Research prototype — not for clinical use. Always call 999 in an emergency.
Need help?
← Home

Privacy notice

What ChatGP collects, why, and how to delete it.

Last updated: 2026-05-04

Summary

ChatGP is a research-prototype virtual-GP service. We hold the minimum personal data needed to give you a useful symptom assessment and to keep your account secure. Your data is stored in the UK and is not sold or shared with advertisers.

Who is the data controller

ChatGP is operated as a research prototype. The data controller for the purposes of UK GDPR is the operator of this deployment. For privacy queries, use the Help page.

What data we hold

Account: full name, email address, phone number, date of birth, optional NHS number, optional GP details. Family members: each name, date of birth, relationship to you, optional NHS number, conditions, allergies and avatar photo. Health activity: AI consultations (transcripts and recommendations), temperature readings, medication doses, consent events. Authentication: hashed passwords, session tokens, IP address and user-agent of each session.

Why we hold it

To deliver the consultation, to remember a 14-day login session, to compute the 8-hour next-dose timer, to spot fever escalation, and to provide the family dashboard. We rely on Article 6(1)(b) UK GDPR (contract) and Article 9(2)(h) (provision of healthcare).

Who we share it with

Symptom narratives are sent to the Healthify diagnosis service for triage; the request is authenticated and is processed in our own UK Azure tenancy. Voice consultations are streamed to ElevenLabs (US) for speech-to-text and text-to-speech; ElevenLabs is not given persistent storage of your conversation. Avatars are stored in Azure Blob Storage (UK South). We do not share data with advertisers.

How long we keep it

Account and consultation data are kept while your account is active and for up to 24 months after deletion to satisfy clinical-record-keeping obligations. Sessions expire after 14 days. Temperature and dose readings older than 36 months are deleted automatically.

Your rights

You can ask for a copy of your data, ask us to correct or delete it, withdraw any consent, or complain to the Information Commissioner's Office (ico.org.uk). Use the Help page to start any of those.

Security

Passwords are stored as Argon2id hashes. All data flows over TLS. Database, file and message storage are encrypted at rest. Avatar uploads use short-lived signed URLs.

Changes to this notice

We will update this page if our processing changes. The 'Last updated' date at the top will reflect the most recent revision.