Contents
1. Who We Are
IMA Ready is a digital appointment preparation tool developed and operated by WIM Studio Ltd, a company registered in England and Wales.
- Data Controller: WIM Studio Ltd
- Contact: hello@imaready.co.uk
- Website: imaready.co.uk
- ICO Registration: [INSERT ICO REGISTRATION NUMBER ONCE RECEIVED]
2. What This Policy Covers
This Privacy Policy explains how WIM Studio Ltd collects, uses, stores, and protects your personal data when you use IMA Ready at imaready.co.uk. It applies to all users of the app, including pilot participants and paying subscribers.
3. What Data We Collect
Account Data:
- –Email address (used for login and account management)
- –First name or alias (as provided by you)
Profile Data (collected during onboarding):
- –Age range
- –Occupation (optional)
- –Ethnicity (optional — used solely for equity research purposes)
- –Partial postcode — first half only (optional)
- –Whether you have seen a doctor or nurse in the last 12 months
- –Baseline confidence score (0–10 slider)
Health-Related Data (provided by you during use):
- –Symptom descriptions and body areas selected
- –Appointment goals
- –Duration, severity, and impact of symptoms
- –Appointment summaries generated by the app
- –Post-appointment reflections and confidence scores
Consent Records:
- –Timestamp and version number of consents given
- –Individual consent responses stored separately
Technical Data:
- –Device type and browser
- –App usage patterns (e.g. time to complete summary, screens visited)
- –No cookies used for advertising or tracking
Payment Data:
- –Payment processing is handled entirely by Stripe. WIM Studio Ltd does not store card details. We retain subscription status and billing dates only.
4. Legal Basis for Processing
We process your data on the following legal bases under UK GDPR:
- –Consent — you have explicitly agreed to each category of processing at onboarding. You may withdraw consent at any time.
- –Legitimate interests — for app improvement, security, and fraud prevention.
- –Contract — to deliver the subscription service you have paid for.
Where we process special category data (health information), we rely on your explicit consent as the lawful basis.
5. How We Use Your Data
We use your data to:
- –Provide and improve the IMA Ready service
- –Generate structured appointment summaries
- –Measure outcomes and improve the tool based on usage patterns
- –Conduct anonymised research into appointment preparedness and patient communication
- –Share anonymised, aggregated data with NHS bodies, research institutions, or funders solely for the purpose of evidencing the effectiveness of IMA Ready — only where you have consented to this
- –Send product updates and communications where you have opted in to marketing
- –Manage your subscription and process payments via Stripe
We will never:
- ✕Sell your data to third parties
- ✕Use your data for advertising purposes
- ✕Share your identifiable data with your GP or any healthcare provider without your explicit instruction
6. Data Sharing
We share data only in the following circumstances:
- –Supabase (database infrastructure) — your data is stored securely on Supabase servers. A Data Processing Agreement is in place.
- –Stripe (payment processing) — handles all subscription billing. Stripe is PCI-DSS compliant. We never see your card details.
- –AI API providers — used to structure your appointment summary. Data passed to AI processing is not stored by the provider beyond the request. A Data Processing Agreement is in place.
- –NHS bodies, research institutions, or funders — only anonymised, aggregated data, and only where you have consented to this at onboarding.
We do not use third-party advertising platforms. IMA Ready is ad-free.
7. Data Retention
We retain your personal data for as long as your account is active. If you delete your account, all identifiable data is permanently deleted within 30 days.
Anonymised, aggregated research data may be retained beyond account deletion for the purposes of ongoing research and evidencing effectiveness.
Consent records are retained for 6 years from the date of consent for legal compliance purposes.
8. Your Rights
Under UK GDPR, you have the right to:
- –Access — request a copy of the data we hold about you
- –Rectification — ask us to correct inaccurate data
- –Erasure — request deletion of your data ("right to be forgotten")
- –Restriction — ask us to limit how we use your data
- –Portability — receive your data in a structured, machine-readable format
- –Object — object to processing based on legitimate interests
- –Withdraw consent — at any time, without affecting the lawfulness of prior processing
To exercise any of these rights, email us at hello@imaready.co.uk. We will respond within 30 days.
You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.
9. Data Security
We take data security seriously. Our measures include:
- –All data encrypted in transit (HTTPS/TLS)
- –Data encrypted at rest in Supabase
- –Row Level Security enabled — users can only access their own data
- –Two-factor authentication on all admin accounts
- –Access to user data restricted to authorised personnel only
In the event of a data breach that poses a risk to your rights and freedoms, we will notify the ICO within 72 hours and affected users without undue delay.
10. Camouflage Mode & Privacy Features
IMA Ready includes a Camouflage Mode feature. When enabled, the app displays a neutral disguise screen (such as a grocery list or recipe book) to protect your privacy in shared or sensitive environments.
Your disguise preference is stored locally on your device and in your user profile. It does not affect how your health data is stored or processed.
11. Children
IMA Ready is intended for users aged 18 and over. We do not knowingly collect data from anyone under 18. If you believe a minor has created an account, please contact us at hello@imaready.co.uk and we will delete the account immediately.
12. Changes to This Policy
We may update this Privacy Policy from time to time. When we do, we will update the date at the top of this page and notify you by email if the changes are material. Continued use of IMA Ready after changes constitutes acceptance of the updated policy.
13. Contact Us
If you have any questions about this Privacy Policy or how we handle your data:
Questions about your data?
hello@imaready.co.uk