Privacy Overview

We are committed to protecting your privacy and confidentiality.


By agreeing to the terms and conditions of the Service you have entered into a contract with us which forms the legal basis for the processing of your information.

Here we explain what personal information we collect, how it is used, shared, secured, stored, and how you can exercise choices and manage your data. These Privacy Notices reflect legal requirements, regulations, and clinical best practice.

We understand that the privacy and confidentiality of all the personal information, especially the transcripts of therapy sessions, you provide and that we handle, is important to you, and our internal policies and procedures reflect this and the need to share the minimum information necessary.

We will not sell or use or share your personal information for direct marketing or other promotional purposes. These Privacy Notices prohibit this.

We reserve the right to change these Privacy Notices from time to time by changing them on the Site and/or by notifying you through your account or by email. Amended terms will take effect 30 days after they are published.

Click here for the full introduction


You can read more detail about each section below by clicking on the ‘click here for full details’ links or simply scroll down:

1. Information we collect

a) Information you provide to us when you register and use our Service This includes:

  • Registration information
  • Assessment information
  • During the course of your treatment
  • Your queries or questions

b) Information we may collect from other sources This includes:

  • Referral information
  • Demographic information
  • Therapist notes

c) Information collected automatically from your use of the Service This includes:

  • Session activity information
  • Device information
  • Log information

Click here for full details

2. How we use collected information (includes sharing within Ieso)

We use the personal information we collect to ensure that we provide you with the best possible treatment both now and in the future. We have appointed a Data Protection Officer and (Caldicott Guardian)[] to seek to ensure that our procedures for handling patient information meet with our obligations.

We use the personal and clinical information that we receive under our terms with you and in connection with providing treatment to:

  • Register you with the Service
  • Assess your treatment needs
  • Provide your treatment
  • Communicate with you
  • Protect you and/or others
  • Conduct analysis, profiling and research to improve our Service

We only ever share the minimum information necessary to provide the best treatment, care and protection for yourself or others, or to satisfy legal requirements, and we will only share transcripts in rare circumstances. For example, some of our NHS contracts require annual audit meetings to review feedback which may occasionally include the joint viewing of transcripts from any internal investigations that have been conducted by us as a result of a complaint, see section 3, When we share your information.

We will always seek your permission ahead of disclosing any information that identifies you directly to any other person or organisation, or, for any other reason not set out in this policy unless we have an overriding legal duty to do so.

We will not sell or use or share your personal information for direct marketing or other promotional purposes.

Click here for full details

3. When we share your information

We appreciate and respect that the confidentiality of your interactions with the Service are of utmost importance to you. Information is only shared on a strictly ‘need to know’ basis. Anyone receiving information about you will be under an equal legal duty to keep it confidential.

The confidentiality of all information shared between yourself and your therapist is upheld to the highest level possible. We recognise that you may consider some information you give to us and that may be recorded in the transcripts, as particularly sensitive. Relevant internal policies and procedures are designed to share the minimum information necessary to provide the best treatment, care and protection for yourself or others.

We do not routinely make directly identifiable information available to anyone within Ieso or beyond, although there are specific situations when we may disclose certain personal information in the context of operating or providing the Service – see section 2 How we use collected information.

In delivering the Service to you, your personal information may be shared with:

  • Your GP and/or your referring healthcare provider
  • NHS Digital

Outside the normal course of providing services, we may also share the minimum necessary information where required or entitled by law, legal process, or professional ethical or law enforcement reporting purposes. This may include notifying appropriate authorities, regulators or law enforcement agencies, or allowing them confidential access to specific information as part of an inspection or review, or to prevent fraud or cybercrime or any threats. If these circumstances arise, we would inform you wherever possible.

We have internal procedures in place to safeguard your privacy, so that only the minimum necessary information is used to conduct research on the most de-identified data possible. We will always seek your permission ahead of disclosing any information that identifies you directly to any other person or organisation or for any other reason than those set out in this policy without your knowledge or permission unless we have an overriding legal duty to do so.

Also covered in this section:

  • Sharing your personal information without your consent
  • Transferring data outside the UK, and holidays during treatment

Click here for full details

4. How we secure your information

We place great importance on the security of personal identifiable information associated with our patients. We have put controls in place to safeguard the personal information that you provide, applying physical, technical and procedural measures (including data minimisation and privacy by design tools against the loss, misuse and alteration of personal information under our control.

We have achieved the International Standard certification for information security (ISO 27001) and satisfy the NHS Information Governance Toolkit requirements to levels 2 or 3.

Click here for full details

5. How we store your information

Ieso Digital Health is headquartered in the United Kingdom (UK) and information about you submitted via the Services is used by us and hosted by our service provider on secure servers in the UK. As mentioned above, such information is stored in an encrypted state, meaning the provider cannot access identifiable information.

We retain your information and health record as a resource that you can return to at any time you wish. This can help you remember coping strategies, techniques or processes that you learnt in therapy. If you were to experience a setback between sessions or after you’ve completed treatment you may find it useful to refer to your therapy transcripts and messages. Also, if you were to require further therapy sessions at any time in the future, your therapists would be able to access all your therapy notes. We retain your clinical record by reference to the IGA Records Management Code of Practice for Health and Social Care guidance for managing health records, and to support our legal obligations to be accountable for your care.

Click here for full details

6. Your access, rights and choices

You can access specific details relating to your treatment through the Service online at any time directly through your account. This includes your treatment goals, score graphs, messaging and treatment session transcripts.

You can also update or amend your key registration and contact details directly through your account.

This information will remain a resource available to you after the conclusion of treatment.

Click here for full details.

7. Cookies and tracking

We use cookies for the following reasons:

  • Secure login and navigation
  • Functionality
  • Analytics and performance

You can also learn more about our use of cookies by visiting our cookies policy.

Click here for full details

8. Specific information relevant to Children and Young People

Our contract with your healthcare provider determines the lower age limit for our services. As standard it is 18, but specific contracts include 16 year olds and older, and for others the lower age limit is 12. The services are only available to children under 16 following a referral by a verified General Practitioner or healthcare provider and where relevant, the consent of the child's parent or guardian.

9. Your questions and how to contact us

If you have any questions or comments about this policy please let us know:

Click here for full details

If you are in crisis, or need help dealing with one - do not use this site. For immediate help, please call the National Lifeline at 1-800-273-8255, or text HOME to 741741.