Pilot Privacy Notice
This privacy notice explains how Patiento Innovations Ltd handles your personal information in connection with the Patiento pilot. You are being shown this notice before you decide whether to take part, so that you can make an informed decision.
At a glance
- Patiento is a mobile app that lets you store your own health information privately on your own phone.
- Your health records stay on your device. We never see them, never receive them, and never transmit them anywhere.
- We do hold some information about you as a pilot participant: an anonymous participant number, your email address, your consent record, any feedback you send us, and high-level app usage information.
- The pilot app is iOS only and distributed through Apple TestFlight. Apple operates TestFlight under its own privacy policy.
- Your app account is anonymous — we identify you by a participant number, not your name.
- You can withdraw from the pilot at any time without giving a reason.
1Who we are
Patiento Innovations Ltd is the data controller for the information we process about you as a pilot participant.
| Controller | Patiento Innovations Ltd (trading as Patiento) |
| Address | 2B Lyndhurst Grove, Chaddesden, Derby, DE21 6RX |
| ICO number | ZC093468 |
| ewa.lobato@patiento.io |
Our Data Protection Officer (DPO)
| DPO | Michael-Dann Joseph, Acorn Compliance |
| michael-dann@acorncompliance.com | |
| Address | Acorn Compliance, 7 Bell Yard, London WC2A 2JR |
2What we collect and what we do not
What we do collect
| Participant number | An anonymous identifier we allocate to you. We do not collect your name as part of your account. |
| Email address | Held separately from your participant number. Used to invite you, send the TestFlight link, and contact you for optional feedback. |
| Consent record | A record of the consent you give to take part, including the date and version of this notice. |
| Feedback and communications | Any feedback or messages you choose to send us during the pilot. |
| App usage analytics | High-level information about how you use the app — which screens you visit, which features you tap, how long you use the app. See section 4 for full detail. |
What we do not collect
We do not collect, receive, or have any access to:
- The health information you store in the app — NHS letters, medication lists, diagnoses, appointment details, or anything else you choose to put in.
- The contents of any document you upload.
- Your biometric data (Face ID or Touch ID).
- Your device location.
- Your contacts, photos, or any other data on your phone outside the app.
The health information you store in the app stays on your device. It is not transmitted to us, not backed up to our servers (we do not have any), and not shared with anyone. You are in sole control of it.
3Why we process this information, and our legal basis
| Purpose | Information used | Legal basis |
|---|---|---|
| Contacting you to invite you to the pilot | Email address | Legitimate interests (Article 6(1)(f) UK GDPR). You have the right to object. |
| Running the pilot once you agree to take part | Participant number, email, consent record, feedback, communications | Your consent (Article 6(1)(a) UK GDPR). You can withdraw at any time. |
| Understanding how the app is used and improving it | High-level app usage analytics | Legitimate interests (Article 6(1)(f) UK GDPR). You have the right to object. |
4App usage analytics
What the analytics cover
- Which screens you open in the app.
- Which features you use (for example, tapping a button, opening a section).
- General patterns of use — how often and for how long the app is used.
What the analytics do not cover
- The health information you store in the app.
- The contents of any document you upload.
- Your name, email address, or any other direct identifier.
- Any advertising identifier or device fingerprint.
Analytics events are only linked to your anonymous participant number. Patiento is the only organisation that handles these analytics — we do not use any third-party analytics provider. Your analytics data is processed and stored within the United Kingdom.
You have the right to object to this processing under Article 21 UK GDPR. See section 8.
5Biometric authentication (Face ID / Touch ID)
The app uses your device's built-in biometric authentication to help you protect access to the app. We strongly encourage you to enable this at onboarding.
Your biometric data is created, stored, and checked entirely by your iPhone inside the Secure Enclave. The app only receives a simple yes or no result from the operating system. Patiento never sees, stores, or transmits your biometric data.
If biometric authentication is not available, your iPhone will fall back to your device passcode. This behaviour is controlled by Apple, not Patiento.
A note on shared devices
If you share your device with someone else, or if someone else knows your device passcode, they may be able to access the app. Please keep this in mind when deciding what to store.
6How we deliver the app — Apple TestFlight
The pilot version of Patiento is distributed through Apple TestFlight. Apple operates TestFlight as a separate and independent data controller under its own privacy policy.
We strongly encourage you to review Apple's privacy policy at apple.com/legal/privacy. Because the pilot is iOS only, using TestFlight is a requirement of participating.
7Cloud backup — please read this carefully
If your iPhone is set to back up to iCloud, the information you store in the Patiento app — including your health records — may be included in those backups. If that happens, your health information is being transmitted to iCloud servers by Apple, outside Patiento's control.
What you should do
- Check whether your device backs up to iCloud: Settings → [your name] → iCloud → iCloud Backup.
- To exclude Patiento from iCloud backup: Settings → [your name] → iCloud → Manage Account Storage → Backups → [your device] → Patiento.
- Decide for yourself what level of backup is right for the information you choose to store.
8Your rights under data protection law
These rights apply to the pilot administration data we hold. They do not apply to health information on your device, because we do not hold that — only you do.
| Right of access (Art. 15) | Ask us for a copy of the information we hold about you. |
| Right to rectification (Art. 16) | Ask us to correct information that is wrong or incomplete. |
| Right to erasure (Art. 17) | Ask us to delete the information we hold about you. |
| Right to restrict processing (Art. 18) | Ask us to stop using your information while we look into a concern. |
| Right to data portability (Art. 20) | Ask us to provide your information in a machine-readable format. |
| Right to object (Art. 21) | Object to processing based on legitimate interests — invitation email and analytics. |
| Right to withdraw consent (Art. 7(3)) | Withdraw your consent to take part at any time, as easily as you gave it. |
| Right to complain (Art. 77) | Complain to the ICO at any time: ico.org.uk · 0303 123 1113. |
To exercise any right, contact our DPO (details in section 1). We will respond within one calendar month.
9How long we keep your information
| Participant number | Duration of the pilot plus 12 months. |
| Email address | Duration of the pilot plus 12 months. |
| Consent record | Duration of the pilot plus 12 months. |
| Feedback and communications | Duration of the pilot plus 12 months. |
| App usage analytics | Duration of the pilot plus 12 months. |
| Health information in the app | Kept on your device for as long as you choose. Patiento holds no copy. |
10Who we share your information with
We do not sell your information. We do not share it with advertisers or any third-party analytics provider. We would only share information in these circumstances:
- With service providers who help us run our internal systems, under written contracts meeting Article 28 UK GDPR requirements.
- Where we are required to by law — for example, in response to a lawful order from a regulator, court, or law enforcement authority.
- Where you ask us to share specific information on your behalf.
11International transfers
We process and store the pilot information we hold about you within the United Kingdom. We do not transfer this information outside the UK.
Please note that Apple (in connection with TestFlight) is an international company and processes information under its own policies. If your device backs up to iCloud, any backup activity involves transmission to iCloud servers by Apple, outside our control.
12If you want to share the app with someone else
You are welcome to share a link to the pilot with others. The person receiving the link can then contact us themselves to ask about taking part. They submit their own details — you do not submit their details on their behalf. We do not accept third-party personal information through referrals.
13Children
The Patiento pilot is intended for adults aged 18 or over. If you are under 18, please do not enrol. If you believe a child under 18 has enrolled, please contact us.
14Changes to this notice
If we make material changes to how we handle your information during the pilot, we will let you know by email and, where appropriate, ask for your renewed consent.
| Version 1.0 | Issued for the pilot. First version. |
15Contact us
ewa.lobato@patiento.io
michael-dann@acorncompliance.com
7 Bell Yard, London WC2A 2JR
Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF