Legal

Privacy Policy

Last updated June 2026

This policy explains how Laive Health handles personal data. It reflects how the service is designed to operate when the live, patient-facing service launches.

Our role

For patient health data, the provider (your pharmacy or clinic) is the data controller and Laive Health acts as a data processor on their instructions, under a written data-processing agreement. For our own business contacts, such as provider enquiries, we act as the controller.

What we process

For the live service: identifiers and contact details, treatment and check-in information, messages between patients and their care team, and appointment records. Health data is special-category data under UK GDPR and is treated accordingly.

For enquiries: the name, organisation and contact details you choose to share with us.

Lawful basis

Patient health data is processed on the lawful bases relied on by the provider, including the provision of health care. Business-contact data is processed on the basis of our legitimate interest in responding to your enquiry.

Where data is stored

The live service stores patient data in a United Kingdom or European Union region. We do not sell personal data, and notification emails never contain clinical content.

Retention

Clinical records are retained in line with the provider's retention policy and professional record-keeping obligations. Clinical notes and messages are append-only: corrections create a new version rather than erasing the original.

Cookies

We keep cookies to a minimum. The application uses strictly necessary cookies to keep you signed in and to keep the service secure; these are essential and cannot be turned off without breaking core functionality. The public website runs without advertising or cross-site tracking cookies. Where we embed a third-party form (for example, an enquiry form), that provider may set its own cookies when the form is loaded. You can control or delete cookies through your browser settings. If we introduce analytics in future, we will update this notice and, where required, ask for your consent first.

Your rights

You have rights over your personal data under UK GDPR, including access, rectification and erasure. Patients should contact their provider, who is the controller for their care record. For other requests, contact laivehealth@gmail.com.

This page is a plain-English scaffold provided for transparency. It is not legal advice and will be finalised with professional review before the live service handles real patient data.