Skip to main content

App Privacy Policy

App Privacy Policy

Last updated: January 2026
Next review: January 2027

This privacy notice applies to all users (“you”) of the DigiBete mobile and tablet application (the “App”).

If you are not happy for your information to be used in the way described here, you should stop using the DigiBete App and remove it from your device. If you have any questions about how your data is used, please contact us at app@digibete.org.

This notice explains:

  • what personal information we collect;
  • how and why we use it;
  • who we share it with;
  • how long we keep it; and
  • the rights you have under UK data protection law.

This App Privacy Policy should be read alongside our Website Privacy Policy and Children’s Privacy Policy (where applicable).


1. Who we are

DigiBete is responsible for deciding how and why personal information used through the App is processed.

DigiBete is the data controller for limited operational, support, security, and account-management processing associated with the App. Where healthcare organisations use the App to support patient care, education, care-plan workflows, or clinic engagement, DigiBete acts as a data processor on behalf of the relevant NHS organisation under applicable data processing agreements.

Registered details:
DigiBete (Company No. 10371773)
Registered office: Platform, 3rd Floor Tech Hub, New Station Street, Leeds, England, LS1 4JB

Contact: app@digibete.org 

Data Protection Officer (DPO):
John Hughes
Email: john@digibete.org 


2. Children and young people

The DigiBete App is designed for children and young people living with diabetes, as well as their parents, carers, and families.

We apply the ICO Children’s Code and always consider the best interests of the child when designing and operating the App.

A child-friendly version of this App Privacy Policy is available to explain key points in simple language.


3. What information we collect

A. Information you provide

We collect:

  • your name;
  • date of birth;
  • email address;
  • information about whether you are a patient, parent, carer, or guardian;
  • health information that you choose to enter into the App (for example, information stored within the Type 1, Type 2, or Early Type 1 sections).

Where enabled by a healthcare organisation, users may also participate in care-plan workflows, invitation processes, or clinic communications linked to NHS diabetes services.


There is option for you to provide the following data:

  • Gender
  • Length of diagnosis
  • First 4 digits of postcode
  • Your preferred language

Health information is treated as special category data under UK GDPR and handled with additional safeguards.

B. Information collected automatically

When you use the App, we may collect:

  • device and operating system information;
  • app usage data (for example, which features are used);
  • log and error information.

We do not collect precise location data.


4. How we use your information

We use personal information to:

  • provide access to the App and its features;
  • share relevant information with the clinic that provided you access to the App;
  • provide tailored educational content from your clinic;
  • notify your clinic when you have accessed or read content they have sent;
  • operate, maintain, and improve the App;
  • respond to enquiries, complaints, or feedback;
  • comply with legal and regulatory obligations;
  • produce aggregated or anonymised information for service improvement, training, and research;
  • support care-plan collaboration between clinics, families, schools, and authorised carers where enabled by the relevant healthcare organisation;
  • manage invitation and approval workflows associated with school care plans or clinic services;
  • notify you about changes to the App or this privacy notice.

We do not use your data for targeted advertising.


5. Our lawful bases for processing (UK GDPR)

Under UK GDPR, we must have a lawful basis for using your information.

A. App provision and clinic interaction

  • Article 6(1)(b) – Contract: processing is necessary to provide the App and related services to you.
  • Article 6(1)(e) – Public task (where healthcare organisations use the App to support healthcare services);
    • DigiBete processes information under instruction from NHS healthcare organisations acting as Data Controllers for healthcare-related processing activities;
  • Article 9(2)(h) – Health or social care (where applicable): processing necessary for the management of health or care services.

B. Special category health data

  • Article 9(2)(a) – Explicit consent, where you choose to enter health information into the App.

C. Legal and regulatory obligations

  • Article 6(1)(c) – Legal obligation, where we must comply with law or regulator requests.

D. Service improvement and safety

  • Article 6(1)(f) – Legitimate interests, to operate, secure, and improve the App (balanced against your rights).

You can withdraw consent at any time via the App or by emailing app@digibete.org. Withdrawal of consent does not affect processing already carried out.


6. Sharing your information

We do not sell your personal information.

We may share information:

  • with the clinic that provided you access to the App;
  • with trusted suppliers who support App hosting, analytics, messaging, and security (acting as data processors);
  • with regulators or public bodies where required by law (for example, the ICO, NHS bodies, or safeguarding authorities).

Information may also be shared with carers, or care-plan participants where required, and permission given, to support approved care-plan workflows managed by NHS organisations.

Access by suppliers is strictly limited, monitored, and subject to confidentiality and security obligations.


7. Analytics and notifications

We use Google Firebase Analytics to understand how the App is used and to improve performance and reliability.

Analytics data is used in an aggregated or pseudonymised form and is not used to identify you.

We also use Firebase Cloud Messaging to send service-related notifications (for example, clinic messages or important updates).


8. International transfers

Some of our suppliers (for example, Google) may process data outside the UK.

Where this happens, we ensure appropriate safeguards are in place, such as UK adequacy regulations or approved contractual protections.


9. How long we keep your information

We keep personal information only for as long as necessary, including:

  • while you have an active App account;
  • to meet legal, regulatory, or clinical record retention requirements;
  • for security and audit purposes.


10. How we keep your information safe

We use appropriate technical and organisational measures, including:

  • encryption of data in transit (HTTPS);
  • secure storage on devices (iOS Keychain / Android encrypted storage);
  • access controls and monitoring;
  • regular security testing.


11. Your rights

You have rights under UK GDPR, including the right to:

  • access your personal data;
  • correct inaccurate data;
  • request deletion (where applicable);
  • restrict or object to processing;
  • data portability (where applicable);
  • withdraw consent at any time;
  • complain to the Information Commissioner’s Office (ICO).

We aim to respond to rights requests within one month.


12. Automated decision-making

We do not use automated decision-making or profiling that produces legal or similarly significant effects.


13. Complaints

If you have concerns about how we use your information, please contact us at app@digibete.org.

You also have the right to complain to the Information Commissioner’s Office (ICO):
Website: https://www.ico.org.uk
Telephone: 0303 123 1113

14. Changes to this policy

We may update this privacy notice from time to time. The latest version will be made available within the App.


DigiBete, January 2026