Privacy Policy

Last Updated: December 14, 2024

Introduction

This Privacy Policy explains how Aeva Health Ltd ("we," "us," or "our") handles your personal data when you use our website, mobile application, AI health services, and virtual consultations (collectively, the "Services").

We invite you to carefully read this Privacy Policy to understand the types of personal data (as defined under the General Data Protection Regulation (EU) 2016/679 and UK GDPR, hereinafter "Personal Data") we collect from you, how we use it, why we use it, how we protect it, and what your rights are in relation to it.

Important Notice

  • You must be 18 years or older to use our Services
  • By accessing or using our Services, you are agreeing to this Privacy Policy
  • If you do not agree with this Privacy Policy, please do not use our Services
  • This policy should be read alongside our Terms and Conditions and Cookie Policy

If you have any questions after reading this Privacy Policy, please contact our Data Protection Officer:

  • Email: hello@aevahealth.com
  • Address: 71-75 Shelton Street, London WC2H 9JQ, UK

1. Who We Are

Aeva Health Ltd is registered in England and Wales (Company No. 15462448) with a registered office at 71-75 Shelton Street, London WC2H 9JQ, UK. We are registered with the Information Commissioner's Office under registration number 00018109281.

2. Types of Personal Data We Collect

2.1 Health and Medical Information

  • Medical history and symptoms
  • Treatment plans and outcomes
  • Diagnostic test results
  • Wellness and lifestyle information
  • AI health bot interactions and responses
  • Virtual consultation records
  • Practitioner notes and recommendations

2.2 Account Information

  • Name and contact details
  • Date of birth
  • Login credentials
  • Profile preferences

2.3 Technical Information

  • Device identifiers
  • IP address
  • Browser type
  • Operating system
  • Usage patterns

3. How We Collect Your Information

3.1 Direct Collection

  • Information you provide during registration
  • Data entered during virtual consultations
  • Health information shared with our AI bot
  • Communications with practitioners

3.2 Automatic Collection

  • Website analytics
  • App usage data
  • Technical logs
  • AI interaction data

3.3 Third-Party Sources

  • Connected health devices (with consent)
  • Healthcare providers (with authorisation)
  • Identity verification services

4. How We Use Your Information

4.1 Core Services

  • Providing virtual health consultations
  • Operating our AI health assistant
  • Managing your account
  • Processing appointments

4.2 AI and Machine Learning

With your explicit consent, we use anonymised health data to:

  • Train and improve our AI health bot
  • Develop personalised health insights
  • Enhance prediction accuracy
  • Improve service quality

4.3 Quality Assurance

  • Monitoring service standards
  • Clinical safety reviews
  • Practitioner performance assessment
  • Regulatory compliance

5. Legal Bases for Processing

We process your data under the following legal bases:

5.1 Consent

  • Processing health data
  • AI system training
  • Marketing communications

5.2 Contract Performance

  • Delivering virtual consultations
  • Managing appointments
  • Processing payments

5.3 Legal Obligations

  • Healthcare regulations compliance
  • Clinical safety requirements
  • Professional standards

5.4 Legitimate Interests

  • Service improvement
  • Security measures
  • Quality assurance

6. Data Sharing

6.1 Healthcare Providers

  • Licensed practitioners providing services
  • Specialist consultants (with consent)
  • Emergency services (when necessary)

6.2 Service Providers

  • Secure hosting providers
  • Payment processors
  • Communication services
  • Analytics platforms (anonymised data only)

6.3 AI Development Partners

With explicit consent, we share anonymised data with:

  • AI model training partners
  • Research institutions
  • Quality assurance teams

7. Data Security

We implement robust security measures including:

  • End-to-end encryption
  • Access controls
  • Regular security audits
  • Staff training
  • Incident response procedures

8. Your Rights

Under the GDPR and UK GDPR, you have the right to:

  • Access your data
  • Correct inaccuracies
  • Request deletion
  • Restrict processing
  • Data portability
  • Withdraw consent
  • Object to processing

9. Data Retention

We retain your data for:

  • Active accounts: Duration of service
  • Deleted accounts: 90 days post-deletion
  • Medical records: As required by law
  • Payment information: 7 years

10. International Transfers

Your data is primarily processed in the UK. Any international transfers are protected by:

  • Standard Contractual Clauses
  • Adequacy decisions
  • Additional safeguards as required

11. Changes to This Policy

We will notify you of material changes via:

  • Email notification
  • In-app alerts
  • Website notices

12. Cookies and Tracking Technologies

12.1 How We Use Cookies

We use cookies and other similar technologies to provide you with a user-friendly experience. Cookies are small text files which our Website may put on your device during your first visit. The cookie helps our Website to recognise your device the next time you visit it.

12.2 Cookie Functions

Our cookies serve various important functions, including:

  • Remembering your username and preferences
  • Analysing website performance
  • Providing personalised content recommendations
  • Maintaining session security
  • Enabling core functionality
  • Supporting analytics and optimisation

12.3 Data Collection Through Cookies

When cookies collect your Personal Data, this information is pseudonymized and stored separately from your other Personal Data. This processing is carried out on a legal basis and, where required by law, based on your consent.

12.4 Cookie Management

You can manage your cookie preferences through:

  • Your browser settings
  • Our cookie consent banner
  • Your account settings
  • Our cookie management tool

12.5 Types of Cookies We Use

  • Essential cookies: Required for basic website functionality
  • Functional cookies: Remember your preferences and choices
  • Analytics cookies: Help us understand how our Services are used
  • Personalisation cookies: Enable content recommendations
  • Marketing cookies: Support our advertising efforts (only with explicit consent)

12.6 Detailed Cookie Information

For detailed information on:

  • Specific cookies we use
  • Purposes of each cookie
  • Cookie duration and expiry
  • How to manage your cookie preferences
  • Third-party cookies

Please see our separate Cookie Policy.

13. Data Storage and Processing Locations

13.1 Primary Data Storage

We store your Personal Data in a MongoDB cluster located in London, United Kingdom. This secure database infrastructure ensures your data remains within the UK jurisdiction while providing high availability and robust data protection.

13.2 International Processing

Your Personal Data may be processed by our business partners and service providers operating outside of the European Union (as detailed in Sections 4 and 5 of this Privacy Policy). For such international processing, we have implemented the following safeguards:

  • Standard Contractual Clauses with all partners and service providers
  • Additional contractual obligations regarding data protection
  • Case-by-case risk assessments for each international transfer
  • Regular audits of data processing activities
  • Continuous monitoring of data protection measures

13.3 Data Protection Measures

For our MongoDB cluster and all connected systems, we implement:

  • End-to-end encryption of data in transit and at rest
  • Regular security audits
  • Strict access controls and authentication
  • Continuous monitoring and threat detection
  • Automated backup procedures
  • Database-level encryption
  • Network isolation and security

14. Contact Us

Data Protection Officer: hello@aevahealth.com  Address: 71-75 Shelton Street, London WC2H 9JQ, UK.

For complaints, you may also contact: Information Commissioner's Office (ICO) www.ico.org.uk