Privacy Policy
Last Updated: December 14, 2024
Introduction
This Privacy Policy explains how Aeva Health Ltd ("we," "us," or "our") handles your personal data when you use our website, mobile application, AI health services, and virtual consultations (collectively, the "Services").
We invite you to carefully read this Privacy Policy to understand the types of personal data (as defined under the General Data Protection Regulation (EU) 2016/679 and UK GDPR, hereinafter "Personal Data") we collect from you, how we use it, why we use it, how we protect it, and what your rights are in relation to it.
Important Notice
- You must be 18 years or older to use our Services
- By accessing or using our Services, you are agreeing to this Privacy Policy
- If you do not agree with this Privacy Policy, please do not use our Services
- This policy should be read alongside our Terms and Conditions and Cookie Policy
If you have any questions after reading this Privacy Policy, please contact our Data Protection Officer:
- Email: hello@aevahealth.com
- Address: 71-75 Shelton Street, London WC2H 9JQ, UK
1. Who We Are
Aeva Health Ltd is registered in England and Wales (Company No. 15462448) with a registered office at 71-75 Shelton Street, London WC2H 9JQ, UK. We are registered with the Information Commissioner's Office under registration number 00018109281.
2. Types of Personal Data We Collect
2.1 Health and Medical Information
- Medical history and symptoms
- Treatment plans and outcomes
- Diagnostic test results
- Wellness and lifestyle information
- AI health bot interactions and responses
- Virtual consultation records
- Practitioner notes and recommendations
2.2 Account Information
- Name and contact details
- Date of birth
- Login credentials
- Profile preferences
2.3 Technical Information
- Device identifiers
- IP address
- Browser type
- Operating system
- Usage patterns
3. How We Collect Your Information
3.1 Direct Collection
- Information you provide during registration
- Data entered during virtual consultations
- Health information shared with our AI bot
- Communications with practitioners
3.2 Automatic Collection
- Website analytics
- App usage data
- Technical logs
- AI interaction data
3.3 Third-Party Sources
- Connected health devices (with consent)
- Healthcare providers (with authorisation)
- Identity verification services
4. How We Use Your Information
4.1 Core Services
- Providing virtual health consultations
- Operating our AI health assistant
- Managing your account
- Processing appointments
4.2 AI and Machine Learning
With your explicit consent, we use anonymised health data to:
- Train and improve our AI health bot
- Develop personalised health insights
- Enhance prediction accuracy
- Improve service quality
4.3 Quality Assurance
- Monitoring service standards
- Clinical safety reviews
- Practitioner performance assessment
- Regulatory compliance
5. Legal Bases for Processing
We process your data under the following legal bases:
5.1 Consent
- Processing health data
- AI system training
- Marketing communications
5.2 Contract Performance
- Delivering virtual consultations
- Managing appointments
- Processing payments
5.3 Legal Obligations
- Healthcare regulations compliance
- Clinical safety requirements
- Professional standards
5.4 Legitimate Interests
- Service improvement
- Security measures
- Quality assurance
6. Data Sharing
6.1 Healthcare Providers
- Licensed practitioners providing services
- Specialist consultants (with consent)
- Emergency services (when necessary)
6.2 Service Providers
- Secure hosting providers
- Payment processors
- Communication services
- Analytics platforms (anonymised data only)
6.3 AI Development Partners
With explicit consent, we share anonymised data with:
- AI model training partners
- Research institutions
- Quality assurance teams
7. Data Security
We implement robust security measures including:
- End-to-end encryption
- Access controls
- Regular security audits
- Staff training
- Incident response procedures
8. Your Rights
Under the GDPR and UK GDPR, you have the right to:
- Access your data
- Correct inaccuracies
- Request deletion
- Restrict processing
- Data portability
- Withdraw consent
- Object to processing
9. Data Retention
We retain your data for:
- Active accounts: Duration of service
- Deleted accounts: 90 days post-deletion
- Medical records: As required by law
- Payment information: 7 years
10. International Transfers
Your data is primarily processed in the UK. Any international transfers are protected by:
- Standard Contractual Clauses
- Adequacy decisions
- Additional safeguards as required
11. Changes to This Policy
We will notify you of material changes via:
- Email notification
- In-app alerts
- Website notices
12. Cookies and Tracking Technologies
12.1 How We Use Cookies
We use cookies and other similar technologies to provide you with a user-friendly experience. Cookies are small text files which our Website may put on your device during your first visit. The cookie helps our Website to recognise your device the next time you visit it.
12.2 Cookie Functions
Our cookies serve various important functions, including:
- Remembering your username and preferences
- Analysing website performance
- Providing personalised content recommendations
- Maintaining session security
- Enabling core functionality
- Supporting analytics and optimisation
12.3 Data Collection Through Cookies
When cookies collect your Personal Data, this information is pseudonymized and stored separately from your other Personal Data. This processing is carried out on a legal basis and, where required by law, based on your consent.
12.4 Cookie Management
You can manage your cookie preferences through:
- Your browser settings
- Our cookie consent banner
- Your account settings
- Our cookie management tool
12.5 Types of Cookies We Use
- Essential cookies: Required for basic website functionality
- Functional cookies: Remember your preferences and choices
- Analytics cookies: Help us understand how our Services are used
- Personalisation cookies: Enable content recommendations
- Marketing cookies: Support our advertising efforts (only with explicit consent)
12.6 Detailed Cookie Information
For detailed information on:
- Specific cookies we use
- Purposes of each cookie
- Cookie duration and expiry
- How to manage your cookie preferences
- Third-party cookies
Please see our separate Cookie Policy.
13. Data Storage and Processing Locations
13.1 Primary Data Storage
We store your Personal Data in a MongoDB cluster located in London, United Kingdom. This secure database infrastructure ensures your data remains within the UK jurisdiction while providing high availability and robust data protection.
13.2 International Processing
Your Personal Data may be processed by our business partners and service providers operating outside of the European Union (as detailed in Sections 4 and 5 of this Privacy Policy). For such international processing, we have implemented the following safeguards:
- Standard Contractual Clauses with all partners and service providers
- Additional contractual obligations regarding data protection
- Case-by-case risk assessments for each international transfer
- Regular audits of data processing activities
- Continuous monitoring of data protection measures
13.3 Data Protection Measures
For our MongoDB cluster and all connected systems, we implement:
- End-to-end encryption of data in transit and at rest
- Regular security audits
- Strict access controls and authentication
- Continuous monitoring and threat detection
- Automated backup procedures
- Database-level encryption
- Network isolation and security
14. Contact Us
Data Protection Officer: hello@aevahealth.com Address: 71-75 Shelton Street, London WC2H 9JQ, UK.
For complaints, you may also contact: Information Commissioner's Office (ICO) www.ico.org.uk