Privacy Summary
The strong, distinctive promises we make about your data.
- Encrypted throughout
- UK and EU only, zero AI retention
- Pseudonymised
- UK GDPR and DPA 2018
- Single-operator model
Your Data Stays Yours
You own your health record. The deliverables are files you keep. There is no portal, no account, no lock-in.
Never Sold, Never Shared
Your data is not sold or shared with insurers, advertisers, brokers, researchers, or anyone else. The only third parties that ever touch it are the named processors in the Privacy Notice, each under a data processing agreement. If the service is bought as a gift, the payment processor only ever handles the purchaser’s payment details, never anyone’s health data.
Deleted Within Weeks, Not Years
Your identifiable health data, including any identity documents you share for a Subject Access Request, is deleted within 28 days of delivery. Right-to-erasure requests are actioned the same session.
You Are the Customer, Not the Product
No adverts, no third-party trackers, no profiling. The only analytics we use is Cloudflare Web Analytics: cookieless, aggregate, no personal data. Your data is never used to target, profile, or market to you. You pay for the service, and that is the entire business model.
One Person Handles Your Data
Chronicle Health is run by one person, with high standards of confidentiality. No employees, contractors, or third parties have access to your records. This eliminates the most common cause of data breaches: unnecessary access.
Identifiers Removed Before Any AI Processing
Before any data goes to an AI model, direct identifiers (name, date of birth, address, NHS number, contact details) are stripped out at two independent layers as a defence-in-depth measure.
Zero Retention by the AI Provider
Prompts and responses are not stored, logged, or used for model training by the AI provider. EU-only routing is enforced at two layers. Evidence available on request.
End-to-End Encrypted Storage, UK/EU Only
Your data is held only in encrypted storage with zero-access architecture, meaning the storage provider cannot read your files. It does not leave the UK and EU at any point.
How We Approach This
- Conservative defaults. Encryption everywhere, identifier removal before AI, defence-in-depth, and short retention by design rather than by request.
- Transparency. A Data Protection Impact Assessment, and evidence for zero-retention and EU-only enforcement, are available on request.
- Honesty about limits. We can’t control how your GP sends records, or what you do with your data once you receive it. Where our control ends, we say so.
Read the Full Detail
- Privacy Notice: full data processing detail, your rights, sub-processors, retention, contact information
- How Your Data Is Protected: technical and organisational security measures
- Compliance and Terms of Service