Privacy Policy

Mosaic Health AI (“we”, “us”, or “our”) provides AI-powered content generation tools for healthcare communication agencies. This Privacy Policy explains how we collect, use, share, and protect personal data during our pilot programme.

Mosaic acts as a data processor for client-submitted content and as a data controller for user account and analytics data.

Mosaic Health AI Ltd, Company No. 16398270
Second Floor Windsor House, 40/41 Great Castle Street, London, England, W1W 8LU

Email: privacy@mosaichealth.ai

For questions about this policy or your data, please contact us at the email above.

We collect the following categories of personal data:

• User account information (name, email address, login credentials)
• Usage analytics (page visits, feature use, time spent)
• Technical data (IP address, device/browser type)
• Support-related data (emails, troubleshooting logs)

We do not collect or store special category data (e.g. health or patient information) during the pilot.

We use personal data for the following purposes:

• To create and manage user accounts
• To deliver platform features and troubleshoot technical issues
• To analyse usage and improve platform performance
• To ensure security and compliance with legal obligations

We rely on the following lawful bases:

• Contract: To provide access to the platform under pilot agreements
• Legitimate interests: To operate, improve, and secure our services
• Legal obligation: To comply with data protection laws and respond to user requests

We may share data with trusted third-party service providers:

• AWS: Hosting and infrastructure services
• OpenAI: AI model processing (via enterprise API; no data is used to train AI models)
• Google Workspace: Email and internal document management
• Slack: Internal communication and notifications

All vendors are subject to data protection agreements and standard contractual clauses (SCCs) or UK IDTA where required.

Your data may be transferred to or processed in countries outside the UK and EEA. We ensure appropriate safeguards are in place through SCCs or the UK International Data Transfer Agreement.

• Personal data is retained only for the duration of the pilot and up to 30 days after its conclusion.
• After that period, account data will be deleted or anonymised unless legal obligations require further retention.
• Users may request deletion earlier (see Section 10).

We implement appropriate technical and organisational measures, including:

• Encryption at rest and in transit
• Access controls and MFA
• Regular access reviews and cloud-based security best practices

You have the right to:

• Access your personal data
• Correct inaccurate or incomplete data
• Request deletion of your data
• Object to or restrict certain processing

To exercise these rights, email us at privacy@mosaichealth.ai

Our website may use basic cookies or analytics tools to monitor traffic and performance. You will be notified on first visit where cookies apply.