Start — £49

Legal

Privacy notice

This notice explains what personal data Finally Seen Ltd collects when you use our service, how we use it, and your rights under the UK GDPR and Data Protection Act 2018.

Plain-English summary. Reviewed against UK GDPR, Consumer Rights Act 2015, Consumer Contracts Regulations 2013 and the E-Commerce Regulations 2002 — but this is not a substitute for advice from a solicitor. Last updated 18 May 2026.

1. Who we are

Finally Seen Ltd ("Finally Seen", "we", "us") is the data controller for the personal data described in this notice. You can contact us at hi@finallyseen.org.uk.

2. What data we collect

  • Identity & contact — your name, email address, postcode.
  • Health information (special category data under Article 9 UK GDPR) — the conditions you tick, the symptoms you describe, the impact on your life, what your GP has said and done, and what outcome you want. You choose what to share.
  • GP details — your GP surgery name and (optionally) the GP's name.
  • Payment data — handled by Stripe Payments UK Ltd. We receive a confirmation and a transaction ID; we never see your full card number.
  • Technical data — server logs needed to keep the service running and secure. We use cookieless, anonymised analytics — no tracking cookies.

We do not collect your NHS number, date of birth, or medical records. If you choose to add your NHS number to the letter yourself before sending it to your GP, that copy is between you and your GP.

3. Our lawful bases

  • Contract (Art. 6(1)(b)) — to provide the complaint letter you have paid for.
  • Legitimate interests (Art. 6(1)(f)) — to keep the service safe and to improve it.
  • Explicit consent (Art. 9(2)(a)) — for handling the health information you provide. You give this consent by ticking the relevant box and submitting the form. You can withdraw it at any time by emailing us — see §7.
  • Establishment or exercise of legal claims (Art. 9(2)(f)) — using your health information to draft an NHS complaint letter falls within this basis.

4. Who we share it with (processors)

  • Lovable Cloud / Supabase — application hosting and database (EU region).
  • Stripe Payments UK Ltd — payment processing.
  • OpenAI Ireland Ltd and Google Ireland Ltd — used as AI processors to draft your letter. We send only the information needed to draft it. Inputs and outputs are not used to train their public models.
  • Email delivery providers — to send your letter PDF to your email.
  • HMRC, regulators, courts — where required by law.

We do not sell your data. We do not transfer it outside the UK / EEA without appropriate safeguards.

5. How long we keep it

  • Assessment answers (including health information) — up to 90 days, then redacted.
  • Generated letter text — up to 24 months, so we can reissue it if you ask.
  • Payment records — 6 years, as required by HMRC.
  • Email-suppression records — kept indefinitely to honour unsubscribe requests.

6. Security

Data is encrypted in transit and at rest. Access is restricted to authorised personnel and audited. We use a single-row access model — your record is only accessible to systems acting on your behalf.

7. Your rights

You have the right to:

  • access a copy of your data;
  • have it corrected or erased;
  • restrict or object to processing;
  • data portability;
  • withdraw consent at any time (this does not affect anything already done lawfully).

To exercise any of these, email hi@finallyseen.org.uk. We will respond within one month.

You can also complain to the UK Information Commissioner's Office at ico.org.uk/make-a-complaint.

8. Children

The service is for adults aged 18 and over. We do not knowingly collect data from anyone under 18.

9. Changes

We may update this notice. When we make material changes, we will revise the "last updated" date at the top and, where appropriate, notify you by email.

Finally Seen Ltd, Registered in England, 71-75 Shelton Street, Covent Garden, London, WC2H 9JQ. Company no. [pending incorporation].

Contact: hi@finallyseen.org.uk

See also: Privacy · Terms · Disclaimer · Refunds

Start your letter — £49