← Back to consultation

Privacy Policy

Effective date: 2026-05-19

Last updated: 2026-05-19

This policy is in a pre-launch draft awaiting UK solicitor review. Items in [BRACKETS] are placeholders. If you spot something unclear before launch, email deskbodyinbalance@gmail.com.

1. Who we are

This service ("the AI Consultation", "we", "us", "our") is provided by:

Body In Balance UK Christopher A. Pickard, B.Sc, D.C. (chiropractor and clinical nutritionist — not a medical doctor) Correspondence address: 32 Great North Road, Welwyn Garden City, UK Email: deskbodyinbalance@gmail.com Trading as Body In Balance (UK) Ltd, registered with the UK Information Commissioner's Office.

Chris Pickard acts as the Data Controller for personal data collected through this service, and the designated Data Protection Officer for queries about how your data is used.

2. About this policy

This Privacy Policy explains what personal data we collect when you use the AI Consultation, why we collect it, how we use it, who we share it with, and the rights you have over your data. It also explains how we comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

This service handles special category data concerning health (UK GDPR Article 9), which receives additional legal protection. We take that responsibility seriously.

3. The personal data we collect

Identity & contact information

  • Name
  • Email address
  • Date of birth
  • Sex assigned at birth

Health & lifestyle information (special category data)

  • Your responses to the structured intake questionnaire, including:
    • Current medications and supplements
    • Surgical and antibiotic-use history
    • Family medical history
    • Symptoms and patterns you describe (energy, sleep, mood, digestion, pain, etc.)
    • Lifestyle factors (alcohol, caffeine, smoking, exercise, diet)
    • Stress and life context
    • Any free-text answers you choose to share
    • Where applicable, your responses to the QEESI

Technical information

  • IP address
  • Browser type and operating system
  • Pages you visit within the service and the times of access
  • Authentication tokens (for the "save and resume" feature)

We do not collect financial / payment information in v1, geolocation beyond IP-derived approximate location, or any advertising / third-party tracking cookies.

4. Why we collect it & our lawful basis

| Purpose | Lawful basis | Special-category basis | |---|---|---| | To provide the AI Consultation service to you | Contract (Art. 6(1)(b)) | Article 9(2)(h) — provision of health care | | For Chris Pickard to review your submission as a healthcare practitioner | Legitimate interests (Art. 6(1)(f)) | Article 9(2)(h) | | To send you transactional emails (magic-link logins, resume reminders) | Contract (Art. 6(1)(b)) | n/a | | To safeguard you when a safety red flag is detected | Vital interests (Art. 6(1)(d)) / legitimate interests | Article 9(2)(c) — vital interests; Article 9(2)(h) | | To keep an audit log of who accessed your data | Legal obligation (Art. 6(1)(c)) | n/a | | To send you marketing emails about Body In Balance services | Consent (Art. 6(1)(a)) — opt-in only | n/a |

Christopher A. Pickard is a registered chiropractor (B.Sc, D.C.) and clinical nutritionist, not a medical doctor. As a registered health professional, he is bound by a duty of professional confidentiality that provides the equivalent professional-secrecy obligation required under Article 9(2)(h).

5. Who has access to your data

Within Body In Balance UK: Chris Pickard, acting as Data Controller and DPO.

Our sub-processors (Data Processors acting on our written instructions under signed Data Processing Agreements):

| Sub-processor | What they do | Where they host UK data | |---|---|---| | Supabase Inc. | Database, authentication, storage | London region (eu-west-2) | | Vercel Inc. | Application hosting | UK / EU edge | | Resend Inc. | Transactional email sending | EU region | | Sentry | Error monitoring (with PII scrubbing) | EU region | | Plausible Analytics | Privacy-respecting page analytics | EU region |

We do not sell, rent, or trade your personal data to anyone. Ever.

6. International transfers

Your personal data is stored within the United Kingdom (Supabase London region). Where our sub-processors are headquartered outside the UK / EEA, transfers are protected by Standard Contractual Clauses approved by the UK Information Commissioner and the sub-processors' own UK/EU data-residency commitments.

7. How long we keep your data

| Data category | Retention period | |---|---| | Active patient account & submission data | While your account is active | | Inactive account (no activity for 24 months) | Email asking whether to retain. No response within 30 days → pseudonymised. | | Reviewed clinical records | Up to 7 years (UK clinical record retention) | | Audit logs | 7 years | | Email tokens (magic links) | 30 days from issuance | | Marketing email consent records | Until you withdraw + 1 year |

You can request earlier deletion at any time via the Delete-my-account button. Where Chris Pickard has reviewed your submission and acted on it clinically, that record may be retained in pseudonymised form (PII removed) as part of his clinical-record obligation.

8. Your rights

Under UK GDPR you have the following rights, which we honour in full:

  • Right of access — see what data we hold. Use the "Download my data" button on your account page.
  • Right to rectification — correct anything wrong. Email us.
  • Right to erasure — use the "Delete my account" button.
  • Right to portability — receive your data in machine-readable format. The JSON download covers this.
  • Right to restrict processing — email us.
  • Right to object — to processing on legitimate interests, or to direct marketing.
  • Right to withdraw consent — for any consent-based processing.
  • Right not to be subject to solely automated decisions with legal or similarly significant effect. The Cell Blueprint score is rule-based; no decision with legal or similarly significant effect is made solely automatically.

To exercise any right, email deskbodyinbalance@gmail.com or use the controls in your account. We aim to respond within 14 days; legally we have up to 30 days.

9. Security

We protect your data with TLS for data in transit, AES-256 encryption at rest, UK-region database hosting, magic-link email authentication (no passwords), comprehensive audit logging, regular security patching, principle of least access internally, and a documented breach response procedure (ICO notification within 72 hours per Article 33).

No system is perfectly secure. If you become aware of a security issue, please email us at deskbodyinbalance@gmail.com.

10. Cookies & tracking

This service uses only essential cookies required to authenticate you and operate the service. We do not use advertising cookies, third-party analytics cookies, or social-media trackers. Under UK PECR, no cookie consent banner is required for strictly necessary cookies.

11. Children

This service is for adults only. You must be 18 or older to create an account.

12. AI & automated decision-making

The AI Consultation produces a scored Cell Blueprint picture (rule-based, deterministic) and a starting-place recommendation. This is not medical advice. No diagnosis is being made, no treatment is being prescribed, and no decision with legal or similarly significant effect is taken solely by the AI.

13. Disclaimer — not a substitute for medical advice

The AI Consultation is an educational and informational tool. It is not a substitute for diagnosis or treatment by a qualified medical practitioner, advice from your GP, or emergency medical care.

If you experience any of the following, contact appropriate care immediately rather than continuing the consultation:

  • Chest pain, severe breathlessness, or fainting → call 999
  • Heavy or fresh-red rectal bleeding → call 111 or go to A&E
  • Thoughts of self-harm or suicide → call 999 or Samaritans on 116 123
  • Any other urgent symptom → call 111

14. Complaints

If you have a concern about how we have handled your data, please email us first at deskbodyinbalance@gmail.com so we can put it right. You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) at https://ico.org.uk/concerns/, by phone on 0303 123 1113, or by post to Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF.

15. Changes to this policy

We may update this policy from time to time. The "Last updated" date will tell you when. For material changes that significantly affect your rights, we will email you in advance.

16. Contact us

  • Email (all queries): deskbodyinbalance@gmail.com
  • Correspondence address: 32 Great North Road, Welwyn Garden City, UK

Questions about this policy? deskbodyinbalance@gmail.com