Privacy Policy
Last updated: 2025
This Privacy Policy explains how Xysync (“we”, “our”, “us”) collects, uses, stores and protects personal data when individuals use our website or services. Xysync is currently in the process of formal company registration. Once official company details (including Companies House registration number and ICO registration number) are issued, they will be added to this notice.
1. Who We Are
Xysync is a developing digital health technology platform designed to provide users with secure access to health-related services including symptom checking, clinical communication, and medical data management. At this stage, we collect only minimal personal data (such as email addresses for early-access registration). We do not currently process medical or special category health data. If this changes, this policy will be updated prior to collection.
2. Data We Collect
We currently collect only the following types of data:
- Email address (for waitlist or contact enquiries)
- Any information voluntarily provided by the user when contacting us
In the future, we may collect additional information such as account details, usage data, or medical information. Any expansion of data processing will be governed by an updated version of this policy.
3. Legal Basis for Processing
Under the UK GDPR, our lawful bases for processing personal data are:
- Consent – when a user joins a waitlist or requests contact
- Legitimate Interest – maintaining site security and operation
- Contract – if a user signs up for services in the future
If we begin processing health data (“special category data”), we will rely on UK GDPR Article 9(2)(h) (healthcare provision) and will register with the ICO before doing so.
4. Cookies & Analytics
Xysync may implement cookies, analytics tools, or similar tracking technologies in the future (for example Google Analytics or privacy-focused analytics providers). If and when these are introduced, users will be presented with a cookie banner and will have control over optional cookies.
We will not use tracking cookies without consent.
5. Data Storage & Security
Personal data may be stored on secure cloud infrastructure located in the UK, EU, or internationally. If data is stored outside the UK, it will be protected using UK GDPR-approved safeguards such as Standard Contractual Clauses (Article 46).
6. How Long We Keep Data
Email enquiries and waitlist data are retained only as long as necessary to operate the service or until a deletion request is received.
7. Your Rights Under UK GDPR
You have the right to:
- Access your personal data
- Request correction or deletion
- Withdraw consent at any time
- Request restriction or objection to processing
- Request data portability
Requests may be made by email (see contact below).
8. Third-Party Processors
We may use third-party service providers for hosting, analytics, email delivery, or security. All processors will be listed here once active. We do not rent or sell personal data.
9. Contact & Data Protection Enquiries
For privacy enquiries or GDPR requests, you may contact us at:
10. Future Updates
This policy will be updated before Xysync begins handling medical or special category data, or upon company registration with Companies House and the ICO.