ExieCare

Privacy Policy

Last updated: 1 May 2026

1. Who we are

ExieCare is a UK-based digital health companion service. We are the data controller for the personal data you provide when using ExieCare. You can contact us at hello@exiecare.co.uk with any privacy-related questions.

2. What data we collect

We collect the following categories of data:

  • ·Account data: your name, email address, and the date and version of terms you accepted.
  • ·Health documents: the letters, test results, and other healthcare documents you choose to upload.
  • ·Usage data: appointment records, AI chat messages, and document summaries you generate.
  • ·Billing data: payment information processed securely by Stripe. We never store card details.
  • ·Technical data: logs, error reports, and anonymised usage analytics to improve the service.

3. How we use your data

We use your data to provide and improve ExieCare, including to generate AI-powered explanations of your documents, manage your appointments and reminders, process payments, and comply with legal obligations. We do not use your data for advertising. We do not sell your data to third parties.

4. AI processing

When you upload a document, the text is extracted and sent to OpenAI's API to generate a plain-English summary. We use OpenAI's API with settings that prevent your data from being used to train AI models. Your documents are never used to improve OpenAI's products. You can read OpenAI's data privacy commitments at openai.com/privacy.

5. Where your data is stored

Your data is stored in AWS data centres located in the United Kingdom (eu-west-2, London region). All data is encrypted at rest using AES-256 and in transit using TLS 1.2 or higher. Access to your data is strictly limited and audited.

6. How long we keep your data

We keep your data for as long as your account is active. If you delete your account, all your documents, appointments, and personal data are permanently deleted within 30 days. Encrypted backups are purged within 90 days. We retain anonymised, aggregated usage statistics indefinitely.

7. Your rights

Under UK GDPR, you have the right to access, correct, or delete your personal data. You also have the right to restrict or object to processing, and to data portability. To exercise any of these rights, contact us at hello@exiecare.co.uk. We will respond within 30 days.

8. Cookies

ExieCare uses essential cookies only — specifically, session tokens required for authentication. We do not use advertising, tracking, or analytics cookies. You cannot opt out of essential cookies without losing the ability to sign in.

9. Third-party services

We use the following third-party services to operate ExieCare:

  • ·AWS — cloud infrastructure, storage, and authentication (UK data centres).
  • ·OpenAI — AI document explanation (no training on your data).
  • ·Stripe — payment processing (PCI DSS compliant).

10. Changes to this policy

We may update this policy from time to time. We will notify you of material changes by email. Your continued use of ExieCare after changes take effect constitutes acceptance of the updated policy.

11. Contact and complaints

For privacy questions, contact us at hello@exiecare.co.uk. If you are unhappy with how we handle your data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.