.svg)
Privacy Policy
Last Updated: January 27, 2025
Introduction
This Privacy Policy explains how Aeva Health Ltd ("we," "us," or "our") handles your personal data when you use our website, mobile application, AI health services, and virtual consultations (collectively, the "Services").
Important Notice
- You must be 18 years or older to use our Services
- By accessing or using our Services, you are agreeing to this Privacy Policy
- If you do not agree with this Privacy Policy, please do not use our Services
- This policy should be read alongside our Terms and Conditions and Cookie Policy
Contact our Data Protection Officer at:
- Email: privacy@aevahealth.com
- Address: 71-75 Shelton Street, London WC2H 9JQ, UK
1. Who We Are
Aeva Health Ltd is registered in England and Wales (Company No. 15462448) with a registered office at 71-75 Shelton Street, London WC2H 9JQ, UK. We are registered with the Information Commissioner's Office under registration number 00018109281.
2. Types of Personal Data We Collect
2.1 Health and Medical Information
- Medical history and symptoms
- Treatment plans and outcomes
- Wellness and lifestyle information
- AI health assistant (AiEva) interactions
- Virtual consultation records
- Practitioner notes and recommendations
2.2 Account Information
- Name and contact details
- Date of birth
- Login credentials
- Profile preferences
2.3 Technical Information
- Device identifiers
- IP address
- Browser type
- Operating system
- Usage patterns
3. Third-Party Service Providers
We use the following service providers to deliver our Services:
3.1 Infrastructure
- Digital Ocean: Cloud hosting services
- MongoDB: Database management
- Firebase: Application services
3.2 Communications
- Active Campaign: Email marketing
- Postmark: Transactional emails
3.3 Scheduling
- Cal.com: Appointment scheduling
3.4 Analytics and AI
- Google Analytics: Website analytics
- AiEva: Our proprietary AI health assistant built on customised GPT technology
Important Note: Our AI assistant (AiEva) is designed with privacy-by-design principles. No personal or sensitive health data is shared with external AI providers. All health-related processing occurs within our secure UK infrastructure.
Each service provider processes data in accordance with their own privacy policies and our data processing agreements.
4. How We Use Your Information
4.1 Core Services
- Providing virtual health consultations
- Operating our AI health assistant (AiEva)
- Managing your account
- Processing appointments
4.2 AI and Machine Learning
With your explicit consent, we use anonymised health data to:
- Train and improve AiEva
- Develop personalised health insights
- Enhance prediction accuracy
- Improve service quality
5. Data Storage and Security
5.1 Storage Location
- Primary data storage: UK-based MongoDB cluster
- Encrypted backup storage: UK jurisdiction only
5.2 Security Measures
- End-to-end encryption
- Regular security audits
- Access controls
- Continuous monitoring
- Incident response procedures
6. Your Rights
Under UK GDPR, you have the right to:
- Access your data
- Correct inaccuracies
- Request deletion
- Restrict processing
- Data portability
- Withdraw consent
- Object to processing
7. Data Retention
We retain your data for:
- Active accounts: Duration of service
- Deleted accounts: 90 days post-deletion
- Medical records: 8 years (as required by UK law)
- Chat logs: 2 years
8. Changes to This Policy
We will notify you of material changes via:
- Email notification
- In-app alerts
- Website notices
9. Contact Us
For privacy-related inquiries:
- Data Protection Officer: privacy@aevahealth.com
- Technical Support: support@aevahealth.com
- Address: 71-75 Shelton Street, London WC2H 9JQ, UK
For complaints, you may also contact:Information Commissioner's Office (ICO) www.ico.org.uk
