Plain English summary: MyHealthLogger is a Telegram bot that helps you track your health. We collect the health data you log (meals, symptoms, mood, sleep etc.) to provide you with personalised health reports. We use Anthropic's AI to analyse your data. We never sell your data. You can download or delete all your data at any time by typing /mydata or /deleteaccount in the bot.
This Privacy Policy explains how MyHealthLogger ("we", "us", "our") collects, uses and protects your personal information when you use the MyHealthLogger Telegram bot and website at myhealthlogger.com ("the Service").
MyHealthLogger is a trading name of C&M IT Solutions Ltd, registered in England and Wales (Company No. 14951946). Registered address: 20 Morris Drive, Stafford, ST16 3YE, United Kingdom. Contact: [email protected]
C&M IT Solutions Ltd is registered with the Information Commissioner's Office (ICO) under UK GDPR as a data controller (Registration No. C1892663).
1. What Data We Collect
Data you provide directly
When you use MyHealthLogger, we collect the health information you choose to log, which may include:
Your Telegram user ID and first name
Date of birth, biological sex, height, weight and ethnicity (provided during profile setup)
Smoking status, alcohol consumption, exercise habits and diet type
Diagnosed medical conditions, surgical history and family medical history
Known allergies and regular medications
Daily logs of meals, food photographs, water intake, exercise, sleep, mood, anxiety, thoughts, symptoms, toilet habits and medication
Suggestions you submit via the bot
Important: Much of this data constitutes Special Category Personal Data under UK GDPR (Article 9), specifically health data. We process this data only with your explicit consent, which you give when you tap "I agree" during onboarding.
Technical data
We do not collect IP addresses, device identifiers, cookies or browsing data. We only have access to what you send via Telegram.
2. How We Use Your Data
We use your data solely to provide the MyHealthLogger service, specifically:
To store your health logs and make them retrievable via the bot
To generate personalised daily health reports by analysing your logged data using Anthropic's Claude AI
To send you scheduled reminder notifications via Telegram
To improve the quality of health pattern analysis over time
To respond to support queries and suggestions
To comply with our legal obligations
We do not use your data for advertising, profiling for commercial purposes, or any purpose other than providing you with the health logging service.
3. Legal Basis for Processing
Under UK GDPR, we rely on the following legal bases:
Explicit consent (Article 6(1)(a) and Article 9(2)(a)): You give explicit consent during onboarding before any health data is collected. You may withdraw consent at any time by typing /deleteaccount.
Contract performance (Article 6(1)(b)): Processing your basic account data is necessary to provide the service you have requested.
Legal obligation (Article 6(1)(c)): We may process data where required by law.
4. Who We Share Data With
We share your data with the following third parties only to the extent necessary to provide the service:
Anthropic, Inc.
Your health logs are sent to Anthropic's Claude API to generate health reports and analyse food, symptom and exercise entries. Anthropic processes this data as a data processor on our behalf. Their privacy policy is available at anthropic.com/privacy. Anthropic's servers are located in the United States. This transfer is covered by appropriate safeguards under UK GDPR.
OVHcloud
Our server infrastructure is hosted by OVHcloud in London, United Kingdom. Your data is stored on servers physically located in the UK.
Telegram
The Service operates via the Telegram messaging platform. Telegram handles message delivery between you and the bot. Telegram's privacy policy is available at telegram.org/privacy.
We do not sell, rent or share your personal data with any other third parties. We do not use your data for advertising.
5. How Long We Keep Your Data
We retain your data for as long as you have an active account with us. Specifically:
Health logs: Retained for the lifetime of your account to enable long-term pattern analysis
Generated reports: Retained for 12 months then automatically deleted
Consent records: Retained for 7 years to demonstrate legal compliance
Inactive accounts: Accounts with no activity for 24 consecutive months will be automatically deleted
You can request immediate deletion of all your data at any time by typing /deleteaccount in the bot or by contacting us at [email protected].
6. How We Keep Your Data Safe
We implement the following security measures:
All data is transmitted over HTTPS/TLS encryption
Our server is hosted in a secure UK data centre operated by OVHcloud
The database is protected by password authentication and accessible only to the service
Access to the server is restricted to the service owner via SSH key authentication
We do not store payment card details
Despite these measures, no internet-based service can guarantee 100% security. In the event of a data breach affecting your personal data, we will notify you and the ICO within 72 hours as required by UK GDPR.
7. Your Rights
Under UK GDPR you have the following rights regarding your personal data:
Right of access: Request a copy of all data we hold about you. Type /mydata in the bot or email [email protected]
Right to erasure: Request deletion of all your data. Type /deleteaccount in the bot or email us. We will action this within 30 days.
Right to rectification: Correct inaccurate data in your profile via the My Profile section of the bot.
Right to withdraw consent: Withdraw your consent to data processing at any time by typing /deleteaccount. This does not affect the lawfulness of processing before withdrawal.
Right to data portability: Receive your data in a portable format via /mydata.
Right to restrict processing: Request that we limit how we process your data. Contact us at [email protected]
Right to object: Object to processing based on legitimate interests.
To exercise any of these rights, contact us at [email protected]. We will respond within 30 days. If you are not satisfied with our response, you have the right to complain to the Information Commissioner's Office:
Information Commissioner's Office
Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
Tel: 0303 123 1113 ico.org.uk/make-a-complaint
8. Children and Minors
MyHealthLogger is not intended for use by anyone under the age of 16. We do not knowingly collect personal data from children under 16. During onboarding, users must confirm they are 16 or older.
If you believe a child under 16 has provided us with personal data, please contact us at [email protected] and we will delete it promptly.
9. Changes to This Policy
We may update this Privacy Policy from time to time. When we make mate
10. Contact Us
For any privacy-related queries, data subject requests or complaints:
C&M IT Solutions Ltd
Trading as MyHealthLogger
Company No. 14951946 | ICO Registration No. C1892663
Email: [email protected]
Website: myhealthlogger.com
We aim to respond to all requests within 30 days. For urgent matters, please mark your email "URGENT — DATA PROTECTION".