Privacy Policy

Last updated: 17 March 2026

1. Who We Are

Torr Health (“we”, “us”, “our”) is operated by Torr Health, a company registered in England and Wales. Our registered address is available upon request by contacting us at meddicle@gmail.com.

We are the data controller for the personal data we process through the Torr Health platform at torrhealth.ai.

2. What Data We Collect

We may collect and process the following personal data:

• Account information: name, email address, professional role, and NHS trust affiliation when you create an account.
• Usage data: anonymised analytics about how you use the platform, including pages visited and features used.
• Contact form data: name, email address, and message content when you contact us.
• Technical data: IP address, browser type, device information, and cookies necessary for the platform to function.

We do not collect any patient data, personally identifiable patient information (PII), or protected health information (PHI). Clinical questions submitted to Torr Health are processed to generate answers but are not linked to any patient record.

3. Legal Basis for Processing

Under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, we process your data on the following bases:

• Consent: where you have given us clear consent to process your data for a specific purpose (e.g. marketing emails).
• Contract: where processing is necessary for the performance of a contract with you (e.g. providing the Torr Health service).
• Legitimate interests: where processing is necessary for our legitimate interests, provided these are not overridden by your rights (e.g. improving our service, preventing fraud).

4. How We Use Your Data

We use your personal data to:

• Provide, maintain, and improve the Torr Health platform.
• Create and manage your account.
• Respond to your enquiries and provide support.
• Send you service-related communications.
• Send marketing communications where you have opted in.
• Analyse usage patterns to improve the platform (using anonymised data).
• Comply with legal obligations.

5. Data Sharing

We do not sell your personal data. We may share data with:

• Service providers: trusted third parties who help us operate the platform (e.g. hosting, analytics). These parties are bound by data processing agreements.
• Legal requirements: where we are required to do so by law or regulation, or to protect our legal rights.

6. Data Storage and Security

Your data is stored securely using industry-standard encryption and access controls. We use Supabase for data storage, which provides enterprise-grade security with data encrypted at rest and in transit.

Where data is transferred outside the UK, we ensure appropriate safeguards are in place in accordance with UK GDPR requirements, including Standard Contractual Clauses or adequacy decisions.

7. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected. Account data is retained for the duration of your account and for a reasonable period afterwards. Contact form submissions are retained for up to 12 months.

8. Your Rights

Under UK GDPR, you have the following rights:

• Right of access: request a copy of the personal data we hold about you.
• Right to rectification: request correction of inaccurate data.
• Right to erasure: request deletion of your data (“right to be forgotten”).
• Right to restrict processing: request that we limit how we use your data.
• Right to data portability: request your data in a machine-readable format.
• Right to object: object to processing based on legitimate interests or for marketing purposes.
• Right to withdraw consent: where processing is based on consent, you may withdraw it at any time.

To exercise any of these rights, please contact us at meddicle@gmail.com. We will respond within one month.

9. Cookies

We use strictly necessary cookies to enable the platform to function correctly (e.g. authentication, session management). We do not use advertising or tracking cookies. For more details, see our cookie preferences when you first visit the site.

10. Children

Torr Health is designed for healthcare professionals. We do not knowingly collect data from individuals under 18 years of age.

11. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of significant changes by posting a notice on the platform or sending an email.

12. Complaints

If you have concerns about how we handle your data, please contact us at meddicle@gmail.com. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

13. Contact

For any questions about this privacy policy or your data, contact us at:

Torr Health
Email: meddicle@gmail.com