AI Doctor Ben Privacy Policy
Last updated: May 4 2026
Who we are
AI Doctor Ben is operated by Qudos Hub Ltd, a company registered in England and Wales with company number 16784632 and registered office at 20 Wenlock Road, London, N1 7GU, United Kingdom.
Who this policy applies to
This Privacy Policy applies to your use of AI Doctor Ben if you are located in the United Kingdom, the European Economic Area (EEA) or the United States. Where UK GDPR or EU GDPR applies, you have specific data protection rights described in the “What are my data rights” section below.
How does AI Doctor Ben protect my health data?
AI Doctor Ben uses a privacy-first hybrid storage model. Your health records (uploaded documents, lab results, AI analysis results, and conversations) are stored only in a private vault on your device using browser-based storage. We do not keep a central database of your health records, and there is no automatic cross-device synchronisation.
We store a small amount of personalisation data on our server with your explicit consent: your preferred name, body profile (height, weight, waist, hip, resting heart rate, body fat percentage, body type), and health vision text. This data powers Dr Ben’s personalised responses and is classified as special category health data under UK GDPR Article 9.
What is our legal basis for using your data?
We only use your personal data where we have a legal basis to do so under UK GDPR and, where applicable, EU GDPR. This will usually be one of:
- Contract: to create and manage your account and provide the AI Doctor Ben service you request (for example, processing your login and queries).
- Consent: for special category health data (for example, your body profile and health vision) and for any optional communications you opt into; you can withdraw consent at any time in your Profile or by contacting us.
- Legitimate interests: to secure our services, prevent abuse, understand aggregate usage, and improve features, in a way that does not override your rights and freedoms.
What information does AI Doctor Ben collect?
Account Information (Server-Side)
We collect your email address and password for account creation and authentication.
Payment Information (Via Stripe)
Payment data is processed securely by Stripe. We never store your credit card details on our servers, only Stripe’s secure customer and subscription reference IDs.
Personalisation Data (Server-Side, With Consent)
During onboarding, we collect with your explicit consent: your preferred name (first name only), body profile (height, weight, waist circumference, hip circumference, resting heart rate, body fat percentage, body type), health vision (your free-text health goals), preferred medical viewpoint, health emotion, and avatar selection. This data is stored on our server to personalise Dr Ben’s AI responses.
Body profile data is classified as special category data (health/biometric data) under Article 9 of UK GDPR. It is collected only with your explicit consent and can be edited or deleted at any time through your Profile settings or by deleting your account.
Health Records (Device Only)
Your health records — uploaded documents, lab results, medical images, AI analysis results, and conversation history — are stored ONLY on your device in a private vault using browser-based storage. These are never transmitted to or stored on our servers.
Is my health data stored in the cloud?
Your health records are not stored in the cloud. Medical documents, lab results, health timeline, AI analysis results, and conversation history are stored exclusively in a private vault on your device using browser-based storage. This means:
- No cloud backup of your health records
- No cross-device synchronisation of health records
- No central database of your medical documents
- Your health records cannot be accessed from other devices
What IS stored on our server: your account details (email, password hash), payment references (Stripe IDs), and personalisation data collected with your consent during onboarding (preferred name, body profile measurements, and health vision text). This is the minimum data needed to run your account and personalise AI responses.
What happens when I submit a health query to AI Doctor Ben?
When you ask AI Doctor Ben a question and choose to attach health records, we send a redacted text snapshot (your question and the relevant lab values or notes) to our AI providers to generate a response. These snapshots are processed in real time and are not kept to build a long-term database of your health records; your original documents remain in your local vault on this device.
- Your question text
- Extracted text from selected records (not the original files)
- Your body profile context (if set)
- Previous conversation context (for follow-up questions)
International data transfers
Our main infrastructure is located in the United Kingdom. When we send de-identified text snippets of your questions and selected health data to AI providers (OpenAI, Google, Anthropic) or other service providers, your data may be processed in other countries, including the United States.
Where UK or EU data protection law applies and your data is transferred outside the UK/EEA, we rely on appropriate safeguards such as adequacy decisions (for example, the EU-US Data Privacy Framework or UK extension, where applicable) or Standard Contractual Clauses approved by the European Commission or UK GDPR authorities. You can contact us if you would like more information about these safeguards.
Third-Party AI Providers
This data is processed by our AI partners: Google (Gemini), Anthropic (Claude), and OpenAI (GPT). These providers process data according to their API terms and do not use your queries for model training. Data is processed in transit and then discarded — we do not store your health queries on our servers.
The AI-generated responses are stored locally on your device as part of your health vault.
Future Improvements
We are working toward encrypting this local vault and moving more of the AI processing directly onto your device, so less of your data needs to leave your phone over time.
Can AI Doctor Ben access my data from another device?
Your health records are device-specific. Each device you use creates an independent, separate health vault. Your records on your phone cannot be accessed from your computer, and vice versa.
Your account data and personalisation settings (preferred name, body profile, health vision) are stored on our server and are available when you log in from any device. But your uploaded documents, analysis results, and conversation history stay on the device where you created them.
Who do we share data with?
We share data only with the following service providers, and only what is necessary:
- Stripe (payment processor) — your email address, for billing and subscription management. Stripe is PCI DSS compliant. No card data touches our servers.
- AI providers (OpenAI, Google, Anthropic) — de-identified health record text and your question, when you choose to ask Dr Ben a question. No email, name, or account identifiers are sent.
- Mailgun (email service) — your email address and email content, for transactional emails (verification, password reset, subscription reminders). EU-region API endpoint used.
No personal data is sold, shared for marketing, or provided to any other third party.
How does AI Doctor Ben secure my data?
We implement industry-standard security measures:
- HTTPS encryption for all data transmission
- Secure password hashing (SHA-256)
- Session-based authentication with automatic expiration (24h)
- Device-isolated storage for health records
- Two-layer subscription gating (frontend + backend 403 enforcement)
- Client-side PII redaction (Privacy Guard) before data reaches AI
- Regular security audits and updates
- Stripe-secured payment processing
What are my data rights with AI Doctor Ben?
You have complete control over your data:
- Access: view all your account and personalisation data anytime in your Profile.
- Rectification: edit your preferred name, body profile, health vision, email, and password through the app.
- Delete: delete your account and all server-stored data (account, body profile, health vision) via the Danger Zone.
- Local Control: clear your locally stored health records at any time through the app.
- Portability: export all local health data as a portable JSON file.
Opt-out: opt out of non-essential communications
You may also:
- Object to certain processing based on our legitimate interests, and
- Request restriction of processing in specific circumstances (for example while a complaint is investigated).
If you are located in the UK or EEA, you can lodge a complaint with your local data protection authority. In the UK, this is the Information Commissioner’s Office (ICO) at ico.org.uk.
Does AI Doctor Ben use cookies?
We use essential cookies and local storage only for authentication, user preferences, and service functionality. We do not use tracking cookies for advertising or sell any data to third parties.
Can children use AI Doctor Ben?
Our service requires users to be 18 years or older to create an account. We do not knowingly collect information from minors.
Family Plans (Coming Soon): parents and guardians will be able to manage their children’s health records through linked family accounts. Children under 18 will have restricted accounts managed by their parent/guardian. When a child turns 18, their account automatically becomes an independent adult account with full control.
Will this privacy policy change?
We may update this Privacy Policy periodically. We will notify you of significant changes by email or through the service. Your continued use after changes constitutes acceptance of the updated policy.
Who is the data controller?
For the purposes of data protection law, the data controller for AI Doctor Ben is Qudos Hub Ltd (Companies House: 16784632, ICO registration: ZC121687), registered at 20 Wenlock Road, London, N1 7GU.
We comply with UK GDPR and the Data Protection Act 2018. You can verify our ICO registration at ico.org.uk.
How do I contact AI Doctor Ben about privacy?
For privacy-related questions, data requests, or concerns: