Now accepting early access applications from NHS and private practicesRegister interest →

Privacy Policy

Last updated: 30 June 2026

Silvia Health Ltd (“Silvia Health”, “we”, “us”) is committed to protecting your privacy. This policy explains how we handle information through the Silvia platform and this website.

Silvia Health Ltd is registered with the Information Commissioner’s Office (ICO).

Who we are

Silvia Health Ltd is a UK company providing Silvia, a structured digital assessment platform for menopause consultations, used by NHS practices and private clinics. Silvia captures and organises patient-reported information for clinician review. It does not diagnose, prescribe, or automate clinical decisions.

Our role

For patient assessment data submitted through Silvia, your healthcare provider (the NHS practice or clinic that invited you to use Silvia) is the data controller. They determine why your data is processed, as part of providing your care. Silvia Health acts as a data processor, handling your data only on your healthcare provider’s instructions and for the purpose of delivering the Silvia service.

If you have questions about how your data is used in your care, your healthcare provider is best placed to answer them. If you have questions about how Silvia Health processes data on their behalf, you can contact us using the details below.

Information we collect

Patient assessment data, submitted when you complete a Silvia assessment, may include:

  • Symptoms and their severity
  • Medical and family history
  • Lifestyle information
  • Treatment preferences
  • Heritage-informed considerations, where relevant
  • Your email address, used only to send you a secure, time-limited link to the assessment

Website contact data, submitted through demo requests, Early Access registration, or enquiries:

  • Name, email address, organisation
  • Any information you choose to include in a message to us

Lawful basis for processing

Patient assessment data, including special category health data, is processed under:

  • Article 9(2)(h) UK GDPR — for the provision of health or social care, as part of your direct care by your healthcare provider
  • Article 6(1)(e) UK GDPR — performance of a task carried out in the public interest, where applicable to NHS use

This processing is not based on consent, consistent with NHS guidance on direct care.

We process website contact data under Article 6(1)(a) (consent, where you opt in to communications) and Article 6(1)(f) (legitimate interest, in responding to enquiries you have made).

Storage and security

Patient assessment data is hosted on Amazon Web Services (AWS) infrastructure in the AWS London region (eu-west-2), within the UK. Data is encrypted in transit and at rest, with access restricted to authorised clinical and technical staff.

AWS and sprintworks (our technical infrastructure partner) act as sub-processors, processing data solely on our instruction and that of your healthcare provider. We have undergone external penetration testing and hold Cyber Essentials certification.

Data retention

Retention periods for patient assessment data are agreed with each healthcare provider as part of our data processing arrangements, and are typically short — data is not retained beyond what’s needed to support your care and the agreed pilot or service period. We are finalising standard retention terms as we move from pilot to wider deployment; this policy will be updated to confirm exact periods.

Your rights

Because your healthcare provider is the data controller, they are responsible for responding to most data subject rights requests, including access, correction, and erasure requests. We support them in fulfilling these requests.

If you’d like to exercise your rights, you can:

  • Contact your healthcare provider directly, or
  • Contact us, and we will direct your request to the appropriate healthcare provider

You also have the right to lodge a complaint with the Information Commissioner’s Office at any time.

Website contact data

For website enquiries (not patient assessment data), Silvia Health is the data controller. We retain this information only as long as necessary to respond to you, or until you ask us to delete it.

Contact

Data Protection Officer: Amy Wild
Email: amy.wild@silviahealth.co.uk

Silvia is designed to support clinical judgement — not replace it. It captures and organises patient-reported information across 18 clinical domains for clinician review. It does not diagnose, prescribe, or automate clinical decisions. Silvia is preparing for registration as a Class I medical device with the MHRA.