App Privacy Policy

Ampersand Health Limited, a company registered in England and Wales under company registration number 11584266 with registered office at Queens Studios
121 Salusbury Rd, London, NW6 6RG is committed to protecting and respecting your privacy.

This policy sets out the basis on which any personal data, including (but not limited to) sensitive health, genetic, sex, or biometric data, we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.

We abide by the General Data Protection Regulation (GDPR) 2018 and the data controller is Ampersand Health Limited. We are registered as a data controller with the Information Commissioner’s Office under number ZA503696. You can contact the Data Protection Officer, Nader Alaghband, at We will reply to all requests within 15 working days.


Before we process any of your sensitive personal data, we will need to obtain your explicit consent. Please read the information below on how and why we process your sensitive personal data before confirming your consent by ticking the boxes below.

Sensitive personal data is personal data that related to racial or ethnic origin;political opinions; religious or philosophical beliefs; trade union membership; health;sex life and sexual orientation, genetic data or biometric data.

– What sensitive personal data do we hold and what do we do with it?

We hold, patient name, hospital number, medication, hospital appointments, patient reported condition information (including physiological and mental wellbeing).

We process the information and make it available on an individual, identifiable basis to your hospital team.

We process the information and make it available on an aggregate, identifiable basis to your hospital team.

We will communicate with you and will enable your hospital team to communicate with you on clinical and service matters, through the app and by email.

We may, subject to your consent, process the information and make it available on an aggregate, and/or anonymised basis to our research partners.

We may, subject to your consent, contact you from time to time to request feedback, to inform you about research that we think may be relevant and to share updates about Ampersand Health. We will not contact you for marketing purposes. You can opt out at any time by emailing

We abide by data minimisation principles and only require, store and process the data that you supply; or that your clinician or hospital supply or require to further your care.

Ampersand Health is the controller and processor of your data. If your hospital is signed up to our service, they will be a Joint Data Controller and Joint Data Processor under our terms of business. We carry out a DPIA with each hospital to identify the risks to individuals, show how we are going to deal with them and what measures we have in place to meet UK GDPR requirements.

We will not share your personal data with third parties without your consent unless instructed to do so by your hospital as Joint Data Controller.


Should you become aware of any unauthorised person – including children below the age of 18 who do not have parental consent – accessing the app and providing personal data, please let us know immediately at:


We store your personal data in secure datacentres in the UK and in the EEA and on your device. Your data is encrypted using 256-bit encryption in transit and at rest. We store your personal data on virtual private servers in a secure data centre in the EEA and on your device. We take reasonable precautions to ensure that your data does not get processed outside the EEA.


We hold your data until you request that we delete it, which you can do at any time,should you decide to cease using the service. . If required by law or by your hospital, we may retain a backup copy of the data for audit and care quality purposes.


Right to object

You have the right to object to us processing your personal data where we are processing your personal data:

Right of access

You have the right to receive confirmation as to whether your personal data is being processed by us, as well as various other information relating to our use of your personal data. You also have the right to access your personal data which we are processing. We may charge you for exercising this right if we are allowed to do so by applicable law.

Right to rectification

You have the right to require us to rectify any inaccurate personal data we hold about you. You also have the right to have incomplete personal data we hold about you completed, by providing a supplementary statement to us.

Right to restriction

You have the right to restrict our processing of your personal data where:

Where any exercise by you of your right to restriction determines that our processing of particular personal data is to be restricted, we will then only process the relevant personal data in accordance with your consent and, in addition, for storage purposes and for the purpose of legal claims.

Right to data portability

You have the right to receive your personal data in structured, standard machine readable format and the right to transmit such personal data to another controller.

Right to erasure

You have the right to require we erase your personal data which we are processing where at least one of the following grounds applies:

You also have the right to lodge a complaint with the Information Commissioner’sOffice, the supervisory authority for data protection issues in England and Wales.

Exercising your rights

You can exercise such rights by contacting the Caldecott Guardian at your hospital, or by contacting