Compliance and Regulatory Status
Chronicle Health Ltd operates as a UK-based personal health data organisation service. This page summarises the regulatory and governance positions relevant to the service.
Data Protection
- Data controller: You (the client)
- Data processor: Chronicle Health Ltd
- ICO registration: ZC084723
- Legal framework: UK GDPR, Data Protection Act 2018, Data (Use and Access) Act 2025
- DPIA: completed before service launch; reviewed annually
- Article 28 processor terms: included in every Client Contract
- Sub-processors: Proton AG (Switzerland) for encrypted storage and email; Amazon Web Services EMEA SARL (London region) for AI processing of pseudonymised data and for transactional email delivery of website form submissions
- International transfers: all personal data processing occurs within the UK and Switzerland (UK-Switzerland adequacy in place)
Company
- Registered name: Chronicle Health Ltd
- Companies House No.: 16934023
- Registered office: 71-75 Shelton Street, Covent Garden, London, WC2H 9JQ
- HMRC: registered
- Representative: Thomas Millross (sole director and operator)
- Professional indemnity insurance: held
Consumer-Law Compliance
- Consumer Rights Act 2015 - service provided with reasonable care and skill; statutory carve-outs preserved in the Terms of Service
- Consumer Contracts Regulations 2013 - pre-contract information and 14-day statutory cancellation right published in the Terms of Service
- CAP Code - health-related claims on this website are kept to descriptive statements of what the service does
Not a Medical Device
Chronicle Health is not a medical device and is not regulated as such. The service organises and restates your own health records - it does not provide diagnosis, prognosis, clinical decision support, or treatment recommendations. Outputs are personal records intended for you, not clinical artefacts. The service is not designed to diagnose, treat, prevent, or manage any medical condition.