How We Handle Your Information
Effective Date: 16 April 2026
Welcome to Know My Patient ("we", "our", "us"). We are committed to protecting and respecting your privacy in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit:
https://knowmypatient.info/
This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit:
https://knowmypatient.info/
Know My Patient
London
United Kingdom
Email: support@knowmypatient.info
London
United Kingdom
Email: support@knowmypatient.info
3.1 Personal Data
We may collect and process the following:
- Full name
- Email address
- Phone number
- NHS email (if used for verification)
- Account login credentials
- User role (e.g., clinician, admin, family member)
3.2 Patient-Related Data
Where applicable, users may input:
- Patient identifiers (non-sensitive where possible)
- Care plans and notes
- Medical preferences and accessibility needs
Important: Users are responsible for ensuring they have lawful authority to input and manage patient data.
3.3 Technical Data
Automatically collected:
- IP address
- Browser type and version
- Device information
- Usage data (pages visited, session duration)
We may collect and process the following:
- Full name
- Email address
- Phone number
- NHS email (if used for verification)
- Account login credentials
- User role (e.g., clinician, admin, family member)
3.2 Patient-Related Data
Where applicable, users may input:
- Patient identifiers (non-sensitive where possible)
- Care plans and notes
- Medical preferences and accessibility needs
Important: Users are responsible for ensuring they have lawful authority to input and manage patient data.
3.3 Technical Data
Automatically collected:
- IP address
- Browser type and version
- Device information
- Usage data (pages visited, session duration)
We use your data to:
- Provide and maintain our service
- Manage user accounts and authentication
- Enable secure access to patient profiles
- Improve platform performance and user experience
- Comply with legal and regulatory obligations
- Communicate important service updates
- Provide and maintain our service
- Manage user accounts and authentication
- Enable secure access to patient profiles
- Improve platform performance and user experience
- Comply with legal and regulatory obligations
- Communicate important service updates
Under UK GDPR, we rely on:
- Consent - where you have given clear permission
- Contract - to provide services you request
- Legal obligation - compliance with healthcare and data laws
- Legitimate interests - improving and securing our platform
- Consent - where you have given clear permission
- Contract - to provide services you request
- Legal obligation - compliance with healthcare and data laws
- Legitimate interests - improving and securing our platform
We do not sell your data.
We may share data with:
- Trusted service providers (hosting, email services)
- Healthcare organisations where authorised
- Legal or regulatory authorities if required
All third parties are required to respect the security of your data.
We may share data with:
- Trusted service providers (hosting, email services)
- Healthcare organisations where authorised
- Legal or regulatory authorities if required
All third parties are required to respect the security of your data.
We implement enterprise-grade safeguards, including:
- Encrypted data transmission (HTTPS/SSL)
- Secure authentication (including MFA where enabled)
- Role-based access controls
- Regular security monitoring
Despite best efforts, no system is 100% secure.
- Encrypted data transmission (HTTPS/SSL)
- Secure authentication (including MFA where enabled)
- Role-based access controls
- Regular security monitoring
Despite best efforts, no system is 100% secure.
We retain personal data only as long as necessary to:
- Fulfil the purposes outlined in this policy
- Comply with legal obligations
You may request deletion of your data at any time (see Section 10).
- Fulfil the purposes outlined in this policy
- Comply with legal obligations
You may request deletion of your data at any time (see Section 10).
We use cookies to:
- Maintain sessions
- Improve functionality
- Analyse usage (e.g., analytics tools)
You can manage cookie preferences via your browser or our cookie banner.
- Maintain sessions
- Improve functionality
- Analyse usage (e.g., analytics tools)
You can manage cookie preferences via your browser or our cookie banner.
Under UK GDPR, you have the right to:
- Access your personal data
- Correct inaccurate data
- Request deletion ("right to be forgotten")
- Restrict or object to processing
- Data portability
- Withdraw consent at any time
To exercise your rights, email: support@knowmypatient.info
- Access your personal data
- Correct inaccurate data
- Request deletion ("right to be forgotten")
- Restrict or object to processing
- Data portability
- Withdraw consent at any time
To exercise your rights, email: support@knowmypatient.info
Our services are not intended for individuals under 18 without appropriate supervision and legal authority.
Our website may contain links to external sites. We are not responsible for their privacy practices.
We may update this Privacy Policy periodically. Changes will be posted on this page with an updated effective date.
If you are not satisfied, you can contact the Information Commissioner's Office (ICO):
Website: https://ico.org.uk
Helpline: 0303 123 1113
Website: https://ico.org.uk
Helpline: 0303 123 1113
If you have any questions:
Know My Patient
London
United Kingdom
support@knowmypatient.info
Know My Patient
London
United Kingdom
support@knowmypatient.info
Due to the nature of the Know My Patient platform, we may process special category data as defined under Article 9 of the UK GDPR, including:
- Health information
- Care plans and clinical notes
- Accessibility needs and support requirements
- Patient-specific preferences impacting care delivery
Lawful Basis for Processing
We process this data under:
- Article 9(2)(h) - Provision of health or social care
- Article 9(2)(a) - Explicit consent (where applicable)
- Article 6(1)(e) - Public interest (where used within healthcare services)
User Responsibility (Critical Clause)
Users (e.g., clinicians, organisations) are responsible for:
- Ensuring they have lawful authority to upload patient data
- Obtaining explicit consent where required
- Ensuring data is accurate, relevant, and limited to necessity
Data Minimisation Strategy
We actively encourage:
- Use of non-identifiable data where possible
- Avoidance of unnecessary clinical detail
- Structured, role-based access to sensitive fields
- Health information
- Care plans and clinical notes
- Accessibility needs and support requirements
- Patient-specific preferences impacting care delivery
Lawful Basis for Processing
We process this data under:
- Article 9(2)(h) - Provision of health or social care
- Article 9(2)(a) - Explicit consent (where applicable)
- Article 6(1)(e) - Public interest (where used within healthcare services)
User Responsibility (Critical Clause)
Users (e.g., clinicians, organisations) are responsible for:
- Ensuring they have lawful authority to upload patient data
- Obtaining explicit consent where required
- Ensuring data is accurate, relevant, and limited to necessity
Data Minimisation Strategy
We actively encourage:
- Use of non-identifiable data where possible
- Avoidance of unnecessary clinical detail
- Structured, role-based access to sensitive fields
Where organisations (e.g., NHS Trusts, care providers, agencies) use our platform:
Roles Defined
- Organisation (Client) = Data Controller
- Know My Patient = Data Processor
Processor Commitments
We:
- Process data only on documented instructions from the Controller
- Ensure all personnel are bound by confidentiality obligations
- Implement appropriate technical and organisational measures (TOMs)
- Assist Controllers with:
Data subject requests
Breach notifications
DPIAs (Data Protection Impact Assessments)
Sub-Processors
We may engage vetted third-party providers (e.g., hosting, email services). All sub-processors:
- Are GDPR-compliant
- Are bound by written agreements
- Meet equivalent security standards
Data Breach Protocol
In the event of a breach:
- We will notify the Controller without undue delay
- Provide details of:
Nature of breach
Affected data
Mitigation actions
Data Return or Deletion
Upon termination of services:
- Data will be securely deleted or returned, as instructed
- Retention will only occur where legally required
Roles Defined
- Organisation (Client) = Data Controller
- Know My Patient = Data Processor
Processor Commitments
We:
- Process data only on documented instructions from the Controller
- Ensure all personnel are bound by confidentiality obligations
- Implement appropriate technical and organisational measures (TOMs)
- Assist Controllers with:
Data subject requests
Breach notifications
DPIAs (Data Protection Impact Assessments)
Sub-Processors
We may engage vetted third-party providers (e.g., hosting, email services). All sub-processors:
- Are GDPR-compliant
- Are bound by written agreements
- Meet equivalent security standards
Data Breach Protocol
In the event of a breach:
- We will notify the Controller without undue delay
- Provide details of:
Nature of breach
Affected data
Mitigation actions
Data Return or Deletion
Upon termination of services:
- Data will be securely deleted or returned, as instructed
- Retention will only occur where legally required
To ensure accountability, transparency, and clinical safety, Know My Patient implements comprehensive audit controls.
What We Log
We maintain secure logs of:
- User logins and authentication activity
- Access to patient profiles
- Data creation, edits, and deletions
- Role and permission changes
- Failed access attempts
Purpose of Logging
Audit logs are used to:
- Detect unauthorised access
- Support safeguarding investigations
- Maintain clinical accountability
- Meet legal and regulatory obligations
Access to Audit Data
- Logs are restricted to authorised personnel only
- Organisations may request access to logs relating to their users
- Logs may be disclosed to regulators or law enforcement where required
Retention of Logs
- Logs are retained for a defined security period (typically 6-12 months, or longer if required legally)
- Archived securely with restricted access
What We Log
We maintain secure logs of:
- User logins and authentication activity
- Access to patient profiles
- Data creation, edits, and deletions
- Role and permission changes
- Failed access attempts
Purpose of Logging
Audit logs are used to:
- Detect unauthorised access
- Support safeguarding investigations
- Maintain clinical accountability
- Meet legal and regulatory obligations
Access to Audit Data
- Logs are restricted to authorised personnel only
- Organisations may request access to logs relating to their users
- Logs may be disclosed to regulators or law enforcement where required
Retention of Logs
- Logs are retained for a defined security period (typically 6-12 months, or longer if required legally)
- Archived securely with restricted access
To reinforce trust and compliance, we operate:
- Role-Based Access Control (RBAC) - Users only see what they need
- Multi-Factor Authentication (MFA) - For elevated access roles
- Session Management Controls - Automatic timeouts and re-authentication
- Encryption at Rest and in Transit
- Continuous Monitoring and Threat Detection
- Role-Based Access Control (RBAC) - Users only see what they need
- Multi-Factor Authentication (MFA) - For elevated access roles
- Session Management Controls - Automatic timeouts and re-authentication
- Encryption at Rest and in Transit
- Continuous Monitoring and Threat Detection
Last updated: 24 March 2026.
- Strictly necessary cookies are always enabled for security, authentication, and core site operation.
- Analytics cookies (including Google Analytics and Hotjar) are disabled by default and only run if you opt in.
- You can withdraw or update consent at any time using Cookie Settings; rejecting non-essential cookies removes known analytics cookies on this device.