Back to Home

Privacy Policy

Last updated: 1 April 2026

HealthNest Ltd ("HealthNest", "we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal and health data when you use our platform and services.

1. Who We Are

HealthNest Ltd is a company registered in England and Wales. Our registered office is at 1 Fore Street, London EC2Y 5EJ. We are the data controller for personal data collected through our platform.

2. Data We Collect

We collect the following categories of data:

  • Account data: name, email address, password (hashed), date of birth, and contact details.
  • Health data: mood logs, journal entries, assessment results, session notes (shared with your consent), and therapy goals.
  • Usage data: pages visited, features used, session duration, and device information.
  • Communication data: messages sent via our platform, support tickets, and feedback.

3. Legal Basis for Processing

We process your data under the following lawful bases:

  • Contract performance: to provide the services you have subscribed to.
  • Legitimate interests: to improve our platform and ensure security.
  • Explicit consent: for special category health data and marketing communications.
  • Legal obligation: where required by UK law.

4. How We Use Your Data

We use your data to provide, personalise, and improve our mental health platform, match you with appropriate therapists, communicate with you about your account, and comply with regulatory obligations.

5. Data Sharing

We do not sell your personal data. We may share it with:

  • Therapists on our network, solely to provide your care.
  • Trusted sub-processors (e.g., secure cloud hosting, payment processors) under strict data processing agreements.
  • Regulatory bodies or law enforcement where legally required.

6. Data Security

All personal and health data is encrypted at rest using AES-256 and in transit using TLS 1.3. We conduct regular penetration tests and maintain ISO 27001-aligned security practices.

7. Data Retention

We retain your account data for as long as your account is active, plus a period of 7 years for legal compliance. Health data is retained for 8 years in line with NHS data retention guidelines, unless you request deletion earlier (subject to legal constraints).

8. Your Rights

Under UK GDPR, you have the right to access, rectify, erase, restrict, or port your personal data. You may also object to certain processing or withdraw consent at any time. To exercise these rights, contact us at hello@healthnest-ai.com.

9. International Transfers

We store all data on servers located in the UK and European Economic Area. Any transfers outside this area are protected by appropriate safeguards, including Standard Contractual Clauses.

10. Cookies

We use cookies to operate and improve our platform. See our Cookie Policy for full details.

11. Changes to This Policy

We may update this policy from time to time. We will notify you of material changes via email or a prominent notice on our platform.

12. Contact Us

If you have questions about this Privacy Policy, please contact our Data Protection Officer at hello@healthnest-ai.com or write to us at 1 Fore Street, London EC2Y 5EJ.