Join our newsletter
You're subscribed.
Please enter a valid email address.
Who we serve
Impact
Company
Contact
Designed in the United Kingdom 🇬🇧
© 2025 Aide Health
Last updated: January 2026
This Privacy Policy explains how Aide Health Limited ("Aide", "we", "us", or "our") collects, uses, shares, and protects personal data when you use our websites, mobile applications, and services, including the Aide and Mirror products (together, the "Services").
This policy is intended to meet the requirements of UK law, including the UK GDPR and Data Protection Act 2018, and to comply with applicable US federal and state privacy laws.
Aide Health Limited is a private limited company incorporated in England and Wales under company number 13126170, with its registered office at 124 Finchley Road, London, England, NW3 5JS.
For UK and EU data protection law, Aide Health Limited is the data controller for personal data processed through the Services, except where we act as a data processor on behalf of a healthcare organisation.
Data Protection Officer
We have appointed a Data Protection Officer (DPO) who is responsible for addressing any questions regarding this privacy notice. If you have any questions, including requests to exercise your legal rights, please contact the DPO:
You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would appreciate the opportunity to address your concerns before you approach the ICO; please contact us in the first instance.
This policy applies to:
Different legal provisions apply depending on your location. Where relevant, we explain UK-specific and US-specific rights and obligations below.
Third-party links
Our website and apps may include links to third-party websites, plug-ins, and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website or app, we encourage you to read the privacy notice of every website or app you visit.
We may collect and process the following categories of data:
3.1 Identity and contact data
3.2 Health and well-being data
Depending on how you use the Services, this may include:
Health data is treated as special category data under UK law and as consumer health data under applicable US state laws.
3.3 Special category data
In addition to health data, we may collect details of your race or ethnicity, sex life, and sexual orientation where you choose to provide this information, and it is relevant to the Services. We do not infer this information from other data.
3.4 Technical and usage data
3.5 Communications
We use different methods to collect data from and about you:
Direct interactions
You may provide Identity, Contact, Profile, and Health Data by corresponding with us, filling in forms on our website or app, signing up for our services, or giving us feedback.
Automated technologies
When you interact with our website or apps, we may automatically collect Technical Data using cookies and similar technologies. Please see our cookies policy at aide.health/cookie-policy for further details.
Third parties
We may receive personal data from third parties, including your doctor or GP surgery (for Health Data) and analytics providers.
We use personal data to:
We do not sell personal data.
Under UK data protection law, we rely on the following lawful bases:
You may withdraw consent at any time.
7.1 General US privacy framework
For users in the United States, we comply with applicable federal privacy and consumer protection laws, including the Federal Trade Commission Act, which prohibits unfair or deceptive practices.
7.2 Health Breach Notification Rule
If unsecured personal health information of US users is compromised, we will provide notifications as required under the FTC's Health Breach Notification Rule, including notice to affected individuals and, where required, to the Federal Trade Commission.
7.3 HIPAA
Some users access Aide or Mirror through healthcare providers or other organisations.
Where Aide acts as a service provider or business associate to a HIPAA-covered entity, and processes protected health information on their behalf, we will comply with applicable HIPAA Privacy, Security, and Breach Notification Rules under a separate Business Associate Agreement.
Where you use the Services directly as a consumer, HIPAA may not apply. This policy explains how we protect your data in those circumstances.
7.4 State privacy laws
California (CCPA/CPRA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act (as amended by the California Privacy Rights Act). These include the right to know what personal information we collect and how we use it, the right to delete your personal information, and the right to opt out of the sale or sharing of your personal information. We do not sell personal information. To exercise your rights, contact us at dpo@aide.health.
Washington (My Health My Data Act)
If you are a Washington resident, the Washington My Health My Data Act provides additional protections for consumer health data. We will obtain your consent before collecting or sharing consumer health data, except where an exemption applies. You have the right to access, delete, and withdraw consent to the processing of your consumer health data.
Other states
Residents of other US states with comprehensive privacy laws (including Virginia, Colorado, Connecticut, and others) may have similar rights. Please contact us to exercise any applicable rights.
8.1 UK rights
Under UK data protection law, you have the right to:
8.2 US rights
Depending on your state of residence, you may have the right to:
8.3 How to exercise your rights
You can exercise these rights by contacting us at dpo@aide.health. We may need to verify your identity before we can respond. You will not usually be charged a fee, but we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive.
We may use de-identified or aggregated data that no longer reasonably identifies you. This data may be used for research initiatives, analytics, service improvement, and reporting.
We may include such anonymised data in reports on the effectiveness of our services, which we may provide to pharmaceutical companies, research organisations, and healthcare providers.
We may share personal data with:
We do not share health data with third parties for advertising purposes.
All service providers are required to protect personal data and use it only for the agreed-upon purposes.
Your data may be processed outside the UK or the United States. Where we transfer your personal data outside the UK, we ensure a similar degree of protection by implementing at least one of the following safeguards:
We use technical and organisational measures designed to protect personal data, including encryption, access controls, and secure infrastructure. We limit access to your personal data to those employees, agents, contractors, and third parties who have a business need to know. They are subject to a duty of confidentiality.
We have procedures to deal with any suspected personal data breach and will notify you and any applicable regulator where we are legally required to do so.
No system is completely secure, but we take reasonable steps to protect your information.
We retain personal data only for as long as necessary to provide the Services and meet legal, regulatory, tax, accounting, or reporting requirements. You may request deletion of your account at any time.
In some circumstances, we may anonymise your personal data so that it can no longer be associated with you, in which case we may use this information indefinitely without further notice to you.
The Services are not intended for children under 13 in the United States or under 16 in the United Kingdom.
We do not knowingly collect personal data from children in these age groups. If we become aware that we have done so, we will delete the data promptly.
We may update this policy from time to time. Material changes will be communicated through the Services or by other appropriate means.
If you have questions or concerns about this policy or how we handle your data, please contact:
You also have the right to lodge a complaint with:
Comply with a legal obligation means processing your personal data where it is necessary for compliance with a legal or regulatory obligation that we are subject to.
Legitimate interest means the interest of our business in conducting and managing our business to enable us to give you the best service and the most secure experience. We consider and balance any potential impact on you and your rights before we process your personal data for our legitimate interests.
Performance of a contract means processing your data where it is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract.
Consumer health data (US) means personal information that is linked or reasonably linkable to a consumer and that identifies the consumer's past, present, or future physical or mental health status, as defined under applicable state laws such as Washington's My Health My Data Act.