Limbic Access
Privacy Policy, UK
Version 3 | Last Updated: 5 June 2025
OUR PRIVACY PROMISE
We take your privacy seriously. We only collect the information we need to help connect you with mental health services. We’ll always protect your data, explain what we’re doing with it, and respect your rights.
If you have any questions, you can reach us at:
We’re Limbic Limited, a UK company helping people get access to mental health support through our chatbot, Limbic Access.
Company number: 11093861
Data protection registration: ZA779212
We follow data protection laws to make sure your data is handled safely and fairly.
This privacy policy explains:
- What data we collect and why
- How we use and store your data
- Who we share it with
- Your rights over your data
Depending on how you use our chatbot, we might collect:
- Identity info: Name, date of birth, NHS number
- Contact info: Email, phone number
- Messages: Anything you tell us in the chatbot or by email
- Usage info: For example, how long you use the chatbot, where you click in the chatbot
- Health info: Info about your mental health, symptoms, medication, and sensitive things like ethnicity or sexuality if needed by your care provider
We don’t collect info about criminal records or anyone under age 13. Please don’t share that.
We collect information:
- When you use our chatbot
- When you contact us
- If you give feedback or fill out a survey
- When you give us permission to use your data
Sometimes we may get your info from health services or platforms that help us provide the chatbot.
We use your data to:
- Help you get referred to mental health services
- Keep our chatbot running smoothly and fix bugs
- Improve our services and do research (only with anonymised data)
- Respond to questions or feedback
- Meet our legal and safety obligations
We only use the data when we have a good reason - either:
- You’ve given us permission
- We need it to provide our service
- It’s required by law
- It helps us run our service properly and fairly
Health info is sensitive, so we only use it:
- With your permission
- To support you to get care
- To improve healthcare (in anonymised form only), and only if you agree for your data to be used in this way.
You can choose not to share health info, but this may limit how much we can help you.
We only share your data when it’s necessary — either to provide our service, meet legal duties, or support your care. We never sell your data.
We may share your data with:
- Health professionals or organisations involved in your care
- People working at Limbic who need it to provide support
- Companies that help us run the chatbot and keep it safe (“third parties”)
- Regulators, legal advisers or law enforcement (only if required by law)
- Another organisation if our company is ever sold or merged
Who We Share Your Data With (Third Parties):
- Amazon Web Services (AWS): Cloud hosting for our chatbot and systems
- MongoDB Atlas: Stores chatbot data securely (hosted on AWS)
- Sentry: Tracks errors and technical problems
- Mixpanel: Helps us understand how people use the chatbot
- Professional advisers (e.g. regulators, auditors, security experts we use to help us): Help us comply with the law and protect our business
- Health partners: If you’re referred, we may share info with your care team or local mental health service provider
We make sure all these services meet strict security and privacy standards and only use your data for the tasks we’ve asked them to do.
Sometimes, your data may be stored or accessed outside the UK or EU. We only allow this when:
- The country has strong privacy protections
- There are proper safeguards like contracts in place
- It’s necessary for legal reasons
We make sure your data is protected no matter where it is.
We only keep your data as long as needed to:
- Provide you with our services
- Meet legal or regulatory rules
- Defend legal claims
Once it’s no longer needed, we delete it - usually within 30 days.
We protect your data using strong security measures. We follow standards like:
- NHS Data Security and Protection Toolkit
- ISO 27001
- Cyber Essentials
- DCB0129
- Medical device safety regulations
If there’s ever a data breach that puts you at risk, we’ll let you know as soon as possible.
You have the right to:
- Ask for a copy of your data
- Ask us to correct wrong data
- Ask us to delete your data
- Limit how we use your data
- Ask us to send your data to someone else
- Say no to how we use your data
To do this, just email us at data.enquiries@limbic.ai. We’ll send your data in a format that’s easy to read and can be used by another service.
We don’t currently use automated decisions that affect your care or legal rights. If this ever changes, we’ll tell you first and explain how it works.
If you have any concerns, contact us first:
You can also contact the UK’s data protection regulator:
Information Commissioner’s Office (ICO)
We’ll update this notice when needed, the table below shows any changes made.
Document Version | Date | What Changed |
---|---|---|
1.0 | 01/07/2022 | First published |
1.0 | 06/08/2023 | Update to data sharing info |
1.0 | 05/06/2025 | Language simplified for readability and layout |