NHS Healthy Quiz

Privacy Policy

Privacy policy for NHS Healthy Quiz
Jan 4, 2026

Privacy Policy

Last Updated: 4 January 2026

Effective Date: 4 January 2026

Introduction

Welcome to NHS Healthy Quiz (the "Service"). We are an independent health assessment calculator powered by publicly available NHS "How Are You" clinical guidelines. Your privacy is extremely important to us.

Important: NHS Healthy Quiz is NOT affiliated with, endorsed by, or connected to the National Health Service (NHS). We are an independent educational tool.

This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our Service, in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Who We Are

Service Name: NHS Healthy Quiz Website: https://www.nhshealthyquiz.com Contact Email: privacy@nhshealthyquiz.com Data Controller: NHS Healthy Quiz (Independent Service Provider)

Information We Collect

1. Anonymous Users (No Account)

If you use the quiz without creating an account, we collect NO personal data on our servers. Your quiz responses and results are:

  • Stored locally in your browser using LocalStorage technology
  • Never transmitted to our servers
  • Completely private and under your control
  • Automatically deleted when you clear your browser data

What we DO collect for anonymous users:

  • Aggregated, anonymized analytics (page views, browser type) via privacy-respecting analytics tools
  • No personal identifiers, no health data, no tracking across websites

2. Registered Users (Optional Account Creation)

If you choose to create an account to save your results and track progress, we collect:

a) Account Information

  • Email address (for login and communication)
  • Password (encrypted and hashed - we never store plain text passwords)
  • Name (optional)
  • Account creation date

b) Health Assessment Data

  • Your quiz responses (answers to 10 health questions)
  • Your health scores (calculated scores for 6 health dimensions)
  • Assessment history (dates and results of your past assessments)
  • Session metadata (assessment completion time, locale)
  • GDPR consent status (whether you agreed to data processing)
  • Consent timestamp (when you gave consent)
  • IP address (at time of consent, for legal compliance)
  • User agent (browser information, for security purposes)

d) Technical Information

  • Device type (mobile, tablet, desktop)
  • Browser type and version
  • Operating system
  • IP address (for security and fraud prevention)

e) Cookies and Similar Technologies

We use strictly necessary cookies for:

  • Authentication (keeping you logged in)
  • Security (CSRF protection, session management)
  • Preferences (theme selection, language)

We do NOT use:

  • Advertising cookies
  • Third-party tracking cookies
  • Social media pixels

How We Use Your Information

For Anonymous Users

  • To display your health assessment results in your browser
  • To improve the quiz experience (through anonymized analytics)

For Registered Users

We use your data to:

  1. Provide the Service

    • Display your personalized health scores
    • Store your assessment history
    • Allow you to track progress over time

  2. Account Management

    • Authenticate your login
    • Send important service notifications (password resets, account security)
    • Provide customer support

  3. Legal Compliance

    • Comply with UK GDPR requirements
    • Maintain records of consent
    • Respond to legal requests from authorities

  4. Service Improvement

    • Analyze aggregate, anonymized usage patterns
    • Identify and fix technical issues
    • Improve quiz questions and scoring

We process your personal data under the following legal bases:

  • Consent - You explicitly consent when creating an account and accepting this policy
  • Contract - Processing necessary to provide the Service you requested
  • Legitimate Interests - Security, fraud prevention, and service improvement
  • Legal Obligation - Compliance with UK laws and regulations

Data Storage and Security

Where We Store Data

  • Servers: Secure cloud infrastructure (Supabase) located in EU/UK data centers
  • Encryption: All data encrypted in transit (TLS/SSL) and at rest (AES-256)
  • Access Controls: Strict role-based access, minimum necessary principle

How Long We Keep Data

  • Account data: Retained as long as your account is active
  • Assessment history: Retained as long as your account is active
  • Consent records: Retained for 7 years after account closure (legal requirement)
  • Deleted accounts: All personal data permanently deleted within 30 days

Security Measures

We implement industry-standard security practices:

  • Encrypted database connections
  • Regular security audits
  • Secure authentication (password hashing with bcrypt)
  • Firewall protection
  • Regular backups (encrypted)

However, please note that no method of transmission or storage is 100% secure. We cannot guarantee absolute security.

Your Rights Under UK GDPR

You have the following rights regarding your personal data:

1. Right to Access

Request a copy of all personal data we hold about you.

2. Right to Rectification

Correct inaccurate or incomplete personal data.

3. Right to Erasure ("Right to be Forgotten")

Request deletion of your personal data. We will comply unless we have a legal obligation to retain it.

4. Right to Restrict Processing

Request that we limit how we use your data.

5. Right to Data Portability

Receive your data in a structured, machine-readable format (JSON).

6. Right to Object

Object to processing based on legitimate interests.

Withdraw your consent at any time (this will not affect prior processing).

8. Right to Complain

Lodge a complaint with the UK Information Commissioner's Office (ICO):

To exercise your rights, contact us at: privacy@nhshealthyquiz.com

We will respond within 30 days as required by UK GDPR.

Information Sharing and Disclosure

We DO NOT:

  • Sell your personal data to third parties
  • Share your health data with advertisers
  • Use your data for marketing purposes (unless you opt-in)
  • Share data with the NHS or any health authority

We MAY share data:

  1. With Service Providers (under strict data processing agreements)

    • Cloud hosting provider (Supabase)
    • Email service (for password resets only)
    • Analytics provider (anonymized data only)

  2. For Legal Reasons

    • To comply with court orders or legal processes
    • To protect our rights, property, or safety
    • To prevent fraud or abuse

  3. Business Transfers

    • In the event of a merger, acquisition, or sale (you will be notified)

All third-party processors are required to comply with UK GDPR.

International Data Transfers

Our servers are located in the EU/UK. We do not transfer data outside the UK/EEA except:

  • When required by law
  • With appropriate safeguards (Standard Contractual Clauses)

You will be notified of any such transfers.

Children's Privacy

NHS Healthy Quiz is intended for users aged 18 and over. We do not knowingly collect data from children under 18.

If we become aware that we have collected data from a child without parental consent, we will delete it immediately.

Parents who believe their child has provided us with information should contact: privacy@nhshealthyquiz.com

Our Service may contain links to external websites (e.g., NHS resources, Samaritans). We are not responsible for the privacy practices of these sites. Please review their privacy policies.

Changes to This Privacy Policy

We may update this policy from time to time to reflect:

  • Changes in our practices
  • Legal or regulatory requirements
  • New features or services

We will notify you of significant changes by:

  • Posting a notice on our website
  • Sending an email to registered users

Continued use of the Service after changes constitutes acceptance of the updated policy.

Cookies Policy

Essential Cookies (Required)

  • Authentication: Keeps you logged in
  • Security: CSRF protection
  • Preferences: Theme, language

Analytics Cookies (Anonymous)

  • Used to understand how users interact with the quiz
  • No personal identifiers
  • You can opt-out in your browser settings

How to Control Cookies

Most browsers allow you to:

  • Block all cookies
  • Delete cookies
  • Accept/reject cookies on a case-by-case basis

Note: Blocking essential cookies may prevent you from using certain features.

Data Breach Notification

In the unlikely event of a data breach affecting your personal data, we will:

  • Notify the ICO within 72 hours (if required)
  • Notify affected users within 72 hours
  • Provide information about the breach and steps to protect yourself

Contact Us

For any privacy-related questions, concerns, or requests, please contact us:

Email: privacy@nhshealthyquiz.com Website: https://www.nhshealthyquiz.com Response Time: Within 30 days

Supervisory Authority

You have the right to lodge a complaint with the UK Information Commissioner's Office (ICO):

ICO Contact: Website: https://ico.org.uk Phone: 0303 123 1113 Address: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF

By using NHS Healthy Quiz, you acknowledge that you have read and understood this Privacy Policy.

Version: 1.0 Effective Date: 4 January 2026 Last Reviewed: 4 January 2026