Privacy and UK GDPR
Healthcount is designed around data minimisation. We collect only what's needed, report only in aggregate, and never share individual health data with employers or insurers.
Data minimisation
Healthcount collects the minimum data needed to support maintenance. We don't require detailed food diaries, extensive health questionnaires, or continuous monitoring. The inputs are:
- An occasional weight datapoint (not daily)
- Optional activity and sleep trends (connected where available)
- An optional medication schedule with lightweight check-ins
- Short check-ins when prompted by drift signals
Purpose limitation
Data collected by Healthcount is used for one purpose: supporting GLP-1 maintenance. It is not used for marketing, profiling, or resold to third parties. Member data drives two outputs — personal maintenance signals for the member and anonymised, aggregated reporting for funders.
Aggregation and anonymisation
Reporting for insurers and employers is grouped and de-identified. We use minimum group sizes to reduce re-identification risk. Funders see cohort-level patterns, not individual journeys.
What funders see
- Activation rates (e.g. first check-in within 14 days)
- Retention rates (e.g. active at 8 weeks)
- Stop–start proxies (28+ day gaps and restart rates)
- Drift signal distributions across the cohort
- Safety signposting frequency
No individual employer reporting
Employers do not see individual employee health data. They do not see who is using Healthcount, what signals have been detected, or what actions have been suggested. This is a non-negotiable design principle.
Minimum group sizes are enforced to prevent small-group re-identification. If a cohort is too small for safe reporting, data is withheld until the group size threshold is met.
For full legal details, see our Privacy Policy and GDPR Compliance pages.
Privacy-safe reporting for funders
Aggregated insights without individual data exposure. See how a pilot works.