Menu

Privacy policy

This page explains how Health by Science collects, uses and protects your personal information when you visit our website, submit an enquiry or book an appointment with us.

Close-up of the Health by Science wall branding, highlighting our commitment to data-driven clinical standards in Edinburgh.
View of the multidisciplinary clinical space at Health by Science, where science-led personal training meets professional rehabilitation.

Last Updated: 22nd February 2026

At Health by Science, we take your privacy seriously. We want you to feel confident about how your personal and health data is handled. This policy explains what information we collect, why we need it, and how we keep it safe.

1. Our Commitment to You

Health by Science (“we,” “us,” or “our”) acts as a “data controller.” This means we are responsible for ensuring your data is processed lawfully, fairly, and transparently. This policy applies to all our clients and website users within the United Kingdom.

2. Information We Collect

We collect information to help provide you with the best possible care and service. This happens in a few ways:

  • Directly from you: When you fill out forms, contact us, or complete surveys, we collect details like your name, contact info, and health history (current symptoms, medical background, and lifestyle).

  • Booking Appointments: We use Acuity Scheduling to manage our calendar. They collect your contact details and appointment history so we can send you reminders and keep things organized.

  • During Consultations: We use Google Meet for video calls and Heidi AI to help us take automated, accurate notes. These notes are pseudonymized (meaning they aren’t directly linked to your full identity in the AI system) to protect your privacy.

  • Website & App Use: We use cookies and tools like Uncanny Automator to see how people use our site. This data is anonymized and helps us improve our content and services.

3. How We Use Your Information

We use your data for very specific reasons:

  • Providing Care: To give you personalized health advice and maintain accurate records of our sessions.

  • Communication: To send you reminders, updates, and answers to your questions.

  • Legal & Professional Standards: We are required by HCPC guidelines to keep health records for 8 years.

  • Improving Our Service: To analyze trends (anonymously) so we can make our website and app better for everyone.

The Legal Bit: We process your data because you’ve given us consent, because we have a contract with you to provide services, or because we have a legal obligation to maintain medical records.

4. Who We Share Data With

We don’t sell your data. We only share it with trusted “data processors” who help us run our business. These include:

  • Scheduling & Forms: Acuity Scheduling, Typeform.

  • Consultations & Tech: Google (Meet/Drive), Heidi AI, Zapier.

  • Communication: MessageBird, 360 Dialog, Intercom, Octopods.

We have strict agreements with these companies to ensure they follow UK GDPR rules. Only authorized Health by Science staff who have been trained in data protection can access your information.

5. Keeping Your Data Safe

We use industry-standard security to protect your information, including:

  • Encryption: Your data is encrypted both while it’s traveling over the internet (SSL) and while it’s stored.

  • Access Controls: Only staff who “need to know” can see your data.

  • Regular Audits: We constantly check our systems for vulnerabilities.

  • Breach Notification: If anything ever goes wrong, we will notify you and the Information Commissioner’s Office (ICO) immediately.

6. International Transfers

Some of our service providers are based outside the UK or the EEA (like the US). When we transfer data to them, we ensure they have the right safeguards in place—such as the Data Privacy Framework or Standard Contractual Clauses—to keep your data just as safe as it is in the UK.

7. Your Rights

You have total control over your data. You can ask us to:

  • See your data: Get a copy of what we hold about you.

  • Fix it: Correct any mistakes in your information.

  • Delete it: Request we wipe your data (though we may have to keep health records for the required 8-year legal period).

  • Move it: Request a digital file of your data to take elsewhere.

To exercise any of these rights, just email us at [email protected].

8. Cookies

We use cookies to help our website run smoothly. Some are “essential” (to keep the site working), while others are “performance” or “targeting” cookies (to help us understand what content you like). You can turn off cookies in your browser settings, but some parts of our site might not work as well if you do.

9. Changes to This Policy

If we make big changes to how we handle your data, we’ll let you know via email or a notice on our website.

Contact Us

If you have any questions about your privacy, please get in touch: Email: [email protected] Address: 98 Giles Street, Edinburgh, EH6 6BZ

You also have the right to complain to the Information Commissioner’s Office (ICO) if you aren’t happy with how we use your data.