Legal
Privacy Notice
Effective Date: 1 June 2025
At Auxilis AI, we are committed to protecting your privacy and ensuring transparency about how we collect, use, and protect your data. This Privacy Policy explains how we process your personal information when you use our website or services, including interactions with our AI-powered GP receptionist system ("Jackie") and our online forms.
1. Who We Are
Auxilis AI ("we", "our", or "us") develops AI-powered conversational agents designed to support General Practices (GPs) in the UK by managing patient communications such as appointment booking, cancellations, and care navigation. We are registered in the United Kingdom and operate in accordance with UK data protection legislation, including the UK GDPR and Data Protection Act 2018.
2. What Information We Collect
We may collect and process the following types of personal information:
2.1 Information you provide directly
Contact forms / Demo request forms: When you fill out forms on our website to request a demo, consultation, or to contact us, we collect:
- Full name
- Email address
- Phone number (if provided)
- Practice name and size
- Any additional information you include in the message
2.2 Technical Data
- Your IP address
- Browser type and version
- Pages you visit and time spent on the site
- Cookies (see Section 7)
2.3 Patient data (via Jackie)
If you are a patient interacting with Jackie through a GP practice phone line, the GP is the data controller and Auxilis AI acts as data processor. In this case, Jackie may collect:
- The phone number you are calling from
- Your spoken responses (voice data)
- Information necessary to fulfill your request (e.g., name, date of birth, appointment preferences)
- Relevant health-related data (only to the extent needed for the requested action)
Note: Patient data handled by Jackie is accessed only through authorized GP systems and never stored or used outside the context of providing the service on behalf of your GP practice.
Note for NHS PDS FHIR API integration
If you are receiving care from a health or care organisation, that organisation may share your NHS number with other organisations providing your care. This is so that the health and care organisations are using the same number to identify you whilst providing your care. By using the same number the health and care organisations can work together more closely to improve your care and support.
Your NHS number is accessed through an NHS England service called the Personal Demographic Service (PDS). If you are calling a GP using Jackie Auxilis AI sends basic information such as your phone number and date of birth to the PDS in order to find your NHS number. Once retrieved from the PDS, the NHS number is stored in our case management system. These data are retained in line with our record retention policies and in accordance with the Data Protection Act 1998, Government record retention regulations and best practice. Further information can be found in our FAQ.
We will share information only to provide health and care professionals directly involved in your care access to the most up-to-date information about you. Access to information is strictly controlled, based on the role of the professional, and where the user has a direct care relationship with you.
The use of joined up information across health and social care brings many benefits. One specific example where this will be the case is the discharge of patients into social care. Delays in discharge (commonly known as bed blocking) can occur because details of social care involvement are not readily available to the staff on the hospital ward. The hospital does not know who to contact to discuss the ongoing care of a patient. The linking of social care and health information via the NHS number will help hospital staff quickly identify if social care support is already in place and who the most appropriate contact is. Ongoing care can be planned earlier in the process, because hospital staff will know who to talk to.
You have the right to object to the processing of your NHS number in this way. This will not stop you from receiving care, but will result in the benefits outlined above not being realised. To help you decide, we will discuss with you how this may affect our ability to provide you with care, and any other options that you have.
If you wish to opt-out from the use of your NHS number by Jackie, you can contact us by emailing privacy@auxilis.ai.
Note for NHS Care Identity Authentication
Please note that if you access our Jackie Patient Request Management service using your NHS Care Identity credentials, the identity access and management services are managed by NHS England. NHS England is the controller for any personal information you provided to NHS England to get a national digital identity and authenticate your claim to that identity, and uses that personal information solely for that single purpose. For any personal information, our role is a "processor" only and we must act under the instructions provided by NHS England (as the "controller") when verifying your identity. To see NHS England's Privacy Notice and Terms and Conditions, view the NHS Care Identity Service 2 page. This restriction does not apply to the personal information you provide to us separately which is managed in accordance with our Privacy Policy.
3. How We Use Your Information
We use your information for the following purposes:
| Purpose | Legal Basis |
|---|---|
| Responding to demo requests and enquiries | Consent / Legitimate interest |
| Operating and maintaining our website | Legitimate interest |
| Improving our services and user experience | Legitimate interest |
| Delivering the Jackie service via your GP | Performance of a contract (with the GP) |
| Ensuring security and compliance with NHS standards | Legal obligation / Legitimate interest |
4. Data Sharing and Third Parties
We do not sell your data.
We may share your information with trusted third parties in the following cases:
- With GP practices using Jackie, for the purpose of delivering the service
- With our IT and hosting providers (e.g., UK-based cloud providers)
- With regulators or public authorities if legally required (e.g., ICO, NHS bodies)
All third parties are contractually bound to handle your data securely and in compliance with GDPR.
5. Data Storage and Security
We take data protection seriously and implement robust security measures, including:
- Encryption of data in transit and at rest
- Role-based access controls
- Regular audits and compliance with NHS standards (including DSPT)
- Hosting on UK-based servers compliant with NHS and GDPR requirements
6. Your Rights Under GDPR
You have the right to:
- Access your personal data
- Correct inaccurate or incomplete data
- Request erasure ("right to be forgotten")
- Object to processing in certain circumstances
- Restrict processing
- Data portability (where applicable)
To exercise your rights, please contact us at privacy@auxilis.ai.
If you are unhappy with how we handle your data, you can also lodge a complaint with the Information Commissioner's Office (ICO).
8. Data Retention
We retain personal information only for as long as necessary:
- Contact/demo form submissions: up to 12 months
- Technical logs: up to 6 months
- Patient interaction logs (where stored securely): as specified in agreement with GP practices and in line with NHS retention policies
9. Children's Privacy
Our website and services are not intended for individuals under 16. We do not knowingly collect personal data from children.
10. Changes to This Notice
We may update this Privacy Notice from time to time. The latest version will always be available on our website. We encourage you to review it periodically.
11. Contact Us
For any questions or concerns about this Privacy Notice or how we handle your data, please contact:
Auxilis AI
Email: privacy@auxilis.ai
Website: www.auxilis.ai