EBO Healthcare

AI Healthcare Guide

Privacy Notice for NHS Users

Who We Are

EBO.ai (UK) Ltd. (company number 11544587 and ICO Registration reference: ZA803821), is a technology company providing AI-powered Virtual Agent services to NHS organisations. We operate under strict confidentiality, security, and data protection frameworks in accordance with the UK GDPR and Data Protection Act 2018.

What Data We Process

When you interact with our Virtual Agent through NHS platforms, we may process the following data:

  • Personal identifiers (e.g. name, contact details, NHS number if applicable)
  • Conversation transcripts and interactions
  • User preferences and response patterns
  • Meta-data such as time stamps, technical logs, or anonymised device identifiers

We will only process special category data if it is explicitly required, requested and permitted by your healthcare provider to fulfil a requirement that you may have.

Why We Process Your Data

Your data is processed to:

  • Deliver the Virtual Agent service effectively and securely
  • Pre-populate relevant information if you use NHS login
  • Improve your experience by tailoring responses and functionality
  • Fulfil contractual obligations with the NHS body providing the service

Our lawful basis for processing your data includes:

  • Performance of a contract with the NHS organisation
  • Consent where explicitly provided (e.g. use of NHS login)
  • Legitimate interest to improve, audit and secure our AI services fully respecting all obligations around confidentiality and privacy,

Anonymised Data and Research

We may process anonymised data for:

  • Statistical analysis
  • Service improvement
  • Research and product development

No identifiable personal data is included in such use. All anonymisation adheres to ICO and NHS standards. EBO retains ownership of any derived statistical or research results, which may be used to enhance our AI models and services.

NHS Login & App

You can access Virtual Agent solutions offered through the NHS App, NHS website or other service webpages using your NHS login details, when appropriate. If you sign in using NHS login, we will ask your permission to share your NHS login information with our service. This allows us to fill in some personal details for you, such as your name, contact details or NHS information as required.

We will not use your NHS login information for any other purposes. You can only share your NHS login information if you have proved your identity to NHS login.

If you choose not to share your NHS login information, you will need to enter your information yourself whilst using our service, when this option is available.


Data Security

We take data security seriously. Your data is:

  • Encrypted in transit and at rest
  • Stored within geo-redundant, UK or EU-based, GDPR-compliant infrastructure as requested by your Healthcare Provider
  • Protected by strict internal access controls and monitoring

We follow industry best practices and NHS Digital’s data protection toolkit.

Data Sharing

Your data is not sold or shared with third parties for marketing.

It may be shared only:

  • With NHS organisations involved in your care
  • With technical partners under strict data processing agreements, if necessary,
  • When required by law

Data Retention

Your identifiable data is retained only as long as necessary for the purposes described above. Anonymised data used for research purposes may be retained securely and indefinitely or as established via contractual framework with your Healthcare Provider.

Your Rights

You have the right to:

  • Access your personal data
  • Request correction or deletion
  • Object to or restrict processing
  • Withdraw consent (where applicable)
  • Lodge a complaint with the Information Commissioner’s Office (ICO)

To exercise your rights, contact: hello@ebo.ai or contact your Healthcare Provider in the NHS.

Back to top