NOT PRODUCTION READY — DO NOT ENTER REAL PATIENT OR PERSONAL DATA
Version: 0.1
Effective Date: 16 July 2025
Mortimer Health ("we," "us," "our") is providing access to an Alpha version of a web application that links risk assessments to potential screening pathways for research, evaluation, and product development purposes. For the limited data we collect in this Alpha, we act as a data controller (or, where applicable, a joint controller/processor—see Section 8). Our obligations are informed by the UK General Data Protection Regulation ("UK GDPR") and the Data Protection Act 2018 ("DPA 2018"), which together govern how personal information must be used, protected, and handled in the UK. These laws also recognise enhanced protections for special category data, including health information.
During the Alpha we anticipate receiving:
Please do not submit:
Where realistic test conditions are needed, use anonymisation, pseudonymisation, or synthetic data generation techniques; if you must mimic edge cases, obfuscate or mask all identifiers. If we detect apparent real personal data, we may delete, mask, or block it without notice to reduce risk.
For the limited Alpha test data described above we rely on one or more of the following lawful bases:
| Processing Activity | Legal Basis | Notes |
|---|---|---|
| Creating & administering tester accounts | Contract where access is provided under test agreement; or legitimate interests for R&D | Minimal personal data only. |
| Collecting structured feedback / surveys | Consent gathered explicitly | You may withdraw; see Section 9. |
| Technical logs & telemetry to ensure service function & improve security | Legitimate interests in securing and improving the service. |
We use Alpha test data to: (i) operate the test environment; (ii) debug errors and security issues; (iii) evaluate feature usability; (iv) develop and validate the product; and (v) generate aggregated, de-identified analytics to guide product design. Where feasible we apply data minimisation and de-identification (anonymisation, pseudonymisation, masking) so individuals cannot reasonably be identified from outputs shared with the broader team.
We apply reasonable technical and organisational measures appropriate to an early-stage prototype. For example restricted test-only access, role-based permissions, encrypted transport (HTTPS/TLS), basic environment segregation, and logging for debugging. However, because Alpha environments evolve rapidly and do not yet include full production safeguards (e.g., hardened infrastructure, full backup/restore processes, comprehensive penetration testing), we cannot guarantee the confidentiality, integrity, availability, or resilience of any data you submit. Security controls may fail, change, or be bypassed as we iterate. Use synthetic data.
Alpha test data is intended to be short-lived. Unless we are legally required to retain it longer (e.g., for audit or bug investigation), we plan to delete submissions within 12 weeks after the close of the Alpha cycle. Logs may persist longer in secure archives for troubleshooting but will be minimised. We may delete data at any time without notice if we believe it poses privacy risk. Please export anything you need before the test ends.
We may use cloud hosting, development, analytics, or email vendors to support the Alpha. This is currently AWS.
We intend to avoid cross-border transfers, and any cross-border transfer is unintentional. We use AWS to host our application within the eu-west-2 (London) region.
Subject to applicable law, and assuming we hold personal data about you in this Alpha, you may have rights to: be informed; access; correct inaccuracies; delete; restrict or object to processing; data portability; and rights relating to automated decision-making. To exercise any right, contact us. We will respond consistent with UK data protection law and may need to verify identity. Some rights may not apply where we only hold anonymised, aggregated, or log data that is not linked to you.
If we become aware of a security incident affecting personal data in the Alpha, we will investigate promptly, take steps to contain and remediate, and—where required—notify affected individuals and/or the Information Commissioner's Office (ICO) within applicable legal timeframes. Because Alpha systems are less mature, we strongly encourage testers to report suspected issues immediately.
The Alpha application is for research, evaluation, and product development only. It is not medical advice, not a diagnostic tool, and not a substitute for professional clinical judgment. Do not rely on Alpha outputs to diagnose, treat, or manage any medical condition. For medical concerns, consult a qualified healthcare professional; in an emergency, contact emergency services immediately.
Unless we have separately signed a Business Associate Agreement (BAA) with you, the Alpha environment is not intended to receive or store Protected Health Information ("PHI") as defined by the U.S. HIPAA Privacy Rule. Please do not upload or transmit any PHI. If PHI is inadvertently submitted, notify us immediately so we can delete or secure it.
THE ALPHA SERVICE IS PROVIDED "AS IS" AND "AS AVAILABLE" FOR TESTING ONLY. TO THE FULLEST EXTENT PERMITTED BY LAW, WE DISCLAIM ALL WARRANTIES (EXPRESS, IMPLIED, OR STATUTORY), INCLUDING ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, DATA ACCURACY, OR SYSTEM AVAILABILITY. YOU ENTER DATA AND USE THE ALPHA AT YOUR OWN RISK. WE ARE NOT LIABLE FOR ANY LOSS, DAMAGE, COSTS, OR CLAIMS ARISING FROM (I) YOUR SUBMISSION OF REAL PERSONAL OR HEALTH DATA CONTRARY TO THIS NOTICE; (II) UNAUTHORISED ACCESS, DISCLOSURE, OR LOSS IN THIS PRE-PRODUCTION ENVIRONMENT; OR (III) RELIANCE ON ALPHA OUTPUTS FOR CLINICAL OR OTHER DECISION-MAKING.
Nothing in this Notice excludes or limits liability that cannot legally be excluded (e.g., fraud, death or personal injury caused by negligence), nor does it limit your statutory data protection rights.
Primary contact: Thomas Callender
Email: tom.callender@mortimerhealth.com
Data Protection Officer (if appointed): Thomas Callender
Please include "Alpha Privacy" in the subject line and describe your request (access, deletion, suspected personal data entry, security issue, etc.).
The Alpha is not directed to children and is intended for professional adult testers. Please do not create accounts for or submit data about individuals under 18 (or the age threshold that applies in your jurisdiction).
Because Alpha development is fast-moving, we may update this Notice at any time. Material changes will be communicated to registered testers (e.g., email, in-app banner). Continued participation after an update indicates you accept the revised Notice.
The terms shall be governed and construed in accordance with English law. The course of England and Wales shall have exclusive jurisdiction to deal with any disput arising hereunder.
Your use of this web application indicates that you have read and understand the Alpha Test Privacy Policy and Terms of Use and accept that the Alpha is provided "as is" and used at your own risk.