Skip to main content
i
HalewellInflect
Back to Halewell

Legal

Privacy Policy

Last updated May 2026

Halewell Health (“we”, “us”) is the data controller for personal data you provide through the Halewell app. This policy explains what we collect, why, and your rights under the UK GDPR and the Data Protection Act 2018.

1. What we collect

  • Account data: name, email address, encrypted password.
  • Health and wellbeing data (special category): mood check-ins, eating logs, weight, blood pressure, triggers and Pause outcomes.
  • Usage data: pages visited, reminder interactions, device type.

2. Lawful basis

  • Article 6(1)(b) — performance of our contract with you.
  • Article 9(2)(a) — your explicit consent to process special-category health data.
  • Article 9(2)(h) — provision of health or social care, where you are using Halewell as part of an NHS service.

3. How we use your data

  • To run your 12-week behaviour loop and personalise reminders.
  • To produce the practitioner summary you choose to share.
  • To improve the service in aggregated, de-identified form only.

4. Sharing

We never sell your data. We share with: your nominated practitioner (only when you opt in), our hosting processor (Supabase, EU region), and email delivery for reminders. All processors are bound by data-processing agreements.

5. Retention

Your data is retained for the duration of your account plus 12 months, after which it is deleted or fully anonymised. You can request deletion at any time.

6. Your rights

  • Access, rectification, erasure, restriction and portability of your data.
  • Withdraw consent at any time without affecting prior processing.
  • Complain to the UK Information Commissioner’s Office (ico.org.uk).

7. Contact

Email dpo@halewell.health for any data-protection request.