Legal

Data Processing Policy

How Optimus Medical processes, anonymises, and safeguards health data used by the Optimus AI platform.

Data Controller: Optimus Medical Ltd, Innovation Hub, 42 King Street, London, EC2V 8EQ, United Kingdom

Contact Email: dpo@optimusmedical.uk

Last Updated: 20 April 2026

1. Introduction and Scope

This Data Processing Policy describes how Optimus Medical Ltd ("Optimus Medical", "we", "us", or "our") collects, processes, stores, and protects data in connection with the development, training, and operation of the Optimus AI platform. This policy applies to all data processed by Optimus Medical, with particular emphasis on health and medical data used for AI model training, analysis, and deployment on medical devices.

This policy should be read in conjunction with our Privacy Policy and Cookie Policy.

2. Our Commitment to Anonymisation

🔒 Core Principle: All Data Is Anonymised

All health and medical data processed by Optimus Medical for the purposes of AI model training, development, and analysis is fully anonymised. This means that all personally identifiable information (PII) — including names, dates of birth, NHS numbers, addresses, contact details, unique identifiers, and any other information that could directly or indirectly identify an individual — is permanently and irreversibly removed before the data enters our processing systems.

Anonymisation is not an afterthought at Optimus Medical — it is the foundational requirement of our entire data processing pipeline. Once data has been anonymised, it can no longer be linked back to any individual, and it therefore falls outside the scope of the UK GDPR as it no longer constitutes personal data. We apply anonymisation techniques that meet or exceed the standards set by the Information Commissioner's Office (ICO) and are consistent with the guidance published by the Article 29 Working Party (now the European Data Protection Board).

3. Categories of Data Processed

3.1 Anonymised Health Data

This is the primary category of data used in the development and operation of Optimus AI. It includes:

  • Vital sign measurements — heart rate, blood pressure, temperature, blood oxygen saturation (SpOâ‚‚)
  • Blood glucose readings and metabolic markers
  • Respiratory function data and pulmonary indicators
  • Immune response and inflammatory markers
  • Symptom records, clinical observations, and diagnostic outcomes
  • Historical health trends and longitudinal wellness data

All data in this category has been fully anonymised with all PII removed. No data in this category can be used to identify, directly or indirectly, any living individual.

3.2 Device Telemetry Data

When Optimus AI is deployed on medical devices, the device may generate non-personal technical telemetry data, including model performance metrics, inference latency, error rates, and hardware utilisation statistics. This data is used to monitor and improve the performance of the AI system and does not contain any personal or health data.

3.3 Website and Business Data

Personal data submitted through our website (such as contact form enquiries and demo requests) is processed in accordance with our Privacy Policy. This data is entirely separate from the anonymised health data used for AI processing.

4. The Anonymisation Process

Our anonymisation pipeline is designed to ensure that no personally identifiable information survives into the datasets used for AI training and analysis. The process involves the following stages:

4.1 PII Identification and Removal

All incoming health data undergoes automated and manual review to identify and permanently remove every category of PII, including but not limited to:

  • Full names, initials, and aliases
  • Dates of birth, ages (replaced with age ranges where clinically relevant), and dates of death
  • NHS numbers, hospital numbers, and patient reference codes
  • Postal addresses, postcodes, and geographic identifiers below regional level
  • Email addresses, telephone numbers, and other contact information
  • National Insurance numbers, passport numbers, and other government-issued identifiers
  • Biometric identifiers that could be used for identification (e.g., facial images, fingerprints)
  • IP addresses, device identifiers, and any digital footprints linked to individuals
  • Any free-text fields containing names, locations, or other identifying references

4.2 Data Transformation

After PII removal, data is further transformed to prevent re-identification:

  • Generalisation: precise values are replaced with ranges or categories (e.g., exact age replaced with age band)
  • Perturbation: small, controlled modifications are applied to data points to prevent uniqueness-based identification whilst preserving clinical accuracy
  • Aggregation: where appropriate, individual records are combined into group-level summaries
  • Record unlinking: all associations between data points that could enable cross-referencing with external datasets are severed

4.3 Re-identification Risk Assessment

Every anonymised dataset undergoes a formal re-identification risk assessment before it is approved for use. We evaluate the risk of re-identification through motivated intruder tests, linkage analysis, and statistical disclosure control. Only datasets that meet our stringent anonymisation threshold — where the risk of re-identification is negligible — are permitted to enter the AI training pipeline.

✦ Key Guarantee

Once data has been processed through our anonymisation pipeline, it is impossible to reverse the process or recover any personally identifiable information. The anonymisation is permanent, irreversible, and verified by independent assessment.

5. Purposes of Data Processing

Anonymised health data is processed by Optimus Medical exclusively for the following purposes:

  • AI model training: training the Optimus AI models to recognise diseases, symptoms, viral infections, allergies, and health conditions including diabetes, cardiovascular disease, respiratory disorders, hypertension, and metabolic conditions
  • Model validation and testing: evaluating the accuracy, reliability, and clinical relevance of AI model outputs
  • Research and development: improving the capabilities, fairness, and performance of the Optimus AI platform
  • Clinical validation: working with NHS-affiliated research partners to validate AI model performance against real-world clinical outcomes
  • Product improvement: refining the health insights, risk assessments, and personalised recommendations delivered by Optimus AI

6. Data Sources

Anonymised health data is obtained from the following sources, always in compliance with applicable law and ethical standards:

  • NHS and public health datasets made available for research under approved data access agreements, received in pre-anonymised or pseudonymised form and further anonymised by Optimus Medical
  • Academic and clinical research datasets shared under data sharing agreements with university and hospital partners
  • Publicly available, open-access medical research datasets
  • Aggregated, anonymised data contributed by device manufacturing partners under contractual and ethical frameworks

We do not purchase health data from data brokers, scrape health data from the internet, or collect health data directly from individuals for AI training purposes.

7. Data Storage and Security

All anonymised health data is stored on secure, encrypted infrastructure hosted within the United Kingdom. Our security measures include:

  • AES-256 encryption for data at rest
  • TLS 1.3 encryption for all data in transit
  • Role-based access controls with multi-factor authentication
  • Regular penetration testing and vulnerability assessments conducted by independent security firms
  • Comprehensive audit logging of all data access and processing activities
  • Physical security controls at data centre facilities, including 24/7 monitoring and restricted access
  • Business continuity and disaster recovery plans with encrypted off-site backups

8. Data Retention

Because the health data we process is fully anonymised and cannot be linked to any individual, it does not constitute personal data under the UK GDPR, and standard personal data retention limits do not apply. However, we apply the following retention principles:

  • Anonymised training data is retained for as long as it remains relevant and useful for AI model development and improvement
  • Datasets are reviewed annually to assess continued relevance and accuracy
  • Obsolete or superseded datasets are securely deleted using cryptographic erasure methods
  • Device telemetry data is retained for a maximum of 36 months

9. Data Sharing and Third Parties

Anonymised health data may be shared with the following categories of third parties, strictly for the purposes described in this policy:

  • Research partners: NHS trusts, universities, and clinical research organisations involved in validating or improving the Optimus AI platform
  • Device manufacturing partners: companies integrating Optimus AI into their medical devices, who may receive anonymised performance data and model outputs
  • Cloud infrastructure providers: UK-based hosting and computing providers who store and process data on our behalf, subject to strict data processing agreements
  • Regulatory bodies: where required by law or as part of medical device certification and compliance processes

We never share identifiable health data with any third party because we do not hold identifiable health data. All shared data is anonymised.

10. Legal Basis for Processing

The anonymised health data processed by Optimus Medical does not constitute personal data under the UK GDPR, as all PII has been permanently removed. Therefore, a specific lawful basis under Article 6 of the UK GDPR is not required for its processing.

Where personal data is collected through our website or business operations (e.g., contact form submissions), processing is conducted under the lawful bases described in our Privacy Policy.

Notwithstanding the legal position on anonymised data, Optimus Medical voluntarily applies the highest ethical standards to all data processing activities, including adherence to the principles of data minimisation, purpose limitation, and storage limitation.

11. Ethical Governance

All data processing activities at Optimus Medical are overseen by our internal Data Ethics Committee, which includes representatives from our clinical, legal, engineering, and compliance teams. The Committee is responsible for:

  • Reviewing and approving all new data sources before they enter the processing pipeline
  • Conducting regular audits of the anonymisation process and re-identification risk assessments
  • Ensuring that AI model training and outputs are fair, unbiased, and clinically appropriate
  • Monitoring compliance with this policy and all applicable laws and regulations

12. Your Rights

Because the health data we process for AI purposes is fully anonymised, individual rights under the UK GDPR (such as access, rectification, erasure, and portability) do not apply to this data — it is not possible to identify any individual within our anonymised datasets.

If you have questions or concerns about how we process data, or if you believe that data relating to you may not have been properly anonymised, please contact our Data Protection Officer immediately at dpo@optimusmedical.uk. We take every such concern seriously and will investigate promptly.

For rights relating to personal data collected through our website, please see our Privacy Policy.

13. Changes to This Policy

We may update this Data Processing Policy from time to time. Any material changes will be published on this page with an updated "Last Updated" date. We encourage you to review this policy periodically.

14. Contact

For questions about this policy or our data processing practices, please contact:

  • Email: dpo@optimusmedical.uk
  • Post: Data Protection Officer, Optimus Medical Ltd, Innovation Hub, 42 King Street, London, EC2V 8EQ, United Kingdom
  • Telephone: +44 (0)20 7946 0958