cadence HEALTH
Back

Privacy Notice — Cadence Health

Effective date: February 2026 · Last updated: May 2026

1. Who we are

Cadence Health Ltd is a company registered in England and Wales (Company No. 17043196). We are registered with the Information Commissioner's Office (ICO Registration No. ZC095403) as a data controller.

Contact us at: bradley@cadencehealth.uk

2. What data we collect

  • Identity data: Your name and email address.
  • Health data (Special Category under UK GDPR): The GLP-1 medication you are prescribed (e.g. Mounjaro, Wegovy), your dose, injection dates, weight entries, and any symptoms you log. This is sensitive data and we treat it accordingly.
  • Technical data: Device type, browser, and login timestamps. We use this only for security and to keep your account working properly.

3. Legal basis for processing

Your health data is Special Category data under UK GDPR Article 9. The lawful basis we rely on depends on how you came to use Cadence:

  • If you were onboarded through a prescribing partner (for example, your GP, online prescriber, or pharmacy) we process your health data under Article 9(2)(h) — provision of health or social care or treatment, in support of the clinical-care relationship between you and your partner. We act as a data processor for your partner in this context; your partner is the data controller for your clinical record. This is the same lawful basis your partner relies on for their own clinical record-keeping; no separate consent tick-box is required.
  • If you signed up directly (without a prescribing partner) we process your health data under Article 9(2)(a) — your explicit consent. You give this consent when you create your account and agree to our terms. You can withdraw it at any time (see Section 8).

We do not rely on "legitimate interests" to process your health data. Legitimate interests is not a valid legal basis for Special Category data under UK GDPR.

For non-health data (e.g. keeping your account secure, communicating with you), we rely on our contract with you and, where relevant, our legitimate interests in operating a safe and functional platform.

4. How we use your data

  • To deliver personalised GLP-1 guidance and content relevant to your treatment stage.
  • To enable clinical oversight by your prescribing clinician, so they can review your progress and flag any concerns — in line with clinical and regulatory responsibilities.
  • To maintain an audit trail for regulatory compliance with MHRA and GPhC requirements.

5. Who we share your data with

Your clinical data is shared only with your prescribing partner (who is the data controller for your clinical record) and with the technical service providers we use to operate the platform (such as our database host and email delivery service — all UK or EU based, under written data-processing agreements).

Where your prescribing partner uses an integrated clinical record system (EHR), Cadence syncs your clinical data with that system so the same record stays current in both places — your refill requests reach your prescriber's normal workflow, and their prescription decisions update your Cadence treatment state. We do not share demographic details (name, NHS number, address, postcode) with the EHR — your prescriber already holds those in their own records. The EHR is operated by your partner as their own data controller. If you want your data removed from the EHR you must contact your partner directly — closing your Cadence account removes your Cadence-side record only and does not remove the clinical record the partner holds in their own system. This is a category-level disclosure that covers any integrated EHR your partner may use now or in future.

6. What we don't do

  • No automated clinical decisions. The platform provides information only. No algorithm makes decisions about your treatment.
  • We never sell your identifying personal data. Your name, email, date of birth, and postcode are never sold or shared with third parties beyond your prescribing partner and the technical service providers we use to run the platform. Anonymised research data is a separate, opt-in matter — if you choose to give R&D consent (see Section 7), your treatment data, with all identifying details irreversibly removed so it cannot be linked back to you, may form part of datasets we share commercially with pharmaceutical research partners as part of Cadence Health's real-world evidence (RWE) work. Your decision to opt in or not has no effect on your use of the platform.
  • No transfers outside the UK. Your data is stored and processed within the United Kingdom.
  • No third-party analytics on patient pages. We do not load tracking scripts (e.g. Google Analytics, Meta Pixel) on any page where you enter or view health data.

7. Future research use

We may in the future ask whether you would like your anonymised data to contribute to research (for example, medication outcomes research). This will always be a separate, explicit opt-in — it is never a condition of using the platform. Any such use would also require a formal amendment to our Data Protection Impact Assessment. You can say no and continue using Cadence exactly as before.

8. How long we keep your data

  • Active health and account data: Kept for the duration of your treatment plus 2 years, to support any clinical follow-up.
  • Audit logs: Kept for 7 years for regulatory compliance.
  • Deletion requests: Completed within 30 days of your request.

9. Your rights

Under UK GDPR, you have the right to:

  • Access — request a copy of the data we hold about you.
  • Rectification — ask us to correct inaccurate data.
  • Erasure — ask us to delete your account and associated personal data.
  • Restriction — ask us to pause processing while a dispute is resolved.
  • Portability — receive your data in a machine-readable format.
  • Withdraw consent — if you signed up directly (Article 9(2)(a) basis), at any time, without affecting anything we did before you withdrew. Withdrawing consent means we will stop processing your health data and will delete your account. If you were onboarded through a prescribing partner (Article 9(2)(h) basis), this right is handled by your partner as the data controller — please contact them directly.
  • Complain to the ICO — if you think we've handled your data unlawfully, you can contact the Information Commissioner's Office at ico.org.uk or on 0303 123 1113.

To exercise any of these rights, email us at bradley@cadencehealth.uk.

10. Data security

  • All data is encrypted at rest and in transit (TLS).
  • Database access uses Row Level Security (RLS) — you can only see your own data, and our staff access is limited to what they need.
  • We do not store passwords in plain text.

11. Contact

For any questions about this notice or to exercise your rights, please contact us:

Cadence Health Ltd
Company No. 17043196 | ICO Registration ZC095403
bradley@cadencehealth.uk