Our partnership's data security standards and privacy policy for all our apps and websites include the following.

  1. We never pass on your personal information to anyone. Personal information is only disclosed with the user's agreement, or if required by law.
  2. Users' personal data is only connected when the user registers through an online account. When the user asks to register, a simple privacy and security conversation is generated on the users mobile phone or web page. This conversation explains the key elements of this policy, and asks the user to agree to them.
  3. We keep the connected database of users personalised data on a different server to that used for the website/app.
  4. We do not use plain text files for person/patient data, but use encryption via AES 256.
  5. We set a secure, minimum recommended password length for all our registered users. This is a password length 16 characters, including Symbols, Numbers, Lowercase and Uppercase Characters. We offer them an Auto-Select facility via http://passwordsgenerator.net/. Passwords are generated on the client side, and are NOT send across the Internet.
  6. We use 2 factor authentication, asking each user to register a personal answer to a common question such as mother's maiden name.
  7. User data will be protected by using electronic safeguards.
  8. Cookies will be used, and log files will be collected.
  9. Each user will be given the choice of receiving emails and or SMS messages, or not, for each category of response by the system.
  10. Aggregated user data may be used for creating statistics, but will not contain personal data.
  11. Our data centre provider is registered to be achieving the standard ISO 27001
  12. Intrusions monitoring is included.
  13. We use the NHS Data Model and Dictionary, version 3 from HSCIC, that provides a reference point for approved Information Standards and Collections, and we register for it at http://www.datadictionary.nhs.uk/.
page updated 06/05/17