Privacy Policy

HealthOS is a product of Jwebly Ltd, a company registered in England and Wales (Company No. 16122803), trading as Jwebly Health. Our registered address is available on Companies House. You can contact us at hello@jwebly.co.uk.

We may collect the following categories of personal data:

• Account data: Name, email address, phone number, and clinic details provided during registration or onboarding.
• Usage data: How you interact with the platform, including pages visited, features used, and session data.
• Communications: Messages, enquiries, and correspondence sent to us directly.
• Clinical data (platform users only): Patient data processed by your clinic within the HealthOS platform. This data is processed on your behalf as a data processor.
• Payment data: Billing details processed through our payment provider (Stripe). We do not store card details.

We process your personal data under the following lawful bases as set out in the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018:

• Contract: Processing necessary to deliver the HealthOS platform under your subscription agreement.
• Legitimate interests: Security monitoring, platform improvement, and fraud prevention.
• Legal obligation: Compliance with applicable law, including HMRC requirements.
• Consent: Marketing communications where you have opted in.

We use your data to:

• Provide, operate, and improve the HealthOS platform
• Process payments and manage your subscription
• Send platform updates, security alerts, and service communications
• Respond to enquiries and support requests
• Comply with our legal and regulatory obligations

All data processed by HealthOS is stored within the United Kingdom and European Economic Area. We use Supabase (PostgreSQL) as our primary data store, with encryption at rest and in transit. We implement technical and organisational measures aligned with ISO 27001 and Cyber Essentials standards to protect your data against unauthorised access, disclosure, or loss.

We retain your personal data for as long as your account remains active or as required to fulfil our legal obligations. Clinic patient data is retained in accordance with your data processing agreement and applicable healthcare record-keeping requirements. On account termination, data is deleted or anonymised within 90 days unless a longer retention period is legally required.

Under the UK GDPR, you have the right to:

• Access the personal data we hold about you
• Request correction of inaccurate data
• Request erasure of your data (right to be forgotten)
• Object to or restrict certain processing activities
• Request portability of your data in a machine-readable format
• Withdraw consent at any time where processing is based on consent

To exercise any of these rights, contact us at hello@jwebly.co.uk. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

We use carefully selected third-party processors to deliver our service, including Supabase (database), Anthropic (AI inference), Stripe (payments), and Vercel (hosting). All processors are bound by data processing agreements and are required to maintain equivalent data protection standards.

We may update this Privacy Policy from time to time. Material changes will be communicated to active platform users by email. Continued use of the platform following an update constitutes acceptance of the revised policy.