Version 1.0 · May 2026 · Cetia Health Ltd · Company No. 17169813
Applies to: cetia.health and the Cetia app
This policy is written in plain English. Every section starts with a plain-English summary in plain text, followed by the full legal detail you need to understand your rights.
Cetia is a health technology platform that helps people monitor their cardiovascular health at home and share those readings with their GP or care team. We are the company responsible for your data.
We are registered as a data controller with the UK Information Commissioner's Office (ICO).
ICO registration number: ZC138461
This policy applies to everyone who uses Cetia, whether you are a patient, a carer monitoring someone else's health, or a clinician. It covers the Cetia web app, iOS app, and Android app.
If you are a clinician, this policy covers your account and usage data. Data about your patients is processed separately and is subject to the data sharing agreement between Cetia and your practice.
Plain English: When you sign up, we collect your name, email address, and role so we can create your account and communicate with you.
We collect: your name, email address, role (patient, clinician, or carer), and optionally your professional title. If you register through NHS Login, we may receive your NHS number and verified identity details from NHS Login directly.
Lawful basis: Article 6(1)(b) UK GDPR — performance of a contract.
Plain English: Your blood pressure readings are health data. We treat this with the highest level of care and protection. We cannot provide the service without collecting this data.
We collect: systolic and diastolic blood pressure values, pulse rate, the date and time of your reading, which arm you used, your body position, whether the reading was taken at home or in a clinic, notes you add, and any mood or context tags you apply. We also collect data about your medications, doses, and compliance — whether you took them, any missed doses, and any side effects you experienced.
This is special category data under UK GDPR Article 9.
Lawful basis (Article 6): Article 6(1)(b) — performance of a contract.
Lawful basis (Article 9): Article 9(2)(h) — processing necessary for the provision of health care or treatment.
Plain English: If you use the weight monitoring feature, we record your weight over time. This is used to detect fluid retention, a key sign in heart failure, and to support cardiovascular risk calculations.
Where you enable weight monitoring, we collect: weight (kg), the date and time of the measurement, and whether it was entered manually or via a connected smart scale. We may collect BMI calculated from weight and height you provide.
This is special category data under UK GDPR Article 9.
Lawful basis (Article 6): Article 6(1)(b) — performance of a contract.
Lawful basis (Article 9): Article 9(2)(h) — processing necessary for the provision of health care or treatment.
Plain English: If you choose to connect your Apple Watch, Garmin, Fitbit, or other compatible device, Cetia can receive health data from those devices — but only for the specific data types you explicitly authorise. You can withdraw access at any time.
This section applies when these features are enabled — currently in development.
Where you grant permission through Apple HealthKit or Google Health Connect, Cetia may receive the following data types. Each requires your separate, explicit consent:
Cardiac data:
Activity and lifestyle data (where consented):
Important: Cetia does not store raw ECG waveforms. We receive and store only the classification output (e.g. ‘sinus rhythm’ or ‘atrial fibrillation’) and associated metadata. Raw waveforms remain on your device and in Apple Health only.
Data received from Apple HealthKit or Google Health Connect is also subject to Apple's and Google's own privacy policies. Cetia does not control how Apple or Google process data within their own health platforms.
Lawful basis (Article 6): Article 6(1)(a) — your explicit consent for each data type.
Lawful basis (Article 9): Article 9(2)(a) — your explicit consent for each data type (all cardiac and health data is special category data).
You can withdraw access to any wearable data type at any time from your device's Health app settings or from within the Cetia app settings.
Plain English: For some conditions, we ask you to record symptoms — such as breathlessness or palpitations — so your care team can see the full picture alongside your readings.
This section applies when these features are enabled — currently in development.
Where you use condition-specific monitoring features, we may collect:
This is special category data under UK GDPR Article 9.
Lawful basis (Article 6): Article 6(1)(b) — performance of a contract.
Lawful basis (Article 9): Article 9(2)(h) — processing necessary for the provision of health care or treatment.
Plain English: We ask for your ethnicity and postcode because NHS guidelines recommend including them in cardiovascular risk calculations. Providing them is completely optional.
We may ask for your ethnic group (using ONS 2021 categories) and your postcode. We use this to calculate your cardiovascular risk score (QRisk3) more accurately, and in anonymised and aggregated form only, to understand health outcomes across communities.
Ethnicity is special category data under UK GDPR Article 9.
Lawful basis (Article 6): Article 6(1)(a) — your explicit consent.
Lawful basis (Article 9): Article 9(2)(a) — your explicit consent.
You can withdraw consent at any time from your account settings.
Plain English: You can point your phone camera at your blood pressure monitor to capture readings automatically. The image is processed to extract the numbers — it is not stored by Cetia.
When you use the AI photo capture feature, an image of your BP monitor display is sent to a cloud AI service (Microsoft Azure AI) to extract the systolic, diastolic, and pulse values. The image is not stored after processing. Only the extracted numeric values — and a confidence score — are retained. If the confidence score is below our threshold, you will be asked to enter the values manually.
Lawful basis (Article 6): Article 6(1)(b) — performance of a contract (providing you with the photo capture feature).
Lawful basis (Article 9): Article 9(2)(h) — the image may incidentally contain biometric data (your hands, device, surroundings).
Plain English: Like most apps, we collect some technical information to keep the service working and to fix problems.
We collect: IP address (held for 30 days in server logs only), device type, operating system version, app version, session events (login, logout, reading submitted), and error logs. We do not use this data for advertising or profiling.
Lawful basis: Article 6(1)(f) — our legitimate interest in maintaining a functioning and secure service.
We use your data only for the purposes described in this policy. We never sell or share your personal data with advertisers or commercial third parties. We do not share any data that can identify you.
We may license anonymised, aggregated population health data — data that has been irreversibly stripped of all personal identifiers and cannot be linked back to you — to NHS bodies, research institutions, pharmaceutical companies, and government health agencies. This data is used for public health research and service improvement. It cannot identify you. Section 4.6 explains how this anonymisation works and the safeguards we apply.
This section applies when these features are enabled — some features currently in development.
Cetia uses automated rules to classify your readings (for example, as ‘normal’, ‘elevated’, or ‘hypertensive crisis’) and to trigger alerts to your care team. These classifications follow NICE clinical guidelines and are configured by your clinician.
This automated classification is not a clinical diagnosis. It does not replace clinical judgement. It is a tool to surface data to you and your care team. All clinical decisions remain with your clinician.
We do not use your data to make automated decisions that have a legal or similarly significant effect on you within the meaning of Article 22 UK GDPR.
We use anonymised and aggregated data to understand how the platform is used and to improve it. This data cannot identify you. We never use your personal health data for product improvement without your explicit consent.
Plain English: If you agree to take part in a clinical trial or research study, we process your data for research purposes under a separate consent. You can withdraw from research at any time without this affecting your use of Cetia for your own health monitoring.
Where you have given separate, explicit consent to participate in a clinical trial or research study, your data may be processed for research purposes. Research processing is governed by:
Lawful basis (Article 6): Article 6(1)(a) — your explicit consent to research participation.
Lawful basis (Article 9): Article 9(2)(j) — processing necessary for scientific research purposes, in accordance with Article 89(1) UK GDPR, subject to appropriate safeguards.
You have the right to withdraw from research participation at any time. Withdrawal from research does not affect your right to continue using Cetia for your own health monitoring. Data already included in aggregated research datasets cannot be retroactively removed where it has been genuinely anonymised.
Plain English: When you delete your account, we extract a privacy-safe summary of your data that cannot identify you. We use this to produce public health reports and to support medical research.
We maintain a population analytics dataset built from fully anonymised records. This dataset contains: ethnicity group (one of five broad categories), gender, age band (five-year range), region (first two characters of postcode), relative timestamps (days from first reading, not actual dates), BP readings at each relative day, weight at each relative day (where provided), medication names and doses, compliance records, and condition module engagement flags.
This dataset has no link to your identity. It is subject to k-anonymity controls (no result published if it represents fewer than five individuals). This data is retained indefinitely as it is genuinely anonymised and not personal data under UK GDPR.
If you link your account to a clinician, your health readings and relevant data will be visible to your linked clinician(s). You control which clinicians are linked. You can remove a clinician link at any time from your account settings.
We use technology providers to operate the platform. Where any provider processes personal data on our behalf, we ensure a Data Processing Agreement (DPA) is in place before any data is shared. Our current providers include:
This list reflects our current providers. As our platform develops we may onboard additional processors. We will always ensure a DPA is in place before any new processor handles personal data, and we will update this policy when material changes occur.
Where you connect your Apple device via HealthKit or your Android device via Google Health Connect, Apple and Google act as independent data controllers for health data stored in their health platforms. Cetia receives data from these platforms only with your explicit authorisation. The data Apple and Google hold about you is governed by their own privacy policies.
This section applies when these features are enabled — currently in development.
Where you use a compatible third-party device (such as a Withings or Omron blood pressure monitor, or a Hilo continuous BP device), readings from that device may flow into Cetia via HealthKit, Google Health Connect, or direct API integration. The data collected by the device manufacturer is governed by that manufacturer's own privacy policy. Cetia only processes the reading values once they are received — we do not have access to or control over data stored by the device manufacturer.
If you have linked your account via NHS Login, your health readings may be sent to your GP's clinical record (EMIS, SystmOne, or other NHS systems) via NHS FHIR and MESH standards. This is done only with your consent and your clinician's configuration. Once sent to an NHS system, that data is governed by NHS data retention policies. You should contact your GP practice to request any changes to data in your NHS record.
We may disclose your data where required to do so by law, regulation, or court order. We will notify you wherever we are legally permitted to do so.
Cetia stores and processes data primarily in the EU (Supabase) and will migrate to UK-based infrastructure (Azure UK South) prior to NHS deployment. Both locations are covered by adequate data protection standards under UK GDPR.
Resend, our email service provider, processes email metadata in the EU (Ireland). This transfer is covered by UK adequacy decisions for EU-based processors.
Apple HealthKit data is processed by Apple on servers in the US and other countries, subject to Apple's Privacy Policy and Standard Contractual Clauses. Google Health Connect data is similarly processed by Google subject to their terms.
We do not transfer personal data to countries without an adequate level of protection without implementing appropriate safeguards (Standard Contractual Clauses or equivalent).
We keep your data only as long as necessary for the purpose for which it was collected.
Plain English: When you delete your account, your personal data is removed within 30 days. We cannot get it back once it is deleted.
When you request account deletion, Cetia will:
Your right to erasure (Article 17 UK GDPR) is honoured in full for all personal data. The population analytics record is not subject to erasure because it is genuinely anonymised and not personal data.
If your data has been sent to an NHS clinical record, that data is held by your NHS practice and governed by NHS data retention policies. Contact your GP practice to request changes to your NHS record.
Under UK GDPR, you have the following rights in relation to your personal data:
Right of access
You can request a copy of all personal data we hold about you. We will respond within one month. You can also download your data directly from the Settings section of the Cetia app.
Right to rectification
You can ask us to correct inaccurate data. You can update most data directly in your account settings.
Right to erasure
You can ask us to delete your personal data at any time from your account settings. See Section 8 for what happens when you delete your account.
Right to data portability
You can request your data in a structured, machine-readable format (JSON or PDF) from the Settings section of the Cetia app.
Right to object
You can object to processing based on legitimate interests (Article 6(1)(f)). We will stop that processing unless we can demonstrate compelling legitimate grounds.
Right to withdraw consent
Where we rely on consent (ethnicity, postcode, wearable data, research participation), you can withdraw consent at any time from your account settings. Withdrawal does not affect processing that took place before withdrawal.
Right to restrict processing
You can ask us to restrict how we process your data in certain circumstances — for example, while you contest the accuracy of your data.
Right to lodge a complaint
If you are unhappy with how we handle your data, contact us at [email protected]. You also have the right to complain to the UK Information Commissioner's Office (ICO) at ico.org.uk or by calling 0303 123 1113.
Our security measures include:
We will notify you and the ICO within 72 hours of becoming aware of a personal data breach that is likely to result in a risk to your rights and freedoms.
The Cetia web app uses strictly necessary cookies only: a session cookie to keep you logged in, and a security cookie (CSRF protection). We do not use tracking cookies, advertising cookies, or third-party analytics cookies.
You can block cookies in your browser settings, but this may prevent you from logging in.
Cetia is not intended for use by people under 18 in its current form. We do not knowingly collect data from anyone under 18.
If you believe a child has provided us with personal data, please contact us at [email protected] and we will delete it promptly.
We will update this policy when our practices change or when required by law. When we make material changes, we will notify you by email and display a prominent notice in the app at least 30 days before the changes take effect.
If you do not accept the changes, you can delete your account at any time from your account settings.
If you have any questions about this policy or about how we handle your data:
For ICO complaints: ico.org.uk · 0303 123 1113