Privacy Notices for UK users of the ieso app

[These notices do not govern our collection or use of personal information through any means other than through engagement in digital tools. There are separate, different, more detailed Privacy Notices on our therapy sites relevant to the collection and use of personal data in connection with receiving our online cognitive behavioural therapy (CBT) services delivered by therapists]

ieso is committed to protecting and respecting your personal data.

These Privacy Notices describe the privacy practices of the Ieso Digital Health group of companies (Ieso Digital Health Ltd, Ieso Digital Health (UK) Ltd and Ieso Digital Health, Inc.) (collectively, “ieso”, “we”, “us”, or “our”), and how we handle your personal data that we collect via use of our digital tool and reflect legal requirements and regulations. We are data controllers of your personal data and are registered with the Information Commissioner (registration numbers Z5383093 and ZA239229). If you require further information on anything below, please contact our Privacy team: Full details on how to contact us can be found below.

Information we collect

We collect the following Personal Data about you in several ways:

Information we collect directly from you

As a user of the app, we will collect the following Personal Data from you, including:

  • Your name (or what you’d like to be referred to as)
  • Your written conversations when interacting with our digital guide in the app
  • Your responses to our clinical questionnaires
  • Your queries, requests or comments if you contact us for customer service or technical support

Information we collect automatically from your use of the app

Certain information is collected automatically from your use of this app:

  • Session activity information – we collect information on your use of the app, including when you login, when you start and complete a session, etc.
  • Event data – this includes how the software has interpreted your responses.
  • Device and log information – this includes information about the device you’re using, your Internet Protocol (IP) address and IP location.

Inferred Data

As the app uses the information you enter to make a conversational response, the digital tool will collect and categorize your comments to help better support you.

For example, if you tell the digital guide that you are worried about work, that may fit a category of ‘work concerns’ which the digital tool will use to learn how to respond to you in the future. This is known as ‘intent classification’ and ‘machine learning’. 

New data that is collected through this process is known as ‘inferred data’ or ‘profiling’, which is not data you have provided to us directly, however, the digital tool has drawn conclusions from the content of your discussions.

Please be assured, this profiling is relatively non-consequently and transient, and it does not make automated decisions that produce significant effects.

You can contact our Privacy team at for further information.

You always have the right to refuse to submit your personal data to us, but note that without this information, this app may be unavailable to you.

How we use collected information

We use your Personal Data to:

  • Deliver this app, including to personalise the experience
  • Communicate with you
  • Provide you with customer service or technical support
  • For service evaluation and improvement
  • Anonymise your Personal Data to use it for the development of products/ tools intended to help more people access products earlier and/or assess their need for such products. Although this is not then Personal Data, you may be interested in reading about an example of this here.
  • Make some categorisations, see Inferred Data above

How does our Artificial Intelligence process your data

The ieso programme is a smartphone app that you can engage with for help with your worries. It uses automated text chat to help people who might not be able to access other care, or people who may be waiting for therapy services to start. It provides tools and techniques to help with difficult feelings. So that the app responds in an engaging way with more personalised responses to the inputs that you provide, we use some artificial intelligence techniques, including machine learning and large language models. However, all of the content in the app that helps users to deal with their worries has been written exclusively by our trained therapists, and the app makes no autonomous decisions about what elements of this therapist-written content is provided.

If you have any questions, please contact us at

Using your Personal Data for service evaluation and improvement

We want to ensure that our digital tool works well, provides the support needed and is safe for use. We use personal data as part of service evaluations and improvement activities. Data protection legislation permits this wider activity as part of ‘management of healthcare services’, and by using it for this purpose and not disclosing it outside our data controllership, we are not obligated to apply the National Data Optout. We will always de-identify data, and separate it from directly identifiable data, for this activity where it is possible to do so. If you have any objections or concerns, please contact our privacy team

We are passionate about learning from your personal data by conducting high-quality service evaluation and analysis to feed into the effectiveness of our product to further improve accessibility, usability and outcomes. We have internal procedures in place to safeguard your privacy so that only the minimum necessary information is used to conduct these activities on the most de-identified data possible. We also use machine learning, natural language processing (NLP) and artificial intelligence (AI) on questionnaires and communications between you and the digital guide. 

Legal bases for processing your Personal Data

By agreeing to the terms and conditions of the app, you have entered into a contract with us which forms the legal basis for the processing of your Personal Data.  You may choose what information you enter into the app, and we will treat all responses as personal data for data protection purposes. We use your Personal Data only as permitted by law, for the purpose for which we collected it.  

Once you’re discharged from our service, the lawful basis will be legitimate interests for the continued retention of data as part of your health record with ieso.

The lawful basis for processing your demographic information (provided during onboarding into therapy) is legitimate interests.

If you choose to provide any special category data during your interactions with us, this will be deemed necessary for medical purposes.

How we share your Personal Data

We appreciate and respect that the confidentiality of your interactions with the app are of utmost importance to you. Information is only shared on a strictly ‘need to know’ basis. The confidentiality of all information that you share with the app is upheld to the highest level possible, which is why anyone receiving information about you will be under an equal legal duty to keep it confidential. Relevant internal policies and procedures are designed to share the minimum information necessary to provide the best treatments, care and protection for yourself or others, and to conduct our service evaluation and improvement. 

Within ieso, some of your data collected through the app will be available to ieso Clinical Supervisors and administrative staff within your direct care, as well as Engineering staff to support with technical issues. They will only have access to your name, email address, where you’re up to within the app, and questionnaire scores – they will not have access to your written conversations. We also share some data with ieso researchers, AI scientists, and clinically-qualified advisers on a need to see basis for service evaluation and improvement - this data will be as de-identified as far as possible. For example, your written conversation will not be accessed for service evaluation in connection with your full name, contact details or wider medical record.  

Outside of these circumstances, we will always seek your permission ahead of disclosing any information that identifies you directly or indirectly to any other person or organisation, or for any reason other than those set out in this policy without your knowledge or permission, unless we have an overriding legal duty to do so.

How we secure your Personal Data

We place great importance on the security of personal data. We have put controls in place to safeguard your personal data, applying physical, technical and procedural measures against unauthorised access, loss, misuse and alteration of personal data under our control. 

We use de-identified data for service evaluation and improvement activities, we limit access to your personal data to those who have a genuine need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality. 

We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

We have maintained the International Standard certification for Information Security (ISO 27001) since 2017 and the Cyber Essentials Plus certification since 2019.

How we store your Personal Data

We use a small number of well-known Software as a Service (SaaS) providers to store subsets of your information and enable the uses of information described in these notices, and we have data protections agreements in place with each provider to ensure your information is secure.  

How long we retain your Personal Data

We retain your Personal Data in accordance with the NHSX Records Management Code of Practice:

  • We retain your health records for 20 years post discharge.
  • We retain research records for up to 20 years.

Your data protection rights

The Data Protection Act 2018 provisions certain rights to individuals which ieso is committed to supporting you with: 

  • The right to be told how we process your personal data; 
  • The right to know what data is held about you and to have a copy of it; 
  • The right to have incorrect information corrected; 
  • The right to request that personal data is erased; 
  • The right to restrict processing; 
  • The right to have your personal data ‘ported’ or transferred to another provider; 
  • The right to object; and 
  • Rights to have automated decision making and profiling explained to you and to ask for human involvement 

There are some circumstances where we will not be able to fulfil your rights. For example, we hold your data as part of your health record and health data is exempt from the right to deletion. Our Privacy team will work with you to ensure you are involved and understand the decisions being made.

For more detailed information on your rights visit

If you need any assistance in these areas, please contact our Privacy team: 


Questions, comments and requests regarding these privacy notices or data protection should be addressed to our Privacy team: 

Changes to these Privacy Notices

We reserve the right to change these Privacy Notices from time to time by updating the effective date of these Privacy Notices and posting it on the Site. If the change affects the way we process your personal data, then we will notify you be reasonable means. In all cases, your use of the app after the effective date of any modified set of Privacy Notices indicates you have read and understood the modified notices.  

These Privacy Notices are effective from 4th December 2023. 

Changes to your personal data 

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during this relationship with ieso.

The ieso programme app is available to use and download now

Alternatively, if you would like to find out about other mental health support options available in your area, visit the NHS website here.