top of page
Abstract Background

Privacy Policy

Introduction

 

GENERALPRACTICE.AI respects the privacy of its customers, suppliers, partners, and end‑users. We are committed to transparency about how we process personal data, for what purposes, and how you can exercise your legal rights. (Employees have a separate privacy policy available upon employment and on request.)

This policy covers processing by GENERALPRACTICE.AI other than cookies. For information about cookies, please see our Cookie Policy on our websites (www.generalpractice.ai).

​

Scope — Apps covered by this policy

​

This policy applies to:

​

  • GeneralPractice.AI (Clinician App) – software used by clinicians and practice staff.

  • My Lifestyle Hub (Patient App) – a consumer-facing mobile/web application used by patients to engage with plans shared by their healthcare providers.

​

Depending on your practice’s configuration and the specific feature used, GENERALPRACTICE.AI may act as a data controller (e.g., for account and service administration) and/or as a data processor on behalf of your healthcare provider (the controller) for patient-related data processed through My Lifestyle Hub. Where we act as a processor, we only process personal data on the documented instructions of the controller and under an appropriate data processing agreement.

​

Definitions

Controller: GENERALPRACTICE.AI; registered address: 26 South Drive, Dundee, United Kingdom, DD2 5SJ; company registration number SC836646. Data Protection Officer (DPO): Angus Perry – info@generalpractice.ai.

Data Protection Authority: The Information Commissioner’s Office (ICO) in the United Kingdom, and, where applicable, the competent authority in your jurisdiction.

Data protection laws:

  • For EU/EEA residents: EU GDPR (2016/679), ePrivacy Directive (2002/58/EC).

  • For UK residents: UK GDPR and UK Data Protection Act 2018.

  • For Australian residents: Privacy Act 1988 (Cth).

​

Personal data: Any information relating to an identified or identifiable natural person.

 

Categories of personal data we process:
​

A. GeneralPractice.AI (Clinician App)

We collect and process the following personal data:

  • Providing information and following up on marketing/sales enquiries: names, email addresses, and practice names. Source: directly from interested individuals (clinicians or administrative staff). Legal basis: consent (website forms).

  • Functioning of the software and account management: practice name and address, contact details of key users, user email addresses and job titles. Source: from the practice and its staff. Legal basis: legitimate interests and/or contract.

  • Subscription management: practice details and contact information of key contacts. Source: practice representatives. Legal basis: legitimate interests and/or contract.

  • Billing: customer names and email addresses. Source: practice representatives handling transactions. Legal basis: legitimate interests and/or contract.

​

B. My Lifestyle Hub (Patient App)

We collect and process the following personal data:

  • Account creation and sign‑in: name and email address, plus OAuth authentication data (token/ID from Apple/Google). We do not receive your password. Source: you and your OAuth provider. Legal basis: contract (to provide the service) and consent (for OAuth).

  • Personalisation and app functionality: symptom entries, lifestyle check‑ins, goals, chronic condition information you choose to add; plan content shared by your healthcare provider; optional calendar access (if you grant permission) to create reminders for check‑ins or appointments. Source: you and, where applicable, your healthcare provider. Legal basis: explicit consent for health data and contract for the requested features.

  • Device and technical data: device identifier may be accessed transiently but is not stored or processed beyond security/diagnostic use; app version, crash logs, and basic analytics. Source: your device. Legal basis: legitimate interests (service security and quality).

  • Support and account management: contact details and support requests. Source: you. Legal basis: legitimate interests and/or contract.

​

Special category data (health): My Lifestyle Hub processes health information only when you choose to provide it or when your healthcare provider shares a plan with you through the app. We process such data under your explicit consent and/or, where applicable, for the provision of health or social care services under a professional duty of confidentiality (GDPR Art. 9(2)(h)). You can withdraw consent at any time in‑app (see Your rights below), but this will not affect processing that has already occurred.

​

What we do not collect: We do not collect or process payment card details within My Lifestyle Hub. We do not sell your personal data or use it for third‑party advertising.

​

Purposes of processing

GENERALPRACTICE.AI processes personal data for the following purposes:

  • Provide and operate the apps (account creation, authentication via OAuth, plan delivery, check‑ins, reminders, calendar integrations when enabled).

  • Personalise your experience (tailored content, goals, and progress dashboards in My Lifestyle Hub).

  • Service administration (user management, subscription and billing for practices, security, troubleshooting, analytics to improve performance).

  • Communications (responding to enquiries, product updates where permitted, service messages).

  • Legal/compliance (record keeping, responding to lawful requests, enforcing terms, protecting rights and safety).

​

How we collect data:

  • Through our websites (enquiry forms on generalpractice.ai).

  • Through online sign‑up or onboarding with our team and/or our Australian counterpart.

  • Through the GeneralPractice.AI clinician app (practice account setup and user administration).

  • Through My Lifestyle Hub when you create an account, connect via OAuth, complete check‑ins, add symptoms/health information, or grant calendar permission.

  • Via third‑party tools for customer relationship management and accounting (e.g., Xero), and hosting (e.g., Glide on Google Cloud).

​
Data sharing and international transfers

We may share personal data with:

  • Your healthcare provider (for My Lifestyle Hub features where plans, progress, or messages need to be shared back to the practice) in accordance with the controller–processor roles described above.

  • Service providers acting on our behalf (e.g., cloud hosting, email, analytics, customer support, accounting). We require these providers to protect your data and process it only under our instructions.

Data may be transferred outside the UK/EEA. Where this occurs, we rely on Adequacy Decisions, the US‑UK Data Bridge, and/or Standard Contractual Clauses with supplementary measures (such as encryption and minimisation) to ensure an equivalent level of protection.

​

Storage and security

  • Data is hosted on platforms that comply with relevant data protection regulations. In particular, Glide (on Google Cloud) for application data, Xero (AWS) for billing, and Wix for the website. Some servers are located in the United States.

  • We apply organisational and technical security measures, including role‑based access controls, confidentiality agreements, staff training, anti‑virus and firewalls, encryption in transit, and regular patching. Data centres are secured with 24/7 monitoring and restricted physical access.

  • We conduct vulnerability scanning of our website and work with appropriately credentialed external auditors to assess our security and privacy controls.

 

Calendar access (My Lifestyle Hub)

Calendar permission is optional. If you enable it, the app can create reminders or display relevant entries to support adherence to your plan. We do not read your calendar contents beyond what is necessary to provide the requested functionality. You can revoke this permission at any time in your device settings.

 

Marketing

You may receive communications from GENERALPRACTICE.AI about our services. You can opt out at any time by emailing info@generalpractice.ai with subject line “Data Opt‑Out” or by using any unsubscribe mechanism provided.

​

Data retention

We retain personal data only as long as necessary for the purposes described above and to comply with legal obligations. When determining retention, we consider the minimum period required. My Lifestyle Hub users can delete their data at any time in‑app: go to Profile → Delete my profile and data. This triggers account closure and the deletion of associated personal data from our active systems within a reasonable period, subject to limited backups and logs retained for security, fraud prevention, and legal compliance.

 

Your rights

EEA/UK data subjects

You have the right to request access, rectification, erasure, restriction, portability, and to object to processing. You also have the right not to be subject to a decision based solely on automated processing, including profiling, if it produces legal or similarly significant effects. To exercise your rights, contact info@generalpractice.ai with subject line “Data Request”. We may request proof of identity where necessary. We will respond within one month (extendable by two months for complex requests).

 

Australia

We collect and process personal information under the Privacy Act 1988. You may request access to or correction of your personal information by contacting info@generalpractice.ai. If you believe we are mishandling your information, you can lodge a complaint with the Office of the Australian Information Commissioner (OAIC).

 

Children’s data

My Lifestyle Hub and GeneralPractice.AI are intended for use by adults. We do not knowingly process children’s data unless expressly arranged with, and under the responsibility of, a healthcare provider and/or a parent/guardian as permitted by law. If you believe a child has used our services without appropriate consent, please contact our DPO at info@generalpractice.ai so we can take prompt action.

 

Applicable law and jurisdiction

These conditions are governed by the laws of the United Kingdom where we are headquartered. Courts in our district have exclusive jurisdiction, unless a legal exception applies.

 

Contact

Data Protection Officer: Angus PerryEmail: info@generalpractice.aiAddress: 26 South Drive, Dundee, United Kingdom, DD2 5SJ

bottom of page