Plain English summary: We store your email address and a record of when you used the service. We do not store your conversations. Your conversations are processed by Anthropic (the company behind Claude AI) in order to generate responses, but we do not keep a copy. We never sell your data. You can ask us to delete your information at any time.
1. Who we are
Alongside Health is a service provided by Reece Advisory Ltd, a company registered in England and Wales.
- Company registration: 14469017
- VAT number: 427790371
- Registered address: Lynton House, 7–12 Tavistock Square, London WC1H 9BQ
- ICO registration number: [INSERT AFTER REGISTRATION]
- Contact: hello@alongsidehealth.co.uk
Reece Advisory Ltd is the data controller for the purposes of UK data protection law.
2. What data we collect
When you purchase access
When you buy access to a companion through our website, Stripe (our payment processor) collects your email address and payment details. We receive your email address from Stripe so we can send you your access link.
When you use a companion
Each time you send a message to a companion, we record:
- That a message was sent (timestamp and count, linked to your access token)
- Which companion you used
- Your access token (a random code linked to your email)
We do not store the content of your conversations. Your conversation history is held in your browser only and is not written to our database.
Health data in conversations
When you use an Alongside Health companion, you may share information about your health, a diagnosis, symptoms, or treatment. This is special category data under UK GDPR and is given a higher level of legal protection.
This may include documents you choose to share, such as letters from your GP, hospital correspondence, or test results. These are processed in the same way as your messages and are not stored by us.
We process this data only because you have given us your explicit consent at the point of purchase. You can withdraw that consent at any time by contacting us, but this will mean you can no longer use the service.
Technical data
Netlify (our hosting provider) collects standard server logs including IP addresses. This is used for security and service reliability. We do not use this data to identify individuals.
3. How we use your data
| Purpose | Data used | Lawful basis |
|---|---|---|
| Send you your access link after purchase | Email address | Performance of contract |
| Generate AI responses to your messages | Your conversation messages (in transit to Anthropic) | Explicit consent (special category health data) |
| Apply rate limiting (30 messages per hour) | Message count and timestamps | Performance of contract |
| Prevent misuse and protect the service | Usage patterns, access token | Legitimate interests |
| Comply with accounting and tax law | Transaction records from Stripe | Legal obligation |
We do not use your data for advertising. We do not sell your data. We do not share your data with any party except those listed in section 4.
4. Who processes your data on our behalf
We use the following third-party services. Each acts as a data processor, meaning they process data only on our instructions.
Anthropic (Claude AI)
When you send a message to a companion, that message is transmitted to Anthropic's API to generate a response. Anthropic is the company behind Claude, the AI model that powers our companions. Anthropic is based in the United States. We rely on Standard Contractual Clauses (SCCs) for this international transfer. You can read Anthropic's privacy policy at anthropic.com/legal/privacy.
Supabase
We use Supabase to store your access token, email address, and usage data (message counts and timestamps). Supabase is based in the United States. We rely on Standard Contractual Clauses for this international transfer.
Stripe
Stripe processes your payment and sends us your email address once purchase is complete. Stripe handles all payment card data directly — we never see your card details. Stripe is based in the United States. Data transfers are covered by Stripe's own compliance framework and SCCs. You can read Stripe's privacy policy at stripe.com/gb/privacy.
Netlify
Netlify hosts this website and the companion chat pages. Netlify processes standard web server logs including IP addresses. Netlify is based in the United States. Data transfers are covered by SCCs.
5. International data transfers
All third-party processors listed above are based in the United States. The UK does not have an adequacy decision in place for the US. We ensure that appropriate safeguards are in place for each transfer, specifically the use of Standard Contractual Clauses approved under UK GDPR.
6. How long we keep your data
| Data | Retention period |
|---|---|
| Conversation content | Not stored by us. Held in your browser only, for the duration of your session. |
| Email address and access token | Duration of your access period, plus 30 days after expiry |
| Usage data (message counts, timestamps) | Duration of your access period, plus 30 days after expiry |
| Payment and transaction records | 7 years, as required by UK accounting law |
7. Your rights
Under UK data protection law, you have the following rights:
- Right of access — you can ask us what data we hold about you
- Right to rectification — you can ask us to correct inaccurate data
- Right to erasure — you can ask us to delete your data (subject to legal retention requirements)
- Right to restriction — you can ask us to limit how we use your data in certain circumstances
- Right to data portability — you can ask for a copy of your data in a portable format
- Right to object — you can object to processing based on legitimate interests
- Right to withdraw consent — where we rely on consent, you can withdraw it at any time. This will not affect the lawfulness of any processing carried out before withdrawal.
To exercise any of these rights, please email hello@alongsidehealth.co.uk. We will respond within one calendar month.
Right to complain
If you are unhappy with how we have handled your data, you have the right to complain to the Information Commissioner's Office (ICO):
- Website: ico.org.uk
- Phone: 0303 123 1113
We would appreciate the chance to address any concerns before you contact the ICO, so please do get in touch with us first.
8. Security
We take reasonable steps to protect your data, including encrypted transmission (HTTPS), access controls on our database, and using established third-party infrastructure (Netlify, Supabase) with their own security programmes.
No internet service is completely secure. If you have concerns about a specific security matter, please contact us.
9. Changes to this policy
We may update this policy from time to time, for example if the law changes or we add new features. The date at the top of this page will always reflect the most recent version. If we make material changes that affect how we use your health data, we will notify you by email.
10. Contact us
For any questions about this policy or to exercise your data rights:
- Email: hello@alongsidehealth.co.uk
- Post: Reece Advisory Ltd, Lynton House, 7–12 Tavistock Square, London WC1H 9BQ