TinyMedicalApps

1. Introduction

TinyMedicalApps Ltd ("TMA", "we", "us", or "our") is committed to protecting your privacy and the privacy of your child. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our digital health passport applications and services.

Data Controller: TinyMedicalApps Ltd
Company Number: [PLACEHOLDER: Company registration number]
Registered Address: [PLACEHOLDER: Company address]
ICO Registration Number: [PLACEHOLDER: ICO registration]

This policy covers all TMA digital health passports including the Asthma Passport, Epilepsy Passport, Autism & Learning Disability Passport, Sickle Cell Passport, and Wellbeing Passport.

2. Information We Collect

Account Information

When you register for a TMA passport, we collect:

Email address
Name (parent/guardian and child)
Password (encrypted)
NHS number (optional, with consent)

Child's Health Information

With your explicit consent as a parent or guardian, we collect health information about your child to provide the passport service. This may include:

Condition-specific health information (e.g., asthma triggers, seizure types)
Medication details and dosages
Emergency action plans
Healthcare provider information
Appointment dates and notes

Usage Data

We automatically collect certain information when you use our services:

Device type and operating system
App version
Usage patterns and feature interactions
Error logs and crash reports

3. How We Use Your Information

We use the information we collect to:

Provide the passport service: Creating and maintaining your child's digital health passport
Improve our products: Understanding how families use our apps to make them better
Communicate with you: Sending important updates about your account, the service, or your child's health reminders
Ensure security: Protecting against fraud and unauthorised access
Comply with legal obligations: Meeting our regulatory and legal requirements

4. Legal Basis for Processing

Under UK GDPR, we process your data based on the following legal grounds:

Consent

For health data (special category data), we rely on your explicit consent. You can withdraw consent at any time by contacting us or using the in-app settings.

Contract Performance

Processing account information is necessary to provide you with the passport service as agreed in our Terms of Service.

Legitimate Interests

We process usage data based on our legitimate interest in improving our services and ensuring security, balanced against your rights and freedoms.

Legal Obligations

We may process data where required by law, such as responding to legal requests or maintaining records for regulatory compliance.

6. Data Security

We take the security of your data seriously and implement appropriate technical and organisational measures to protect it:

Encryption: All health data is encrypted at rest and in transit using industry-standard encryption (AES-256, TLS 1.3)
UK-based storage: All data is stored in secure UK-based data centres
Access controls: Strict role-based access controls limit who can access your data
Regular audits: We conduct regular security assessments and penetration testing
NHS compliance: We adhere to NHS Data Security and Protection Toolkit standards

7. Your Rights

Under UK GDPR, you have the following rights:

Right of access: Request a copy of the personal data we hold about you
Right to rectification: Request correction of inaccurate or incomplete data
Right to erasure: Request deletion of your data (subject to legal retention requirements)
Right to data portability: Request your data in a commonly used, machine-readable format
Right to restrict processing: Request limitation of how we use your data
Right to withdraw consent: Withdraw your consent at any time for consent-based processing
Right to lodge a complaint: Contact the Information Commissioner's Office (ICO) if you have concerns

To exercise any of these rights, please contact us at privacy@tinymedicalapps.com.

8. Children's Privacy

Our passports are designed for children with long-term conditions. We take additional steps to protect children's privacy:

Parental consent: We require parental or guardian consent to create a passport for a child under 16
Age-appropriate design: Our apps are designed following the ICO's Age-Appropriate Design Code
Minimal data collection: We only collect information necessary for the passport to function
No profiling: We do not use children's data for profiling or targeted advertising

9. Cookies

We use cookies and similar technologies to improve your experience on our website and apps. For detailed information about the cookies we use and how to manage them, please see our Cookie Policy.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any significant changes by:

Email notification to the address associated with your account
In-app notification when you next use the service
Updating the "Last updated" date at the top of this policy

We encourage you to review this policy periodically to stay informed about how we protect your information.

11. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

Data Protection Officer
TinyMedicalApps Ltd
Email: dpo@tinymedicalapps.com
Address: [PLACEHOLDER: Company address]

General Enquiries
Email: hello@tinymedicalapps.com

Information Commissioner's Office
If you are not satisfied with our response, you have the right to lodge a complaint with the ICO:
Website: ico.org.uk
Phone: 0303 123 1113

Privacy Policy

Quick Summary