Last updated: 13 July 2025


1. Who we are

Recoverlution Ltd (“Recoverlution”, “we”, “us”, “our”)
Bates Lane, Helsby, Cheshire, WA6 9LH
privacy@recoverlution.com

2. Scope

This notice covers:

  • Marketing site (recoverlution.com) – analytics, contact forms, cookies.
  • Recovery platform / mobile app – patient accounts, journals, wearables, clinician dashboards.

When you use Recoverlution via a rehab or employer, that organisation is a separate data controller for the information it enters; Recoverlution acts as its processor.

3. What we collect

  • Account data – name, email, phone, password hash.
  • Profile & goals – recovery goals, triggers, coping strategies.
  • Clinical notes – journals, mood logs, ResCue usage.
  • Wearable data (optional) – HRV, steps, sleep, location pings.
  • Usage data – IP address, device, feature clicks, crash logs.
  • Marketing preferences – newsletter opt-in/out.

Lawful bases: contract, consent, legitimate interest, legal obligation. Special-category (health) data is processed only with your explicit consent.

4. How we use data

  1. Deliver and secure the platform.
  2. Personalise micro-practices and ResCues.
  3. Generate aggregate analytics for clinicians.
  4. Improve and research product features.
  5. Send optional updates with your consent.
  6. Use anonymised, aggregated data to refine our adaptive models — never fully automated decisions with legal or similar impact.

We never sell personal data or use patient information for third-party ads.

5. Cookies

Essential cookies keep the site working. Analytics and preference cookies load only after you opt in. Full list: recoverlution.com/cookies

6. Sharing & transfers

We share data only with trusted service providers (AWS, Auth0, Mailgun, Webflow, HubSpot) under strict data-processing agreements. Where data moves outside the UK/EEA, we rely on Standard Contractual Clauses.

7. Retention

  • Account & profile: while account active + 7 years.
  • Journals & clinical notes: while account active + 7 years.
  • Analytics logs: 14 months.
  • Marketing contacts: until opt-out or 24 months of inactivity.

8. Your rights

Access • Rectify • Erase • Restrict • Object • Port • Withdraw consent • Complain to the ICO.
Email privacy@recoverlution.com – we respond within 30 days.

9. Security

AES-256 encryption at rest, TLS 1.2+ in transit, MFA for staff, yearly penetration tests. Enterprise clients can enable federated-learning so raw patient data never leaves their environment.

10. HIPAA (US clients)

For US covered entities we sign a Business Associate Agreement (BAA) and follow HIPAA-aligned safeguards.

11. Children

Service intended for users 18 years old and over.

12. Changes

We’ll post any future changes here and email account holders 14 days before they take effect.

Questions?  privacy@recoverlution.com