Compliance and Regulatory Status

Chronicle Health Ltd operates as a UK-based personal health data organisation service. This page summarises the regulatory and governance positions relevant to the service.

Not a medical device

Chronicle Health is not a medical device and is not regulated as such. The service organises and restates your own health records - it does not provide diagnosis, prognosis, clinical decision support, or treatment recommendations. Outputs are personal records intended for you, not clinical artefacts. The service is not designed to diagnose, treat, prevent, or manage any medical condition.

Data protection

  • Data controller: You (the client)
  • Data processor: Chronicle Health Ltd
  • ICO registration: ZC084723
  • Legal framework: UK GDPR, Data Protection Act 2018, Data (Use and Access) Act 2025
  • DPIA: completed before service launch; reviewed annually
  • Article 28 processor terms: included in every Client Contract
  • Sub-processors: Proton AG (Switzerland) for encrypted storage and email; Amazon Web Services EMEA SARL (London region) for AI processing of pseudonymised data via AWS Bedrock and for transactional email delivery of website form submissions via AWS SES
  • International transfers: all personal data processing occurs within the UK and Switzerland (UK-Switzerland adequacy in place)

Company

  • Registered name: Chronicle Health Ltd
  • Companies House No.: 16934023
  • Registered office: 71-75 Shelton Street, Covent Garden, London, WC2H 9JQ
  • HMRC: registered
  • Representative: Thomas Millross (sole director and operator)
  • Professional indemnity insurance purchased: Max £100,000 per claim
  • Legal expenses: £100,000 per claim

Consumer-law compliance

  • Consumer Rights Act 2015 - service provided with reasonable care and skill; statutory carve-outs preserved in the Terms of Service
  • Consumer Contracts Regulations 2013 - pre-contract information and 14-day statutory cancellation right published in the Terms of Service
  • CAP Code - health-related claims on this website are kept to descriptive statements of what the service does

Governance documents

  • Terms of Service - publicly available
  • Privacy Notice - publicly available
  • Client Contract - sent to clients on engagement; contains Article 28 processor terms
  • DPIA - available on request
  • Information Security Policy - internal; available on justified request
  • Complaints Procedure - internal; the FAQ summarises escalation paths

Contact

Chronicle Health Ltd Email: [email protected] Registered office: 71-75 Shelton Street, Covent Garden, London, WC2H 9JQ