Privacy Policy

Last updated 1st February 2026

Inherit Health Privacy Policy

Effective Date: 15 April 2025
Company Number: 15883598
Registered Office: 3rd Floor, 86–90 Paul Street, London, EC2A 4NE
Contact: app@inherit.healthcare

Inherit Health Ltd (“Inherit”, “we”, “us”, or “our”) is committed to protecting your personal data and respecting your privacy.

This Privacy Policy explains how we collect, use, and protect your information when you use the Inherit mobile application and related services (the “Platform”).

We comply with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and applicable UK privacy laws.

1. Who We Are

Inherit Health Ltd is a UK-registered digital health technology company and the data controller responsible for your personal data.

We are registered with the UK Information Commissioner’s Office (ICO).

2. Data We Collect

We collect only the data necessary to operate and improve the Platform.

2.1 Account Data

  • Email address (via Apple or Google sign-in)

  • Unique user ID

  • Referral codes and rewards activity

  • Basic technical/device information

We do not require your full legal name.

2.2 Health and Survey Data (Special Category Data)

If you choose to use our surveys or screening tools, we collect:

  • Self-reported health information

  • Symptom and lifestyle data

  • Screening questionnaire responses

  • AI-generated summaries based on your inputs

  • Optional family sharing connections (if enabled)

This data is considered special category health data under UK GDPR.

2.3 Usage Data

We collect limited technical data such as:

  • App usage metrics

  • Device type

  • Error logs and performance data

This helps us maintain and improve the Platform.

3. How We Use Your Data

We use your data to:

  • Provide the Platform and its features

  • Generate personalised insights and summaries

  • Maintain account and reward systems

  • Improve performance and reliability

  • Produce anonymised health insights and research

  • Comply with legal obligations

We do not sell your personal data.

4. Legal Basis for Processing

Under UK GDPR, we rely on:

Contract:
To provide and operate the Platform.

Consent:
Where you voluntarily provide health information or choose to participate in optional features.

Legitimate Interests:
To maintain, improve, and secure the Platform.

Legal Obligations:
Where processing is required by law.

Health data is processed based on your explicit provision of that data within the Platform and your acceptance of these Terms and this Privacy Policy.

5. Research and Anonymised Data

We may use anonymised and aggregated data to:

  • Understand health trends

  • Improve the Platform

  • Support health research and insights

This data does not identify you personally.

6. Data Sharing

We do not sell your data.

We may share data with trusted service providers who help operate the Platform (for example, secure cloud hosting and infrastructure providers).
These providers process data only on our instructions and under appropriate contracts.

Where data is shared for research or insights, it is anonymised and cannot reasonably identify you.

7. Data Storage and Security

Your data is stored securely using reputable cloud infrastructure providers.

We use appropriate technical and organisational measures including:

  • Encryption in transit and at rest

  • Access controls

  • Secure hosting environments

While we take reasonable steps to protect your data, no system can guarantee absolute security.

8. Data Retention

We retain data only as long as necessary:

  • Account data: while your account remains active

  • AI-generated summaries: up to 6 months

  • Anonymised research data: may be retained for analysis

  • Deleted accounts: data is deleted or anonymised unless retention is legally required

9. Your Rights

Under UK GDPR you have the right to:

  • Access your personal data

  • Correct inaccurate data

  • Request deletion of your data

  • Object to or restrict processing

  • Request a copy of your data

To exercise your rights, contact:
app@inherit.healthcare

We will respond within the timeframe required by law.

You also have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO).

10. Children

The Platform is intended for users aged 16 and over. Those with parental consent will be able to manage their children’s accounts where they have the right to do so.

11. Changes to This Policy

We may update this Privacy Policy from time to time.

If we make significant changes, we will update the effective date and provide notice within the Platform where appropriate.

Continued use of the Platform indicates acceptance of the updated policy.

12. Contact

For privacy or data protection queries:

Inherit Health Ltd
Email: app@inherit.healthcare