Australia and New Zealand

Belgique (Français)

Belgique (Nederlands)

Canada

Deutschland

España

France

Italy

Luxembourg (Français)

Luxemburg (Deutsche)

Magyarország

Nederland

UK

US (English)

US (Español)

Please review the privacy policy for your country:

UK

Introduction

We are dedicated to improving care and treatment for people with all kinds of health conditions and especially in orthopaedic surgery and musculoskeletal care. By bringing together patients, healthcare professionals, researchers and life science companies, we’re working to make care better using the latest technology, data, and our shared knowledge.

We are committed to protecting your personal data and respecting your privacy. Transparency and clarity are important for us and we want you to feel in control of and understand how we handle your personal data. We appreciate that you do not want your personal data distributed indiscriminately and in this policy we explain how we collect information, what we do with it and what rights you have in relation to your personal data.

We may revise this policy from time to time and will notify you if we are making any significant changes. This Privacy Policy was last updated on 1 Dec 2025.

Please read this policy carefully so that you understand the terms and how they apply to you. 

If you have any questions about how we process your information, please do not hesitate to get in touch by contacting us at support@myrecovery.com.

Important information and who we are

This is the Privacy Policy for the www.myrecovery.com website (Site), any mobile application we provide (App) and any online dashboard portal that accompanies an App (Dashboard) (together, the Services). The Services are operated by Healthcare Outcomes Performance Company (HOPCo) Ltd  (trading as myrecovery, msk.ai and HOPCo) (we, us and our). 

HOPCo Ltd is a company registered in England and Wales with company number 09336986 and having its registered office at 3rd Floor, 1 Ashley Road Altrincham Cheshire WA14 2DT, United Kingdom.

We are registered under the Data Protection Act 2018 with the Information Commissioner's Office (the UK data protection regulator). Our registration number is ZA230517 and can be viewed online at www.ico.org.uk. You can also access useful guidance and information about your rights in relation to your personal data on that website.

Who is responsible for your information?

When you access our Services independently, for example, by visiting our website, HOPCo Ltd (the company behind myrecovery) acts as the data controller. This means we decide how and why your personal information is used in that context.

However, if you are invited to use the myrecovery platform by your hospital or another healthcare organisation, HOPCo Ltd will act on behalf of that organisation. In those cases, your hospital or healthcare provider is the data controller, and HOPCo Ltd acts as a data processor, processing your information under their instruction.

When using myrecovery in this way, your information will be handled in line with this Privacy Policy, where it applies to services we provide on behalf of the data controller. You should also read the privacy notice provided by your hospital or healthcare organisation to understand how they will use and protect your information.

Who this policy applies to

By accessing or using the Services you acknowledge and consent to the collection and use of information in accordance with this Privacy Policy, our Terms of Service (either our Terms of Service for App and Site Users or Terms of Service for Dashboard Users, as applicable to you), together with our End-User Licence Agreement (EULA) and any additional terms of use incorporated by reference into the EULA. By accessing our Services you agree that we may treat your information as set out in this Privacy Policy. If you do not agree with any of the terms of this Privacy Policy, our EULA or Terms of Service, you should refrain from using our Services.

Please take the time to read and understand how this policy applies to you, according to the different categories of user described below and referred to throughout this document:

  • as a Patient, who has been referred by a charitable organisation or your surgeon, doctor or other healthcare professional to download and use the App as part of your care and recovery process pre- or post- treatment, or invited to use the App as part of your involvement in a clinical study or research project;
  • as a Healthcare Professional User (HCP), being an individual who accesses the App and Dashboard in your capacity as a person responsible (whether as a surgeon, doctor or other healthcare professional) for the medical care and treatment of Patients, and with permission from those Patients to monitor such activity and other medical data as they may submit to the App in order to inform their care pre- and post- treatment, or as a person administering a clinical research trial or study involving consenting App users for medical and device research purposes;
  • as a Healthcare Administrator, being an individual or entity responsible for the management and oversight of a healthcare institution and its HCPs, or an employee of a healthcare organisation, and who is a registered user of the Dashboard for the purposes of managing and/or supporting HCPs engaged in medical care and treatment, as well as viewing practice summaries and statistics for your clinical practice, or being an administrator involved in a clinical study or research project; or
  • as a Partner, being an entity (or individual acting on behalf of an entity) involved in research and development relating to the treatment of diseases, including the improvement of existing technologies and development of new technologies, to improve the treatment and care of patients and support patient safety, and who is a registered user of the Dashboard in order to access information relating to Patients pre- and post- treatment of health conditions and diseases and the use and effectiveness of medical devices or medication used by surgeons, doctors and other healthcare professionals as part of treatment.
  • We reserve the right to change this Privacy Policy from time to time by changing it on the Site or by updating the App or Dashboard. 
Children’s privacy

Our Services are not intended for use by children under the age of 13. By using the App, you confirm that you are at least 13 years old. If you are between the ages of 13 and 17, you should only use the App with permission from a parent or legal guardian.

We do not knowingly collect personal data from anyone under the age of 13. If we become aware that personal data has been collected from a child under 13, we will take reasonable steps to delete that information as soon as possible.

If you believe that we may have collected information from a child under 13, please contact us at support@myrecovery.com.

Our Key Privacy Commitments
  • We only collect health data as instructed by healthcare teams and as necessary to provide and improve our services.
  • We use health data only for your care, service functionality, quality and safety, and research (with safeguards).
  • We do not use health data for advertising  or marketing without consent.
  • We do not sell your personal data.
  • You can access, correct, or request deletion of your data at any time.
  • We apply strong security measures, including encryption, access controls, and regular security testing.
  • You remain in control of permissions for any third-party health-app data and you can withdraw permissions for connected health apps.
  • Any automated insights generated are used only to support care and are reviewed by healthcare professionals where relevant.
Information we may collect from you

Personal data, or personal information, means any information about an individual from which that person can be identified (Personal Data). It does not include data where sufficient information has been removed or randomised such that an individual can no longer be identified directly or indirectly (Anonymous Data).

We collect information about you if you:

  • register with or use our Site;
  • download and use our App; or
  • access our Dashboard.

We may collect, use, store and process the following different kinds of Personal Data about you that you submit through your use of the Services:

  • Identity information including your first and last names, date of birth and gender that you provide by completing forms on the Site, the App or the Dashboard, including if you register as a user of the Services, upload or submit any material via the Services, or when you request any information;
  • Contact information including your email address and telephone numbers;
  • Login information including information in connection with an account sign-in facility, such as your login and password details; and
  • Technical information including additional data which, when you access the Services we may (like most modern websites and online applications - for more information, please refer to the 'All About Cookies' website), by means of cookies and/or other similar technologies, automatically collect about you – such as the type of internet browser or mobile device you use, any website from which you have come to the Site, your IP address (the unique address which identifies your computer or mobile device on the internet) and/or the operating system of your computer or mobile device. See the Cookies & other technologies section for more information.
If you are a Patient: 

By providing us with additional information about you and your recovery, we are able to provide better and more personalised services and information to you and the healthcare professionals responsible for your treatment, and as a result your healthcare professional will be able to better tailor the care to your individual needs. We may collect the following additional data (including medical data):

  • Treatment-specific Health information including information about your surgery or treatment, including pre- and post- treatment care information, such as the dates and details of your treatment, the type of medical device you have received and the details of that device, and the details of your healthcare team;
  • Other Health information including data relating to you, your treatment, and how your recovery is progressing, including pain scores, exercise compliance data, and responses to surveys and questionnaires, as well as any other content that you choose to create and post or upload to the App (which may include videos, photographs, audio, messages or other materials);
  • Third-party Health App data including data collected where, if you install the App on to a device which has Apple HealthKit, Google Fit, Google Health Connect or Samsung Health enabled, we will request access to third-party health app data such as your exercise and fitness level through your device.You will be prompted by your device to allow access the first time this content is requested by us and, even if you grant us access, you can stop this access at any later point by changing the settings on your device. You are under no obligation to provide this information. However, if you should choose to withhold requested information, this may reduce our ability to provide you and your healthcare team with information on your recovery from treatment;
  • Communication and App Usage information including details of any communications you send to us, for example to report a problem or to submit queries, concerns or comments regarding the Services or content made available through the Services; information from videos you have watched or surveys that we may, from time to time, run on the Services for research purposes, if you choose to respond to, or participate in, them; and
  • Location information including information provided by your device to enable us to show you content that is local to you and to help authenticate the use of the Services. We may approximate your location from your device using the GPS connection information used by your device to help your healthcare team understand your recovery from treatment, for example to understand your activity levels. If we collect location data via the App, we will always prompt you about sharing your location and you can disable location sharing at any time through the settings of your device. 
  • NHS number If you are receiving care from a health or care organisation, that organisation may share your NHS number with other organisations providing your care. This is so that the health and care organisations are using the same number to identify you whilst providing your care. By using the same number the health and care organisations can work together more closely to improve your care and support.

Your NHS number may be accessed through an NHS Digital service called the Personal Demographic Service (PDS) {{https://digital.nhs.uk/services/demographics}}. In this scenario, a health or care organisation sends basic information such as your name, address and date of birth to the PDS in order to find your NHS Number. Once retrieved from the PDS the NHS Number is stored in our case management system. These data are retained in line with our record retention policies and in accordance with the Data Protection Act 1998, Government record retention regulations and best practice. Your healthcare team will be able to provide further information.


We will share information only to provide health and care professionals directly involved in your care access to the most up-to-date information about you. Access to information is strictly controlled, based on the role of the professional, and where the user has a direct care relationship with you.

The use of joined up information across health and social care brings many benefits. One specific example where this will be the case is the discharge of patients into social care. Delays in discharge (commonly known as bed blocking) can occur because details of social care involvement are not readily available to the staff on the hospital ward. The hospital does not know who to contact to discuss the ongoing care of a patient. The linking of social care and health information via the NHS Number will help hospital staff quickly identify if social care support is already in place and who the most appropriate contact is. Ongoing care can be planned earlier in the process, because hospital staff will know who to talk to.

You have the right to object to the processing of your NHS Number in this way. This will not stop you from receiving care, but will result in the benefits outlined above not being realised. To help you decide, we will discuss with you how this may affect our ability to provide you with care, and any other options that you have.

If you wish to opt-out from the use of your NHS Number in this way, please contact us by emailing support@myrecovery.com.

Health and Fitness Data We Collect

In addition to the categories described above, we explicitly collect and process the following health- and fitness-related data where you choose to provide it:

  • Activity and mobility data (e.g., step count, walking/running distance, mobility patterns), including data accessed through Apple HealthKit, Google Fit, Google Health Connect, or Samsung Health.
  • Self-reported wellbeing metrics, including pain scores, symptom scores, patient-reported outcomes surveys, mood or function assessments.
  • Exercise adherence and rehabilitation activity data, such as completion of exercises, duration, frequency, range-of-motion assessments, or other rehabilitation-related metrics.
  • Treatment-related health data, including surgical dates, procedure type, implant/device identifiers, pre-operative and post-operative care information, and complications (if reported).
  • Recovery-related or real-world performance data, such as gait measures, device-sensor-derived mobility data (e.g., accelerometer or gyroscope signals), or other indicators used to support clinical monitoring.
  • Multimedia data with health content, such as videos or photographs you upload to support your clinical care.
  • In-app communication data, including messages you exchange with your care team through the App. This may include text, photographs, videos, or other materials you choose to share to support your assessment, treatment, or recovery. These communications form part of your clinical record and are accessible only to authorised members of your care team. These communications may contain special category data where you choose to include health-related information.

You may decline to provide any of this information; however, doing so may limit the functionality available to you and the insights your clinical team can access to support your care.

If you are a HCP, Healthcare Administrator or Partner, we may collect the following additional data (the below categories of information are not collected from Patients):
  • Employee information including Identity Information and Contact Information of your employees. You should properly inform your employees on the processing of their personal data according to the provisions of the UK GDPR.
  • Practice information including data relating to the management of a healthcare organisation, such as performance assessments and ratings, number of patient registrations, staff and patient demographic information, and number and type of treatments offered and patient outcomes. 
Anonymised Data

We also collect, use and share anonymised data about our users pre- and post- treatment, such as statistical or demographic data, in order to help us and the third parties we collaborate with to improve existing technologies and develop advanced new technologies to improve the treatment and care of patients and support patient safety. 

Anonymised data could be derived from your de-identified personal data having been combined with a pool of data from other users of our Services, but is not considered personal data as it has been sufficiently anonymised such that it cannot be used to directly or indirectly reveal your identity. For example, we may anonymise your data by aggregating your non-identifying data with that of other Patients, including:

  • your usage data to calculate the percentage of users accessing a particular feature of the App to inform how we develop and improve our products;
  • any pain score and Third-party Health App data you provide following treatment to help HCPs, Healthcare Administrators and our Partners assess the effectiveness of that treatment, calculate average recovery times and better understand the recovery process;
  • any information you provide in relation to the function of medical treatments, devices, in order to deliver research information to third-party organisations who we collaborate with, to help them understand how well their devices, treatments or therapeutics are functioning and how they could be improved to inform and advance the development of more effective and safer treatments for patients; to produce statistical data for research purposes including for use and reference in connection with clinical studies, scientific articles, medical conferences and health reports; and to develop, train and improve analytical healthcare systems based on machine learning or artificial intelligence technologies.

Legal basis for creating anonymised data

When we process your personal data to create anonymised data, we do so based on our legitimate interests (Article 6(1)(f) UK/EU GDPR). This includes our interest in improving and developing technologies that support patient care and safety, provided this does not override your rights and freedoms.

If the data being anonymised includes special category data—such as health-related information—we rely on Article 9(2)(h) (processing for health or social care purposes) or Article 9(2)(j) (processing for scientific or statistical purposes), as appropriate. This processing is subject to appropriate safeguards, including data minimisation, pseudonymisation during processing, and the use of secure methods to ensure the anonymisation is effective and irreversible.

How is your personal data collected?

We use different methods to collect data from and about you, including through:

  • Direct interactions: you may provide us with your identity and contact details when you register to use our Services. You may provide further data by submitting information to the App or Dashboard, responding to surveys or providing feedback.
  • Automated technologies or interactions: when you interact with our Services, we will automatically collect technical data about the device you are using, your browsing actions and patterns and (if you enable location sharing) your location data, using cookies or other similar technologies (explained further below). 
  • Integration with third-party health apps: if you choose, when prompted, to grant the App permission to access other health or fitness related applications installed on your device, we may access and use your Third-party Health App data collected by those third-party applications, as defined above. You may disable such permissions at any time in your device settings and/or via the relevant third-party application.
Use of Google Fit, Google Health Connect, Apple HealthKit and Samsung Health

Where you choose to connect the App to Google Fit, Google Health Connect, Apple HealthKit, or Samsung Health:

  • we only access the specific categories of data that you explicitly authorise;
  • we use this data solely to deliver health-related features within the App and to support your clinical care;
  • we do not use this data for marketing, advertising or any purpose unrelated to your care or the core functionality of the App;
  • we do not sell this data or share it with third parties except where necessary to provide direct care, operate the App, meet legal obligations, or as otherwise permitted under this Privacy Policy;
  • we comply with all applicable Google, Apple and Samsung developer terms, including those governing permitted use, security, and data handling; and
  • you may withdraw access at any time through your device or app-store settings, and the App will stop receiving data from that service.
Data minimisation

We are committed to collecting and using only the minimum amount of personal data necessary to deliver our Services and fulfil the purposes described in this Privacy Policy.

We regularly review the personal data we collect to ensure that it is:

  • Adequate – sufficient to fulfil the intended purpose;
  • Relevant – clearly linked to the specific processing activity; and
  • Limited – not excessive in relation to the purpose for which it is collected.

Optional data, such as information from third-party health apps, is only accessed with your explicit permission and can be disabled at any time in your device settings.

When personal data is no longer required for the purposes for which it was collected, we either anonymise it or securely delete it in line with our retention practices.

How we use your Personal Data and purposes for processing your data

We take the protection of your personal information very seriously and will only ever use your Personal Data lawfully and in accordance with the requirements of Data Protection Legislation. 

Common legal grounds for processing your data: 

The most common purposes for which we use your personal data and the legal grounds on which we do so are as follows:

  • to enable us to perform our contract we have entered into or are about to enter into with you to provide you with the services and information offered through the Site, App and Dashboard (as applicable), subject to our EULA and Terms of Service with you, and to improve those services;
  • where it is necessary for our legitimate interests (or those of a third-party) as a commercial organisation for the purposes of managing and planning our business, and your interests and fundamental rights do not override those interests, in which case we may (keeping our information secure at all times and in a way that is proportionate and respects your privacy rights) use your personal information which we collect  in the course of running and/or improving our business and developing new products and services, including to:
    • audit the downloading of the App and data from the Services;
    • improve the layout and/or content of the pages of the Site, App and Dashboard and customise them for users;
    • identify visitors to the Site and/or users of the Dashboard and App;
    • conduct analysis and carry out research to further and improve medical care and treatment of health conditions and diseases;
    • analyse aggregated and anonymised outcome data to provide recommendations on patients journeys and develop technology to automate guidance;
    • forecast demand of service and to understand other trends in use, including which features users use the most and find the most helpful, and what features users require from us. This does not involve making any decisions about you - it is only about improving the Services we deliver to you and other users. Strict confidentiality and data security provisions will apply at all times;
    • troubleshoot bugs within the Services; and
    • troubleshoot and help you with any questions/enquiries; or 
  • where we need to comply with a legal or regulatory obligation.
Legal grounds for processing Special Category Data:

Due to the nature of our Services, if you are a Patient accessing the App we will collect and process certain types of data about you which are classified by law as being Special Category Data. This includes information about your health and other medical data, which we collect in order to effectively provide our Services to you. In order to lawfully process such data, we will only do so where one of the following conditions applies:

A. Where necessary for the purposes of preventative or occupational medicine, medical diagnosis, the provision and management of healthcare and treatment

As necessary for reasons of public interest in: 

  • preventative or occupational medicine; 
  • medical diagnosis; 
  • the provision and management of healthcare and treatment; or 
  • the management of healthcare systems,

we may process your Special Category Data in order to facilitate the delivery and improvement of the treatment delivered by HCPs and Healthcare Administrators who use our Services (at all times, where applicable and appropriate, having taken suitable measures to safeguard your fundamental rights and interests through the irreversible anonymisation of your data).

B. Where necessary for reasons of public interest to ensure high standards of quality and safety of healthcare and medical devices

Where necessary for reasons of public interest in the area of public health to ensure high standards of quality and safety of healthcare and medical devices, we may process your Special Category Data for the purposes of advancing research and understanding of the effectiveness of treatment of medical conditions and disease progression by ourselves and our Partners (at all times, having taken suitable measures to safeguard your fundamental rights and interests, including through the irreversible anonymisation of your data where appropriate).

C. You have given your explicit consent to such processing of your personal data 

Where neither of the grounds set out in A or B above applies, and where you have consented to the processing, we will also use your personal data to:

  • provide your surgeon, doctor or other health professional with information about the progress of your recovery and treatment, for example, survey scores or symptom surveys; or
  • to (always having removed personal identifiers, such as your name, address and contact details) improve our healthcare products and services, and our artificial intelligence systems, so that we can deliver better healthcare to you and other users, and further research into care and disease progression. This does not involve making any decisions about you - it is only about improving our products, services and software so that we can deliver a better experience to you and other users, and help achieve our aim of making healthcare affordable and accessible to everyone. Strict confidentiality and data security provisions apply at all times.
Legal grounds for creating anonymised data

Where we process your personal data for the purpose of creating anonymised data, we rely on our legitimate interests (Article 6(1)(f) UK/EU GDPR). 

This includes our interest in improving and developing technologies that support patient care and safety, provided that our use of the data does not override your rights and freedoms.

Where the data being anonymised includes special category data, such as health-related information, we rely on Article 9(2)(h) or 9(2)(j) of the UK/EU GDPR — processing necessary for health-related purposes or scientific or statistical purposes — subject to appropriate safeguards, including data minimisation, pseudonymisation during processing, and the use of secure methods to ensure anonymisation is effective and irreversible.

How We Use Health and Fitness Data

We use your health and fitness data only for the purposes described below:

  • Direct care and recovery support: enabling healthcare professionals involved in your treatment to monitor your progress, tailor your care plan, and assess outcomes.
  • Clinical communication: providing reminders, recovery guidance, care-pathway content, and treatment-related educational material created for and/or approved by your care team.
  • Service functionality: enabling core app features such as activity tracking, symptom logging, clinical dashboards, personalised insights, and care-pathway automation.
  • Analytics for quality and safety: understanding treatment effectiveness, device performance, safety trends, and service utilisation (on anonymised/aggregated data where possible).
  • Research and innovation: supporting ethically-approved research, clinical studies, scientific publications, and development of digital health tools and AI models, following strict de-identification and governance safeguards.
We do not use your health and fitness data for general marketing, advertising,  or selling to third parties.
Profiling for Clinical Care

We may use limited forms of automated analysis (profiling) to help support your care. This may include analysing recovery patterns, activity levels, or symptom information to provide your clinical team with additional insights that could assist their assessment of your progress.

Any such analysis is used only to support treatment, recovery monitoring and patient safety, and any insights generated are reviewed and interpreted by healthcare professionals where relevant and are never used to replace clinical judgment.

We do not use profiling for advertising or marketing, and we do not use automated profiling to make decisions that have legal or similarly significant effects on you. Any decisions about your care are made by qualified healthcare professionals.
No General Marketing to Patients 

For Patient users, to help the surgeon, doctor or other healthcare professionals involved in your care to better track your progress pre- or post- treatment, we may contact you via email, over the phone or through the App, requesting you to fill out a survey or answer questions about your treatment and recovery progress. We may still contact you, even if you uninstall the App. Please note, we will only contact you with information related to your treatment and use of the Site and App, including to share articles, referrals or other content related to your treatment which we think would be of particular interest to you. We will not, without your express opt-in permission, use it to send you general marketing emails on behalf of third-parties.

Information sharing

If you are a Patient, we may share your information, including information that you submit to the App, with:

  • your nominated surgeon, doctor or healthcare professional responsible for your care and other non-clinical healthcare personnel involved in the administration of your care, for the purposes explained above so they can understand and evaluate your condition and recovery progress. In accordance with the terms of our contractual arrangements with surgeons, doctors and healthcare professionals, your surgeon, doctor or healthcare professional will be legally required only to share this information to the extent necessary to provide your treatment to you;
  • our Partners, to enable them to improve existing technologies and treatments and develop new and advanced technologies and treatments to provide patients with more effective and safer care;
  • registry providers, for tracking post-treatment progress for surgical implants or medical devices in cases where individual users have separately consented to this; 
  • if required or authorised by law or a legal process, such as to law enforcement bodies to assist in their functions and courts of law; and
  • third-parties in connection with negotiations prior to any merger, sale of our assets, financing or acquisition of part or all of our business to another company (at this stage, we would only share Anonymous Data and not your personal information).

In the event that we undergo re-organisation or are sold to a third-party, you agree that any personal information we hold about you may be transferred to that re-organised entity or third-party.

We may disclose your personal information if required to do so by law or if we believe that such action is necessary to prevent fraud or cyber-crime or to protect the Services or the rights, property or personal safety of any person.

We may disclose aggregate statistics about visitors to the Site and users of the App and Dashboard in order to describe our services to prospective partners, sponsors and other reputable third-parties and for other lawful purposes, but these statistics will include no personally identifiable information.

Summary of When We Share Health Data

We may share your health data with the recipients below, and only for the purposes described:

  • Your healthcare professionals: to provide direct care, monitoring, and clinical assessment. This may include identifiable information. Legal basis: contract; Article 9(2)(h).
  • Healthcare provider administrators: to support care coordination and clinical governance. This may include identifiable information. Legal basis: contract; legitimate interests; Article 9(2)(h).
  • Research partners (where applicable): for treatment evaluation, safety monitoring, and scientific research. Data is usually anonymised; identifiable data is shared only with your consent, and under strict ethical, contractual, and data governance controls. Legal basis: consent; Article 9(2)(j).
  • Registry providers (if you consent): to monitor implant and/or device outcomes. This may include identifiable information. Legal basis: consent; public health.
  • Processors providing infrastructure services: to provide services such as hosting, communications delivery, and analytics. We use minimised identifiable data where possible. Legal basis: contract (including Article 28 requirements); legitimate interests.
  • Legal or regulatory authorities: where required to comply with applicable laws and regulations. This may include identifiable information. Legal basis: legal obligation.

We never share identifiable health data with advertisers or data brokers.

No Sale of Personal or Health Data
  • We do not sell your personal data, health data, or fitness data to any third party.
  • We do not permit any partner, supplier, or analytics provider to sell or reuse your data for their own purposes.
SMS communications

We use Twilio to deliver outbound SMS messages from the myrecovery platform, including appointment or treatment-related reminders and two-factor authentication (2FA) messages to help verify user accounts. Twilio acts as a data processor on our behalf and handles only the minimal personal data necessary to send these messages (e.g., phone numbers and message content). This data is securely transmitted and is not accessed or retained by Twilio for any other purpose. Twilio does not collect user data, does not have access to broader patient information, and is not used for analytics, profiling, or any form of data resale. Twilio is ISO 27001 certified and applies strong security measures, including encryption in transit and at rest. For more information, see Twilio’s Privacy Notice and Security Overview.

Security

We place great importance on the security of all personal information associated with our users. We have security measures in place to attempt to protect against the loss, misuse and alteration of personal information under our control. For example, our security and privacy policies are periodically reviewed and enhanced as necessary and only authorised personnel have access to personal information. Whilst we cannot ensure or guarantee that loss, misuse or alteration of information will never occur, we use all reasonable efforts to prevent it.

You should bear in mind that submission of information over the internet is never entirely secure. We cannot guarantee the security of information you submit via the Site, App or Dashboard whilst it is in transit over the internet and any such submission is at your own risk.

You are responsible for keeping your password confidential to prevent unauthorised access to your personal data and we ask that you do not share your password with anyone.

Additional Security Measures

In addition to the safeguards outlined above, we implement:

  • Strict data minimisation, collecting only what is necessary for the purposes described.
  • End-to-end encryption of personal and health data both in transit (TLS 1.2/1.3) and at rest.
  • Role-based access controls (RBAC) ensuring only authorised personnel with a legitimate need can access health data.
  • Audit logging and monitoring of access to health information.
  • Regular penetration testing and vulnerability scanning by accredited third-party security specialists.
  • Segregated production, development and analytics environments to ensure that personal data cannot be inadvertently accessed in research or development contexts.
  • Strict contractual and technical controls on third-party processors ensuring they only process the minimum data required and cannot repurpose it for any other use.
  • Documented incident response procedures to address any suspected or actual data breaches.

Despite our measures, no online service can guarantee absolute security. We continually review and improve our safeguards to reduce risk and meet UK GDPR and industry best-practice standards.

Data Storage, Security and Transfers

We are committed to protecting the security of your data by endeavouring to ensure appropriate technologies and processes are maintained to avoid unauthorised access or disclosure. We store all your personal data on secure servers.

Where you have chosen a password that enables you to access certain parts of our App or Dashboard, you are responsible for keeping this password confidential. We ask you not to share the password with anyone.

Your personal information which we collect is generally transferred to and stored on secure third-party servers located in the UK or European Economic Area (EEA). Such storage is necessary in order to process the information. Where your data is processed or stored outside of the UK or EEA, we ensure a similar degree of protection is afforded to it by ensuring that at least one of the following safeguards is in place:

  • We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission;
  • Where we use certain service providers, we may use specific contractual terms approved by the European Commission which give personal data the same protection it has in the EEA; and

Where we use service providers based outside the UK or European Economic Area (EEA), including in the United States, we ensure that appropriate safeguards are in place to protect your personal data. These safeguards may include:

  • the use of standard contractual clauses approved by the UK Information Commissioner’s Office or the European Commission;

  • the UK International Data Transfer Agreement (IDTA) or the UK Addendum to the EU Standard Contractual Clauses;

  • or, where applicable, reliance on the UK–U.S. Data Bridge (as an extension to the EU–U.S. Data Privacy Framework), where the U.S. recipient is certified under that framework.

We ensure that any such transfers comply with applicable data protection laws and that your data continues to benefit from a level of protection essentially equivalent to that under UK law.

Any transfers made will be in full compliance with the Data Protection Legislation.

We encrypt your data at transmission to and from the App and Dashboard and at rest. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access. We ensure that processing, analysis and research environments in relation to anonymised data and personal data are separated and that access to this data is restricted. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy. 


How Long We Keep Health Data

We retain your health and fitness data only for as long as necessary to:

  • deliver and operate the services you use;
  • support and document your clinical care;
  • meet medical-record retention obligations under UK law (typically 8 years, or longer where legally required for surgical or implantable device records); or
  • comply with legal, regulatory, or audit requirements.

If you are using the App as part of your clinical care or under the direction of your care team, we usually act as a data processor on behalf of your hospital or healthcare provider. In these cases, their record-retention policies take precedence, and we will retain your data for as long as they instruct us to do so. This applies in the vast majority of patient-use scenarios.

When personal data is no longer required for the purposes described above, it is either:

  • securely deleted; or

  • irreversibly anonymised so that it can no longer be used to identify you.

Anonymised data, which no longer identifies you, may be retained indefinitely for research, statistical analysis, service evaluation, and technology development (for example, to improve our digital health tools and care pathways).

This retention approach applies to all personal data we process in connection with the Services, not only to health and fitness data, unless a different period is required by law or by our contracts with healthcare providers.

Your rights

The information we provide in this section is a brief summary of your rights under the UK GDPR and relevant local legislation (such as the Data Protection Act 2018 in the UK) and you should still read the relevant laws and guidance from the regulatory authorities for a full explanation of these rights.

  • Right to understand how your data is used: You have the right to know how we will use your personal information. This is described in this Privacy Policy.
  • Right to withdraw consent: To the extent that we process data on the basis of your consent, you have the right to withdraw that consent at any time by emailing support@myrecovery.com. If you have given additional consent for your data to be shared to a third-party, you have the right to withdraw this consent at any time by email. Withdrawal will not affect the lawfulness of any processing undertaken prior to your withdrawal;
  • Right of access: Understand and request a copy of information we hold about you (known as a Subject Access Request). You can make a request by email;
  • Right to rectification of your Personal Information: Ask us to rectify any information which you believe is inaccurate or erase information we hold about you, subject to limitations relating to our obligation to store medical records for prescribed periods of time;
  • Right to restrict our processing: Ask us to restrict our processing of your personal data or object to our processing of your data for any specific purpose;
  • Rights in relation to automatic decision making: If we use any systems which make decisions about you by automated means, we will tell you about the existence of such systems and the outcome of such decisions and you have the right to appeal such decisions to a human decision-maker;
  • Right to data portability: You may ask for your data to be provided in exercise of this right, and we will provide an extract of your data record in our standard format. However, we will not carry out any reformatting, conversion or migration of that data to other systems; and
  • Right to object to use of data for marketing: Prevent the use of your personal information for direct marketing purposes.

You may also contact the Information Commissioner’s Office (the data protection regulator in the UK): Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, telephone: 0303 123 1113 (local rate).

Deletion

You may request deletion of your personal data at any time by contacting support@myrecovery.com. Deletion will occur except where retention is required by law or clinical governance rules (for example, medical records retention obligations). Deletion requests will be fulfilled as soon as reasonably possible, subject to legal and clinical record-keeping requirements.

When we act as a data processor for your hospital or healthcare provider, your deletion request will be referred to the data controller, who will decide how to respond in line with clinical and legal requirements.

Upon deletion:

  • your account will be deactivated;
  • personal identifiers will be securely removed; and
  • any remaining data retained for research or service-improvement purposes will be kept only in irreversibly anonymised form.
Cookies & other technologies

When you interact with the Services, we try to make that experience simple and meaningful. When you visit the Site or access or use the App or Dashboard, a web server sends a cookie or other similar technology to your computer or mobile device (as the case may be). Cookies are small pieces of information which are issued to your computer or mobile device (as the case may be) when you visit a website or access or use a mobile App and which store and sometimes track information. A number of cookies we use last only for the duration of your web or App session and expire when you close your browser or exit the App. Other cookies are used to remember you when you return to the Site, App or Dashboard and will last for longer.

The cookies and/or other similar technologies we use collect information, such as the type of internet browser or mobile device you use, any website from which you have come to the Site, App or Dashboard, your IP address and/or the operating system of your computer or mobile device.

We use cookies to remember that you have visited us before. This means we can identify the number of unique visitors we receive. This allows us to:

  • make sure we have enough capacity for the number of users that we get;
  • customise elements of the promotional layout and/or content of the pages of the Services; and
  • collect anonymous statistical information about how you use the Services (including how long you spend on the Services and which devices you use to access them) and where you have come to the Services from, so that we can improve the Site and learn which parts of the Services are most popular with users.

Some of the cookies used by the Services are set by us, and some are set by third-parties who are delivering services on our behalf. These third-parties each have their own cookie policies. As we make changes to our App and Services, the list of third-parties is subject to change. An up to date list of third-parties can be provided on request.

Most web and mobile device browsers automatically accept cookies but, if you prefer, you can change your browser to prevent that or to notify you each time a cookie is set. You can also learn more about cookies by visiting the 'All About Cookies' website which includes additional useful information on cookies and how to block cookies using different types of browser or mobile device.

Please note, however, that by blocking or deleting cookies used on the Services, you may not be able to take full advantage of the Services.

External links

The Services may, from time to time, contain links to external sites. We have not reviewed the content of and are not responsible for the privacy policies or the content of such sites.

Changes to this Privacy Policy and Further Information

We may revise this Privacy Policy from time to time and in doing so we may change what kind of information we collect, how we store it, who we share it with and how we use it. The most current version of the policy will govern our use of your information and will always be at https://www.myrecovery.com - please regularly refer to this website for the latest version of our privacy policy. If we make a change to this policy that we believe, in our sole discretion, is material, we will notify you via an App or Dashboard notification or email to the email address associated with your account. By continuing to access or use our services after those changes become effective, you agree to be bound by the revised Privacy Policy.

Please submit any questions, concerns or comments you have about this Privacy Policy or any requests concerning your personal data by emailing support@myrecovery.com, or writing to us at: HOPCo Ltd Data Protection Officer, 3rd Floor, 1 Ashley Road, Altrincham, Cheshire, WA14 2DT, United Kingdom.

Purposes for which we will use your Personal Data

When processing your personal data, we will always rely on one or more of the following lawful grounds:

Ground 1: It is necessary in order for us to perform a contract we have entered, or are about to enter, into with you (such as our EULA, to provide the services made available through the App).


Ground 2: It is necessary for our legitimate interests (or those of a third-party) as a commercial organisation for the purposes of managing and planning our business and your interests and fundamental rights do not override those interests.


Ground 3: You have provided your express consent to the processing of your personal data for the relevant specified purpose.


Ground 4: It is necessary for the purposes of preventative or occupational medicine, medicinal diagnosis or the provision and management of healthcare and treatment.


Ground 5: It is necessary for reasons of public interest to ensure high standards of quality and safety of healthcare and medical devices.


Ground 6: It is necessary for the purposes of complying with a legal or regulatory obligation.

The table below sets out in more detail some examples of the types of personal data that we will collect, examples of the purposes for which it will be used and on which of the above legal bases we rely (on a non-exhaustive basis):

Purpose/Activity Type of data What is the lawful basis for processing your data
1 2 3 4 5 6
To install the App and register you (if you are a Patient or healthcare professional) as a new App user, or your employees (if you are a Partner, HCP or Healthcare Administrator) as a new user of the Dashboard
  1. Identity
  2. Contact
  3. Login
  4. Treatment-specific Health (App only)
  5. Employee (Dashboard only)
  6. Practice (Dashboard only)
To manage our relationship with you, which will include:
  • Notifying you about changes to our terms or privacy policy
  • Asking you to leave a review or take a survey
  • Provide you with articles and newsletters which we think will be of interest to you
  1. Identity
  2. Contact
  3. Treatment-specific Health (App only)
  4. Other Health (App only)
  5. Third-party Health App (App only)
  6. Communication and app usage (App only)
  7. Employee (Dashboard only)
  8. Practice (Dashboard only)
If you are a Patient, to allow you to track and stay engaged with your recovery progress and activity data
  1. Identity
  2. Contact
  3. Treatment-specific Health
  4. Other Health
  5. Third-party Health App
  6. Communication and App Usage
  7. Location
If you are a Patient, to supply the HCPs and Healthcare Administrators responsible for your treatment with your recovery and activity information to inform them about your care and progression, and (where you are a consenting subject) inform research study/clinical trial coordinators about you
  1. Identity
  2. Contact
  3. Treatment-specific Health
  4. Other Health
  5. Third party Health-App
  6. Communication and App Usage
  7. Location
If you are a Patient, to measure and analyse the effectiveness of the treatment received by you and your progress, in order to allow you, your HCP and Healthcare Administrators responsible for your care to understand your progress, and to allow HCPs and Partners to assess the current effectiveness and safety of treatments and devices used in your care.
  1. Identity
  2. Contact
  3. Treatment-specific Health
  4. Other Health
  5. Third-party Health App
  6. Communication and App Usage
  7. Location
To produce anonymised and aggregated datasets for us, HCPs, Healthcare Administrators and our Partners to derive statistical research data about the effectiveness of medical devices, treatments and care practices in order to:
  • monitor current effectiveness and safety of treatments and devices in patients generally;
  • to allow the creation of machine learning algorithms for the improvement of treatments and devices;
  • inform clinical studies and research papers; and
  • improve existing and develop new healthcare products.
  1. Identity
  2. Contact
  3. Treatment-specific Health
  4. Other Health
  5. Third-party App
  6. Communication and App Usage
  7. Location
Use of the data by HCPs and Healthcare Administrators for clinical assessment of a patient’s illness and recovery process as part of the delivery of a care regime
  1. Identity
  2. Contact
  3. Treatment-specific Health
  4. Other Health
  5. Activity
  6. Communication and App Usage
  7. Employee
  8. Practice
Use of the data by HCPs and Healthcare Administrators for reasons of practice management (in the interests of facilitating dissemination of management information, practice budgeting, evidencing activity and engagement for performance management, etc.)
  1. Identity
  2. Contact
  3. Treatment-specific Health
  4. Activity
  5. Other Health
  6. Communication and App Usage
  7. Employee
  8. Practice
complete a potential merger, sale of assets or transfer of all or a material part of its business, by disclosing and transferring your personal data to the third party or parties involved in the transaction as part of the transaction.
  • Identity
  • Contact
  • Treatment-specific Health
  • Activity
  • Other Health
  • Communication and App Usage
  • Employee
  • Practice
Back to top