Privacy Notice & Medical Disclaimer
Last Updated: 1st Dec 2025
1. Introduction
MyADHDTracker Ltd ("we", "us", or "our") is committed to protecting your privacy. We operate the MyADHDTracker mobile application (the "App").
We are the Data Controller for the personal information you enter into the App. This Notice explains how we collect, use, and store your data in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
2. Important: Medical Disclaimer & Liability
The App is a passive data recording tool only.
- • No Medical Advice: We do not provide medical diagnosis, treatment, or advice. The App does not interpret your data, flag health risks, or provide "red alerts."
- • No Monitoring: We do not monitor your data in real-time. If you enter data indicating a health crisis (e.g., severe side effects or dangerous vital signs), we will not be alerted and cannot intervene.
- • Emergency: In a medical emergency, you must contact 999 or your GP immediately. Do not rely on this App for safety.
- • User Responsibility: You are solely responsible for the accuracy of the data you enter and for any decision to share this data with healthcare professionals.
3. Data We Collect
We classify your data into two legal categories as required by UK law:
A. Personal Data (General)
- • Identity: Name, Date of Birth (to verify age).
- • Contact: Email address (for account security).
- • Technical: IP address, device model, and operating system (collected automatically to fix bugs and maintain security).
B. Special Category Data (Health)
- • Vital Signs: Weight, Heart Rate, Blood Pressure.
- • Medication Records: Drug names, dosages, and adherence logs.
- • Health Journal: Symptom logs, mood scores, sleep quality, and side effect records.
- • Audio Notes: Voice memos regarding your symptoms (if you choose to record them).
4. Our Lawful Basis for Processing
Under the UK GDPR, we must have a lawful basis for processing your data. We rely on the following:
| Data Type | Lawful Basis | Explanation |
|---|---|---|
| Account & Identity | Contract (Art. 6(1)(b)) | Necessary to provide the App service you signed up for. |
| Health Data | Provision of Health Care (Art. 9(2)(h)) | Necessary for the management of your own health records via our platform. |
| App Analytics | Legitimate Interests (Art. 6(1)(f)) | Necessary to improve App stability, fix crashes, and ensure security. |
| Clinical Integration | Explicit Consent (Art. 9(2)(a)) | You actively choose to link your account to your clinician. |
5. Where We Store Your Data
We are a UK-based company. Your personal health data is encrypted and stored securely on servers located physically within the United Kingdom (AWS London Region, managed by Supabase).
We do not transfer your health data outside the UK or EEA. If our infrastructure providers change, we will ensure strictly equivalent legal safeguards are in place (e.g., UK International Data Transfer Agreements).
6. Who We Share Your Data With
We strictly do not sell your personal or health data. We share data only in the following specific circumstances:
A. Healthcare Integration (API)
If you explicitly choose to link your App account with your registered clinic or hospital system (via our secure API), we will transmit your health logs to them.
- • Legal Basis: Performance of Contract and Explicit Consent.
- • Security: Data is transferred via encrypted HTTPS/TLS 1.2+ channels.
B. At Your Direction (User-Generated Reports)
If you use the App to generate a report (e.g., PDF export) and choose to share it via email, messaging, or other apps:
- • Transfer of Control: You acknowledge that once the file is generated, the data leaves our secure systems.
- • Your Responsibility: You are solely responsible for securing that file and ensuring it is sent to the correct recipient. We are not liable for data breaches caused by user error (e.g., sending a report to the wrong email address).
C. Service Providers
We use trusted third-party companies to provide our infrastructure. They act as Data Processors and process data only on our strict instructions:
- • Database Hosting: Supabase (UK Region).
- • Analytics: Google Analytics (Anonymised usage data only).
D. Legal Authorities
We may disclose your data if required to do so by UK law (e.g., in response to a court order).
7. How Long We Keep Your Data
- • Active Accounts: We keep your health records for as long as your account remains active to provide you with your history.
- • Deleted Accounts: If you choose to delete your account, your data is permanently removed from our live systems immediately and from our backups within 30 days.
8. Your Rights
Under the UK GDPR, you have the following rights:
- • Right of Access: You can request a copy of all personal data we hold about you.
- • Right to Rectification: You can correct wrong information (e.g., a wrong medication dosage) directly in the App.
- • Right to Erasure ("Right to be Forgotten"): You can delete your entire account and history via the App settings at any time. This is irreversible.
- • Right to Portability: You can request a download of your raw data in a machine-readable format (JSON).
- • Right to Restrict Processing: You can ask us to pause processing your data if you believe it is inaccurate.
To exercise any of these rights, please contact us using the details below.
9. Complaints
If you have concerns about how we handle your data, please contact our Data Protection Lead first.
Email: support@myadhdtracker.app
If you remain unhappy, you have the right to lodge a complaint with the UK regulator:
- • Information Commissioner's Office (ICO)
- • Website: https://ico.org.uk/make-a-complaint/
- • Helpline: 0303 123 1113
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of any significant changes via the App or email.