Your Consent

What this means: You've given us clear permission to use your information.

We use consent for:

• Collecting and analyzing your health data
• Voice recording and voice biomarker analysis
• Sharing information with your chosen contacts
• Marketing communications (if you opt in)

You can withdraw your consent at any time through your account settings or by contacting us.

Contract Performance

What this means: We need your information to provide the service you've signed up for.

We use this basis for:

• Creating and managing your account
• Delivering the core AiNGEL services
• Processing payments (when we introduce paid services)
• Providing customer support

Legitimate Interests

What this means: We have a genuine business need to use your information, and this doesn't override your rights.

We use this basis for:

• Improving and developing our services
• Detecting and preventing fraud or misuse
• Network and information security
• Internal research and analytics
• Understanding service performance

We always balance our interests against your rights and only use this basis when it's fair and reasonable.

Vital Interests (Health Emergencies)

What this means: We may need to use your information to protect your life or someone else's.

We use this basis for:

• Detecting potential medical emergencies
• Contacting emergency services on your behalf
• Alerting your emergency contacts

This only applies in genuine emergency situations where we believe there's a risk to health or life.

Legal Obligation

What this means: We're required by law to use your information.

We use this basis for:

• Complying with legal requests from authorities
• Meeting regulatory requirements
• Responding to court orders

Providing the AiNGEL Service

• Creating and managing your account
• Enabling voice interactions with AiLycia
• Providing medication reminders
• Offering health tips and guidance
• Facilitating communication with your care circle (if you choose)
• Managing appointments and schedules
• Responding to your questions and requests

Personalization (With Your Consent)

• Tailoring health recommendations to your specific needs
• Adjusting AiLycia's responses based on your preferences
• Remembering your routines and patterns
• Suggesting relevant content and features
• Adapting to your communication style

Health Monitoring (With Your Consent)

• Tracking health metrics you choose to share
• Analyzing voice patterns for health indicators
• Identifying potential health concerns
• Monitoring changes in wellbeing over time
• Providing proactive health alerts
• Creating health summaries and reports

Important: We never diagnose conditions or prescribe treatments. We provide information to support conversations with your healthcare professionals.

Emergency Response

• Detecting potential emergencies (falls, distress, unusual patterns)
• Contacting your designated emergency contacts
• Alerting emergency services if necessary and authorized
• Providing relevant medical information to first responders (only essential information)

Service Improvement and Development

• Improving AI accuracy and responses
• Developing new features and services
• Fixing bugs and technical issues
• Training our AI models (using anonymized data)
• Conducting research to improve health support
• Testing new technologies

Communication

• Sending important service updates
• Responding to your questions and support requests
• Providing health and safety notifications
• Sending technical updates about the service
• Marketing communications (only if you've opted in)

You can opt out of marketing emails at any time by clicking "unsubscribe" or through your account settings.

Security and Legal Compliance

• Protecting against fraud and misuse
• Ensuring platform security
• Complying with legal obligations
• Responding to legal requests
• Protecting our legal rights

With Your Explicit Consent

We may share information with people and organizations you specifically authorize:

• Your chosen care circle: Family members, carers, or friends you designate
• Healthcare professionals: Your GP, specialists, or other medical professionals (only what you authorize)
• Care providers: Home care agencies or facilities (only what you authorize)

You control exactly what information is shared and with whom. You can change or revoke these permissions at any time.

Emergency Services

If we detect a potential emergency or you request emergency help:

• We may contact emergency services (999/111)
• We'll alert your designated emergency contacts
• We'll share only essential medical information needed for your care
• This includes critical health data, medications, and allergies

This happens only in genuine emergencies to protect your health and safety.

Service Providers (With Strict Safeguards)

We work with carefully selected companies that help us provide AìNGEL:

• Cloud hosting providers (to store data securely)
• AI and voice analysis technology providers
• Communication service providers (email, SMS)
• Payment processors (when we introduce paid services)
• Technical support and maintenance providers

Important safeguards:

• All service providers sign data processing agreements
• They can only use data for the specific purposes we authorize
• They must maintain the same security standards we use
• They cannot use your data for their own purposes
• We regularly audit their security and compliance

Legal Requirements

We may share information if required by law or to protect rights:

• To comply with legal obligations or court orders
• To respond to valid requests from law enforcement or regulators
• To protect against fraud or security threats
• To protect our legal rights or those of others
• To prevent harm to you or others

We'll notify you if legally permitted, and we'll only share the minimum necessary information.

Business Transfers

If AìNGEL is involved in a merger, acquisition, or sale:

• We'll notify you before your information is transferred
• The new owner must honor this privacy policy
• You'll have the option to delete your data before transfer

Anonymized Data for Research

We may use anonymized, aggregated data for research purposes:

• All personal identifiers are permanently removed
• The data cannot be traced back to you
• Used to improve health outcomes and AI technologies
• May be shared with research institutions or published

This anonymized data helps improve care for everyone but cannot identify you personally.

While You're Using AiNGEL

We keep your account and health information for as long as your account is active, so we can continue to provide personalized service.

After Account Closure

• Health data: Deleted within 30 days unless you request otherwise
• Voice recordings: Deleted within 90 days
• Account information: Retained for 12 months for legal/accounting purposes, then deleted
• Anonymized data: May be retained indefinitely for research (cannot identify you)

Legal Requirements

We may need to keep certain information longer if:

• Required by UK law (e.g., tax records for 6 years)
• Necessary for legal claims or disputes
• Needed for regulatory compliance

Your Control

You can request deletion of your data at any time by:

• Using the delete account option in your settings
• Emailing us at ark@aingel.life
• Calling us on +44 (0) 7443 719 521

We'll confirm deletion within 30 days, except for data we're legally required to keep.

Encryption

• In transit: All data sent between your device and our servers is encrypted using industry-standard TLS/SSL
• At rest: Data stored on our servers is encrypted using AES-256 encryption
• Voice data: Encrypted immediately upon recording
• Backups: All backups are encrypted and stored securely

Access Controls

• Multi-factor authentication for all staff accessing systems
• Strict role-based access - staff can only access what they need for their job
• Regular access reviews and audits
• Immediate access revocation when staff leave
• Logged and monitored access to sensitive data

Technical Security

• Firewalls and intrusion detection systems
• Regular security patches and updates
• Secure development practices
• Vulnerability scanning and penetration testing
• DDoS protection
• 24/7 security monitoring

Staff Training and Policies

• Mandatory data protection training for all staff
• Confidentiality agreements
• Clear security policies and procedures
• Regular security awareness training
• Incident response procedures

Regular Audits

• Annual independent security audits
• Regular penetration testing
• ISO 27001 compliance processes (certification in progress)
• NHS Data Security and Protection Toolkit compliance (where applicable)

Right to Access (Subject Access Request)

What this means: You can ask us for a copy of your personal data.

What you'll get:

• Confirmation that we hold your data
• A copy of your personal information
• Details about how we use it
• Who we share it with
• How long we'll keep it

Timeline: We'll respond within one month, free of charge.

Right to Rectification

What this means: You can ask us to correct inaccurate or incomplete information.

Examples:

• Updating your address or phone number
• Correcting health information
• Adding missing information

How: Update in your account settings or contact us directly.

Right to Erasure ("Right to be Forgotten")

What this means: You can ask us to delete your personal data in certain circumstances.

You can ask for deletion if:

• The data is no longer needed for the original purpose
• You withdraw consent (where consent was the legal basis)
• You object to processing and there's no overriding reason to keep it
• The data was processed unlawfully
• It must be deleted to comply with a legal obligation

Limitations: We may need to keep some data for legal obligations or to establish legal claims.

Right to Restrict Processing

What this means: You can ask us to limit how we use your data in certain situations.

You can restrict processing when:

• You're challenging the accuracy of the data
• The processing is unlawful but you don't want deletion
• We no longer need the data but you need it for a legal claim
• You've objected to processing pending verification

What happens: We'll store the data but not use it (except with your consent or for legal claims).

Right to Data Portability

What this means: You can get your data in a commonly used, machine-readable format and transfer it to another service.

This applies to:

• Data you've provided to us
• Data processed based on consent or contract
• Data processed by automated means

Format: We'll provide data in CSV, JSON, or another standard format.

Right to Object

What this means: You can object to certain types of processing.

You can object to:

• Processing based on legitimate interests
• Direct marketing (we'll stop immediately)
• Processing for research purposes (unless there's a compelling reason)

What happens: We'll stop processing unless we can show compelling legitimate grounds that override your interests.

Right to Withdraw Consent

What this means: If we're processing your data based on consent, you can withdraw it at any time.

Important points:

• Withdrawal doesn't affect processing done before withdrawal
• Must be as easy to withdraw as to give consent
• You can withdraw consent for specific purposes while keeping others active
• Some services may not work properly without certain consents

How: Through account settings or by contacting us.

Rights Related to Automated Decision-Making

What this means: You have rights regarding decisions made solely by AI without human involvement.

At AiNGEL:

• We use AI to support decisions, not make them automatically
• Important decisions (like health concerns) involve human review
• You can request human review of AI-influenced decisions
• You can challenge decisions you believe are unfair