services.

Data Security

Where we store your personal data:

  • All information you provide to Us is stored on secure servers held in GDPR compliant international data processors only. Where international data processors are used, all appropriate technical and legal safeguards will be put in place to ensure that you are afforded the same level of protection as within the EEA.
  • Where We have given you (or where you have chosen) a password which enables you to access certain parts of Our Site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
  • The transmission of information via the internet is not completely secure. Although We will do Our best to protect your personal data, We cannot guarantee the security of your data transmitted to Our Site. any transmission is at your own risk. Once We have received your information, We will use strict procedures and security features to try to prevent unauthorised access.

In addition, we use encryption for your data, apply strict role-based access controls, require multi-factor authentication for access to personal data, follow secure coding and development practices, and conduct regular security audits. All staff are trained on data protection and information security.

Disclosure of your information:

  • We may share your information with organisations commissioning or delivering health services for the National Health Service (NHS), but only in a fully anonymised manner.
  • We may disclose your personal information to third parties: If We are under a duty to disclose or share your personal data in order to comply with any legal obligation.

Access to information

The Data Protection Legislation gives you the right to access information held about you. Your right of access can be exercised in accordance with the Data Protection Legislation.

Changes to Our privacy policy

Any changes We may make to Our privacy policy in the future will be posted on this page and, where appropriate, notified to you by email. Please check back frequently to see any updates or changes to Our privacy policy.

Information about Our use of cookies

Our Site uses cookies to distinguish you from other users of Our Site. This helps Us to provide you with a good experience when you browse Our Site and also allows us to improve Our Site. Non-essential cookies (such as analytics or marketing cookies) will only be placed with your consent. You can accept, reject, or customise your cookie preferences at any time through our cookie banner.

We use cookies to:

  • Strictly necessary cookies: Required for site operation. Lifespan: Session.
  • Analytical/performance cookies: We use Google Analytics for visitor analytics and site improvement. Lifespan: 24 months.
  • Functionality cookies: Remember preferences. Lifespan: 24 months.
  • Targeting cookies: Track visit history for relevant content. Lifespan: 24 months.

You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify Your browser setting to decline cookies if You prefer. This may prevent You from taking full advantage of the Website.

If you do not accept our cookies, some features of the website may not function as intended.

Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact paul@knowme.health.

Version History:
v1.0 – Aug 26, 2025 – Initial publication. We will maintain an archive of prior versions upon request.