privacy_policy.exe

Privacy Policy

Your data protection and privacy rights

Last Updated: January 25, 2025 | Effective Date: January 25, 2025 | GDPR Compliant | Healthcare Platform Specialized

1. Introduction

SaveOnThePen Ltd ("we," "our," or "us") operates SaveOnThePen.com, an AI-powered healthcare platform that provides medication price comparison and treatment optimization services for UK users. We are a UK company committed to revolutionizing healthcare cost management through artificial intelligence.

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform. We are committed to protecting your privacy and ensuring compliance with UK GDPR, Data Protection Act 2018, and healthcare data protection standards.

Healthcare Data Notice: This platform processes health-related information classified as "special category personal data" under UK GDPR. We implement enhanced safeguards including explicit consent requirements and additional security measures for all health information.

2. Information We Collect

Personal Information

  • • Name, email address, and secure account credentials
  • • Subscription and billing information (processed securely via Stripe)
  • • Communication preferences and marketing consent status
  • • Customer support inquiries and correspondence
  • • Account activity logs and security information

Health Information (Special Category Data)

Explicit Consent Required: We collect health information only with your explicit, informed consent. You can withdraw this consent at any time through your account settings.

  • • Current and target weight measurements for AI analysis
  • • Height, age range, and gender identity (for NHS-compliant BMR calculations)
  • • Current medications, dosages, and treatment history
  • • Treatment effectiveness, progress data, and stagnation patterns
  • • Medical conditions and dietary considerations (voluntary disclosure)
  • • Side effect reports and treatment breaks (voluntary)

Usage & Platform Data

  • • AI feature interactions and optimization requests
  • • Price comparison searches and pharmacy preferences
  • • Dashboard engagement patterns and feature usage
  • • Device information, browser data, and IP addresses
  • • Session duration and platform navigation patterns

Analytics & Tracking Data

  • • Google Analytics data (anonymized where technically possible)
  • • Microsoft Clarity session recordings and interaction heatmaps
  • • Cookiebot consent management records and preferences
  • • Performance metrics, error reporting, and system diagnostics
  • • Email engagement tracking (opens, clicks, unsubscribes)

3. Our Legal Basis for Processing Your Information

Under UK GDPR Article 6, we must have a valid legal basis for processing your personal data. Here's how we justify each category of processing:

Performance of a Contract

We process your personal and platform usage data to deliver the core services you've signed up for:

  • • AI-powered treatment optimization and stagnation detection
  • • Real-time price comparison across 70+ UK pharmacies
  • • Account management and premium subscription features
  • • Customer support and technical assistance

Explicit Consent

We rely on your explicit, informed consent for activities requiring your active agreement:

  • • Processing health information (special category personal data)
  • • Sending marketing communications and platform updates
  • • Using non-essential analytics cookies and tracking
  • • Participating in anonymized data monetization programs

Withdrawal Right: You can withdraw consent at any time through your account settings.

Legitimate Interest

We process certain data based on legitimate business interests that don't override your rights:

  • • Improving AI algorithms and healthcare optimization accuracy
  • • Developing new features and platform enhancements
  • • Conducting anonymized population health research
  • • Preventing fraud and ensuring platform security
  • • Analyzing user behavior to improve user experience

Legal Obligation

We process certain data to comply with UK legal requirements:

  • • Retaining billing records for tax and accounting compliance
  • • Responding to lawful requests from regulatory authorities
  • • Maintaining records for potential legal disputes
  • • Complying with healthcare advertising regulations

4. How We Use Your Information

Core Healthcare Platform Services

  • • Provide AI-powered treatment optimization with 23-day stagnation warnings
  • • Generate personalized metabolic analysis using NHS-compliant BMR calculations
  • • Create financial projections demonstrating potential £1,107+ savings
  • • Compare medication prices across 70+ verified UK pharmacies
  • • Track treatment progress and milestone achievements
  • • Deliver premium features including bundle optimization and advanced analytics

Account Management & Support

  • • Create and maintain secure user accounts with AWS Cognito
  • • Process premium subscription payments through Stripe
  • • Provide customer support and technical assistance
  • • Send important account notifications and security alerts
  • • Manage user preferences and consent settings

Marketing & Communications

Explicit Consent Required

We will only send marketing communications to users who have given explicit, opt-in consent to receive them:

  • • New feature announcements and AI optimization updates
  • • Personalized healthcare cost savings opportunities
  • • Premium subscription offers and upgrade incentives
  • • Educational content about medication optimization
  • • Industry insights and healthcare cost trends

Easy Unsubscribe: Every marketing email includes one-click unsubscribe options.

Research & Development

  • • Improve AI algorithms and treatment prediction accuracy
  • • Develop new healthcare optimization features and strategies
  • • Conduct anonymized population health research for public benefit
  • • Generate insights for pharmaceutical industry research partnerships
  • • Enhance platform security and user experience

Medical Advice Disclaimer

Important: Our platform provides price comparison and optimization insights only. We do not provide medical advice, diagnosis, or treatment recommendations. Always consult qualified healthcare professionals for medical decisions. Our AI analysis is for informational purposes and should not replace professional medical guidance.

5. Information Sharing & Disclosure

Anonymized Data Monetization

Transparency Commitment: We may share anonymized, aggregated health and pricing data with pharmaceutical companies and research institutions to fund platform development and advance healthcare research.

Data Protection Measures:

  • • All personal identifiers completely removed
  • • Data aggregated across minimum 100+ users
  • • No individual patterns identifiable
  • • Regular anonymization audits conducted

Your Control:

  • • Opt-out available in account settings
  • • Withdraw consent at any time
  • • Revenue helps subsidize free features
  • • Supports public health research

Essential Service Providers

  • Amazon Web Services (AWS): Secure cloud hosting, database storage, and authentication
  • Stripe: Payment processing for premium subscriptions (PCI DSS compliant)
  • Google Analytics: Website usage analytics with IP anonymization
  • Microsoft Clarity: User experience insights and session analysis
  • Cookiebot: GDPR-compliant cookie consent management

Links to Third-Party Pharmacies

Affiliate Business Model Disclosure

Our platform includes affiliate links to third-party pharmacy websites (including Boots, LloydsPharmacy, Superdrug, and others) to help you find the best medication prices. When you click these links:

  • • You are taken to an external website with its own privacy policy
  • • That pharmacy may set its own cookies and track your activity
  • • We may receive a commission if you make a purchase
  • • We are not responsible for their data practices or privacy policies

Recommendation: Review each pharmacy's privacy policy before providing personal information.

Legal Requirements & Protection

  • • Comply with legal obligations and UK regulatory requests
  • • Protect our rights, property, and user safety
  • • Prevent fraud, abuse, and ensure platform security
  • • Respond to lawful government or court orders
  • • Defend against legal claims and protect user interests

No Personal Health Data Sales: We never sell, rent, or trade identifiable personal health information. Only anonymized, aggregated insights are shared with research partners, and only with your explicit consent that you can withdraw at any time.

6. Your Rights Under UK GDPR

As a UK/EU resident, you have comprehensive rights regarding your personal data. We are committed to facilitating the exercise of these rights:

Right to Access

Request copies of your personal data

Includes health data, usage patterns, and AI insights

Right to Rectification

Correct inaccurate personal data

Update health information and account details

Right to Erasure

Delete your personal data

Subject to legal retention requirements

Right to Portability

Transfer your data to another service

Machine-readable format provided

Right to Object

Object to certain processing activities

Including marketing and data monetization

Right to Restrict

Limit how we process your data

While maintaining essential services

Exercise Your Rights

Multiple Access Methods: Contact us at privacy@saveonthepen.com, use your account settings dashboard, or submit a formal request through our support system.

Response Timeline:

  • • Standard requests: Within 30 days
  • • Complex requests: Up to 60 days
  • • Urgent security issues: Within 72 hours

Verification Process:

  • • Identity verification required
  • • Account authentication needed
  • • Free of charge for reasonable requests

7. Data Security

We implement comprehensive, healthcare-grade security measures to protect your sensitive information:

Encryption Standards

  • • TLS 1.3 for all data in transit
  • • AES-256 encryption for data at rest
  • • End-to-end encryption for health data
  • • Regular encryption key rotation

Infrastructure Security

  • • AWS SOC 2 Type II compliant hosting
  • • ISO 27001 certified data centers
  • • Geographic redundancy and backups
  • • 99.9% uptime SLA commitment

Access Controls

  • • Role-based access with least privilege
  • • Multi-factor authentication required
  • • Regular access reviews and audits
  • • Automated session timeout controls

Monitoring & Auditing

  • • 24/7 security monitoring and alerts
  • • Quarterly penetration testing
  • • Annual third-party security audits
  • • Comprehensive audit logging

Data Breach Response Protocol

Commitment: In the unlikely event of a data breach affecting personal information, we will notify affected users within 72 hours and relevant authorities (ICO) as required by UK GDPR. Our incident response team follows established procedures to contain, assess, and remediate any security incidents.

8. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes outlined in this policy:

Account & Profile Data

ACTIVE ACCOUNT

Retained while your account remains active and for 30 days after deletion

Legal Basis: Contract performance and legitimate interest

Health Information

SPECIAL CATEGORY

Retained for 3 years after account deletion or consent withdrawal

Legal Basis: Legitimate interest in research and potential legal defense

Billing & Financial Records

LEGAL REQUIREMENT

Retained for 7 years as required by UK tax and accounting law

Legal Basis: Legal obligation under UK Companies Act

Analytics & Usage Data

ANONYMIZED

Anonymized after 26 months (Google Analytics standard)

Legal Basis: Legitimate interest in service improvement

Support Communications

LIMITED

Deleted after 3 years or resolution of issues

Legal Basis: Legitimate interest in customer service quality

Early Deletion Requests

You can request early deletion of your personal data at any time. We will honor such requests unless we have a compelling legal reason to retain the data (such as ongoing legal proceedings or regulatory requirements). Health data can be deleted immediately upon consent withdrawal.

9. Contact Information & Complaints

Data Protection Officer

Company: SaveOnThePen Ltd

Email: privacy@saveonthepen.com

Response Time: Within 30 days

Urgent Issues: Within 72 hours

Types of Requests We Handle

  • • Data access and portability requests
  • • Consent withdrawal and opt-out requests
  • • Data correction and deletion requests
  • • Privacy concerns and security questions
  • • Data sharing and monetization questions

UK Information Commissioner's Office

You have the right to file a complaint with the ICO if you believe we have not handled your personal data appropriately:

Website: ico.org.uk

Phone: 0303 123 1113

Address: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

We encourage you to contact us first to resolve any concerns, but you have the absolute right to complain directly to the ICO.

Policy Updates & Continued Platform Use

This Privacy Policy may be updated periodically to reflect changes in our data practices, new healthcare features, or legal requirements. We will notify users of material changes via email and prominent website notices at least 30 days before implementation.

Privacy Questions:

privacy@saveonthepen.com

Healthcare Data Concerns:

support@saveonthepen.com

Technical Support:

help@saveonthepen.com

Continued use of our platform after policy updates constitutes acceptance of the new terms. If you do not agree with updated terms, you may delete your account at any time.