App Privacy Policy

Version: 1.7

Last Updated: 20 January 2022

Privacy Policy – Apps

This is the App privacy notice of CareLoop Health Ltd (“CareLoop Health Ltd”, “we”, “us”, “our”) 

We are company number 13219481 registered in the United Kingdom.

Our registered office is at CareLoop Health Ltd, 46 Grafton Street, Manchester M13 9NT. Registered in England.


Effective date: 20/01/2022

Last reviewed: 20/01/2022


CareLoop Health Ltd (“CareLoop Health Ltd”, “we”, “us”, “our”) designs and develops applications (“Apps”) to empower users to manage their health condition and improve their health outcomes. This Privacy Policy relates to the collection and use of information (also referred to as “data”) by us in connection to our Apps.


This Privacy Policy and accompanying Terms of Service (“Terms”) apply to your use of our Apps, which are available through the Apple, Google Play, and any other App stores, in addition to our websites, subdomains, portals and APIs (Application Programming Interfaces).


CareLoop Health Ltd, with registered office and business address of: 46 Grafton Street, Manchester M13 9NT. Registered in England, Company number 13219481.


We believe that making data more easily available to patients will improve healthcare, but we are also aware that data needs to be handled securely and transparently. CareLoop Health Ltd respects your right to privacy and are committed to protecting your information. This privacy policy explains how we collect, transfer, store, and use your data.


Because the work CareLoop Health Ltd does takes place in the UK, the European Union’s “General Data Protection Regulation” (GDPR) applies to our processing of your personal data, even if you do not live in Europe. By installing and using our App you are deemed to have consented to us collecting your data and sharing it with your clinical team.


This is information about you, your health and your symptoms, as well as data shared by your phone such as your IP address and location. The minimum amount of data necessary for the App to function will be collected.

  • Symptom Data The App collects self-reported symptom data.  Data is linked to an individual via a unique CareLoop identifier which is allocated via the care team running the study or implementation project for which CareLoop is deployed. The information that the App requests will be retained by the project team in compliance with the protocol of the study or implementation project and used as described in this privacy policy. 
  • Entries into a daily diary Data entered into the diary is not transferred to our database. It is your choice whether to share this data with anybody else.

Examples of information that is automatically collected include:

We automatically collect certain information when you visit, use or navigate the Apps and/or websites. This information does not reveal your specific identity (like your name or contact information) but may include device and usage information, such as your IP address, browser and device characteristics, operating system, language preferences, referring URLs, device name, country, location, information about how and when you use our Apps and other technical information. This information is primarily needed to maintain the security and operation of our Apps, and for our internal analytics and reporting purposes.


The information that we collect from you will be transferred, stored, and processed within the European Economic Area (“EEA”). By using our Apps, you consent that information may be transferred, stored and processed outside your country of residence (if you currently reside outside the EEA). Your data will be stored for a period as long is deemed reasonably necessary by CareLoop Health Ltd for business and legal purposes and longer. It will then be permanently deleted. Symptom data is shared with your clinical team via a secure server.  The server is hosted in a secure AWS IS027001 hosting environment.


We only share information with your consent, to comply with laws, to provide you with services, to protect your rights, or to fulfil business obligations


Personal identifiable information (PII) is information that may be used to identify you as an individual. Examples of PII include name and email address. We do not collect any PII through the App


Pseudonymised information refers to information that does not contain PII and does not allow us to identify you. We may use pseudonymised information to understand, improve, and customize your experience with our Apps. Pseudonymised information is shared with members of your clinical care team who will be able to deanonymise your data in order that they may be able to better treat your symptoms.

De-identified information may be shared with third party affiliates. For example, aggregated information may be shared with researchers to better understand health conditions or with companies developing treatments. We may share your de-identified data with research partners for legitimate scientific studies that have the approval of an institutional research ethics committee and are using the CareLoop platform in that study. We will only share de-identified data if you have consented to data sharing.

Aggregated information refers to de-identified information that is combined with that of other users’ de-identified information to give an aggregate overview of certain statistics. It is by definition anonymous. We may use aggregated information to understand, improve, and customize our users’ experience with our services and Apps. Aggregated information may be shared with third party affiliates, agents or business partners.

Third party affiliates, agents, or business partners – we may engage with other third-party companies or individuals to perform certain business functions on our behalf. Examples may include providing technical assistance, order fulfilment, customer service, improving your experience of this App, and marketing assistance. These third-party organisations will only have access to the de-identified and aggregated information necessary to perform their functions. We will not share, sell, rent or trade any of your information with third parties for their promotional, marketing or any other purpose.

CareLoop uses third party hosting and software development services, AWS and DevRank, to host the server component of the software platform and develop the website and Apps that enables researchers and clinicians to view the data sent from end users’ phones. DevRank and AWS have access to the data collected by the CareLoop platform.  These third party providers comply with all Data Protection regulations.


As we develop as a business, there is a possibility that we may buy or sell businesses or assets. In the event of a corporate sale, merger, reorganisation, sale of assets, dissolution or other business-related event, your information may be part of the transferred assets.

If we receive a legal request for access to your information (e.g. from a court order, law enforcement authority, regulatory agency, etc.) we may disclose your information to the extent permitted by law. We may also share your information with legal advisors, consultants, or courts in order to protect and defend our rights and users of our services and Apps.


We place great importance on the security of all PII associated with our users. We have security measures in place to attempt to protect against the loss, misuse and alteration of personal information under our control.

Our Apps are designed with stringent security protocols. All data transport between your App and our servers is encrypted.

Periodic reviews of our security standards are carried out and our software development process has a checkpoint to identify any new risks when we define / develop new features.

However, with any electronic transmission and storage of data comes risk and we cannot guarantee that our databases, or those of our third-party affiliates, will be 100% secure. There is also a risk of data being intercepted while being transferred over the internet. If there is a personal data breach, our Data Protection Officer will report it to the competent supervisory authority without undue delay (not less than 72 hours after becoming aware of it). If a personal data breach is likely to result in a high risk to your rights and freedom, our Data Protection Officer will communicate the breach to you without delay.


You have a number of legal rights under the EU’s General Data Protection Regulation (GDPR). In summary, those include rights to:

  • Access your personal information
  • Require us to correct any mistakes in your information which we hold
  • Require the erasure of personal information concerning you in certain situations
  • You have a legal right to access, rectify, erasure and object to the use of your data free of charge. However, a reasonable fee may be charged for “repetitive requests”, “manifestly unfounded or excessive requests” or “further copies”
  • We are obliged under the GDPR to provide any requested information within one month of receiving a request. However, if a large number of requests are received or requests are complex, the time limit may be extended by a maximum of two further months
  • Receive the personal information concerning you which you have provided to us, in a structured, commonly used, and machine-readable format and have the right to transmit those data to a third party in certain situations
  • If your personal data was shared with a third party, then you have a right to request information about the identities of those third parties
  • You have a right to object to the processing of your personal data for the process of direct marketing, including profiling
  • Object to decisions being taken by automated means which produce legal effects concerning you or similarly significantly affect you
  • Object in certain other situations to our continued processing of your personal information
  • Otherwise restrict our processing of your personal information in certain circumstances
  • You have a right to complain to the EU’s Data Protection Authority (DPA) if you think your rights have been infringed upon ( or telephone +44 303 123 1113

For further information on each of these rights, including the circumstances in which they apply, see the Guidance from the United Kingdom Information Commissioner’s Office (ICO) on individuals’ rights under the General Data Protection Regulation

If you would like to exercise any of those rights, please email, call or write to our Data Protection Officer using the contact details given below

The General Data Protection Regulation also gives you the right to lodge a complaint with a supervisory authority, in particular in the European Union (or European Economic Area) state where you work, normally live or where any alleged infringement of data protection laws occurred. The supervisory authority in the UK is the Information Commissioner who may be contacted at or by calling +44 303 123 1113


We do not knowingly solicit data from or market to children under 16 years of age. By using the Apps, you represent that you are at least 16. If we learn that personal information from users less than 16 years of age has been collected, we will deactivate the account and take reasonable measures to promptly delete such data from our records. If you become aware of any data we have collected from children under age 16, please contact us


Most web browsers and some mobile operating systems and mobile applications include a Do-Not-Track (“DNT”) feature or setting you can activate to signal your privacy preference not to have data about your online browsing activities monitored and collected. No uniform technology standard for recognizing and implementing DNT signals has been finalized. As such, we do not currently respond to DNT browser signals or any other mechanism that automatically communicates your choice not to be tracked online. If a standard for online tracking is adopted that we must follow in the future, we will inform you about that practice in a revised version of this privacy notice.


This Privacy Policy is effective as of the date listed previously at the start of this document. This Privacy Policy may be changed or updated at any time in the future without notice to you. This Privacy Policy is available for you to review at all times on our Apps and website. It is recommended that you regularly review it. By using our Apps after we have updated our Privacy Policy, you are deemed to have accepted any changes.


Please submit any questions, concerns or comments you have about this policy or any requests concerning your personal data to or write to our Data Protection Officer at:

CareLoop Health Ltd, 46 Grafton Street, Manchester M13 9NT. Registered in England.