HealthTag Logo

HealthTag

Privacy Policy

Your Privacy Matters

We're committed to protecting your medical information and personal data

Simple Promise: Your Health Data Is Safe

HealthTag exists to save lives by giving emergency responders instant access to your critical health information. We take the responsibility of protecting your medical data seriously and want you to understand exactly how we do it.

Our Legal Basis for Processing Your Data

HealthTag collects and processes your personal and medical information in accordance with UK GDPR. Depending on the context, we rely on the following lawful bases:

  • Consent – When you sign up and provide your medical information, we process it based on your explicit consent. You can withdraw this consent at any time in your account settings.
  • Vital Interests – In emergency situations where you are unable to give consent, we allow first responders to access your medical profile via QR code to help protect your life or prevent serious harm. This is based on the lawful basis of “vital interests” under Article 6(1)(d) of the UK GDPR.
  • Legitimate Interests – We use anonymised usage data to improve the functionality and reliability of HealthTag. This does not override your fundamental rights and freedoms.

We do not sell or share your data with third parties for marketing purposes. Any third-party services we use (such as cloud storage) are under strict data protection agreements.

How Long We Keep Your Data

We retain your account and health profile information for as long as you use HealthTag. If you deactivate your account, your data is disabled and can only be restored by an administrator. Anonymous usage data may be retained for analysis, but it will never identify you.

Third-Party Services We Use

  • Supabase – Cloud data storage, database, and authentication
  • Cloudflare – Traffic analysis, Web Application Firewall (WAF), and DNS
  • Gmail – Email communications
  • PostHog – Website usage analytics (optional, requires consent)
  • Google Analytics – Website usage analytics (optional, requires consent)
  • Each third party is GDPR-compliant and processes your data only under strict agreements that protect your privacy.

Analytics & Consent Management

We use PostHog and Google Analytics to understand how our website is used and improve your experience. PostHog provides advanced analytics and feature flags, while Google Analytics helps us understand user behavior and website performance. Both services are privacy-friendly and GDPR-compliant.

What We Track:

  • Page views and navigation patterns
  • Device type and browser information
  • General location (country level only)
  • Website performance metrics

What We Don't Track:

  • Personal information or health data
  • Individual user behavior
  • IP addresses (anonymized)
  • Cross-site tracking

Your Control:

  • You can accept or reject analytics when you first visit
  • Change your preference anytime via Privacy Settings in the footer
  • Your choice is saved locally and persists across sessions
  • Rejecting analytics won't affect website functionality

International Transfers

Some of our service providers may store data outside the UK or EEA. Where this occurs, we ensure appropriate safeguards are in place, such as standard contractual clauses or equivalent legal protections.

Your Rights Under UK GDPR

Access: Let users view their data

All users data are visible to them on their profile. We do not keep any other data than the ones the users input directly on the profile form.

Rectification: Let users update their info

Users can update all of their data at will, with no restrictions 24/7/365.

Erasure: Let users delete their profile and data

Users can delete their profile and all associated data. This feature is available through their account settings.

Restriction: Allow temporary suspension of processing

No data are processed behind the scenes. Users can however restrict their data to be public or lock them behind a PIN for additional privacy control.

Portability: Provide data in portable format (e.g., JSON/CSV)

Users can request their data in JSON or CSV format. They simply need to email us at privacy@healthtag.cc.

Objection: Allow opt-out from non-essential processing

We do not process any data, we only store the users data as they enter them on their profile. Payments are not stored as they are processed by Shopify.

Withdraw Consent: Easy method to revoke consent

Users can email us at privacy@healthtag.cc to withdraw consent. This will also terminate their account due to our Terms and Conditions.

To exercise any of these rights: Contact us at privacy@healthtag.cc

Who We Are (Data Controller)

HealthTag is operated by HealthTag-HTG, based in the UK. As the data controller, we are responsible for how your personal data is collected, stored, and used.

Concerns or Complaints

If you are unhappy with how we've handled your data, please contact us. You also have the right to lodge a complaint with the UK's Information Commissioner's Office (ICO):
https://ico.org.uk/concerns/

What Information We Collect

Medical Information

  • Medical conditions and allergies
  • Current medications
  • Emergency contacts and relationships
  • Profile photo (optional)

Account Information

  • Email address for account access
  • QR code usage (when accessed by responders)
  • Anonymous feedback from surveys

How We Use Your Information

Emergency Access

First responders can quickly access your critical medical information during emergencies

Profile Management

Keep your medical information current and manage your emergency contacts

Service Improvement

Anonymous usage data helps us make HealthTag better and more reliable

How We Protect Your Data

🔒 Bank-Level Security

Your data is protected with the same level of encryption used by banks and hospitals. We use secure, encrypted connections for all data transmission.

🏥 Medical Standards

We follow strict medical privacy standards similar to those used by hospitals and clinics to ensure your health information stays confidential.

👤 You Control Access

You decide what information is visible and can make your profile private. You can also set a PIN for additional protection of sensitive information.

🔍 Regular Monitoring

We constantly monitor our systems for any unusual activity and have safeguards in place to prevent unauthorized access to your information.

Your Rights and Control

Update

Change your information anytime

View

See what data we have about you

Control

Set privacy levels and PIN protection

Deactivate

Disable your account (reversible by admin)

What We Promise NOT to Do

❌ Never Sell Your Data

We will never sell your medical information to advertisers, insurance companies, or anyone else.

❌ No Spam or Marketing

We won't spam you with marketing emails or share your contact information with other companies.

❌ No Unauthorized Access

Only you and emergency responders (when you need help) can access your medical profile.

Questions About Your Privacy?

We're here to help. If you have any questions about how we protect your data or need to update your privacy preferences, please reach out to us.

privacy@healthtag.cc

This Privacy Policy was last updated on February 21, 2026

We may update this policy occasionally. We'll notify you of any significant changes.