Skip to main content
Fit to Care

Privacy Policy

Effective Date: March 2026

1. Who We Are

Front Foot MI Ltd (trading as Fit to Care) is the Data Controller for personal data collected via this website and, in certain circumstances, a Data Processor on behalf of client organisations who use our digital platforms.

Front Foot MI Ltd has not appointed a formal Data Protection Officer under GDPR Article 37. Our designated Data Protection Contact for all privacy enquiries is:

Data Protection Contact: Anthony Lawton
Email: anthony.lawton@fittocare.co.uk
Registered Address: Park House, 2 Park View, Gatley, Stockport, Cheshire, SK8 4BL
Company Number: 05457319

2. The Data We Collect

We collect data in the following categories:

Website Visitors

Technical data (IP address, browser type, device information) via cookies, and contact data (name, email) if you fill out our contact forms.

Service Users — Insight Genie

If your organisation invites you to use Insight Genie, we process your anonymous survey responses. Insight Genie does not require registration and does not collect names or identifying information. If voice capture is used, audio is transcribed and the recording deleted — audio is not retained.

Service Users — Dynamic Genie

If your organisation includes you as a named participant in a Dynamic Genie workshop, we process your name, job title, organisational role, strategic contributions during the session, review and sign-off records, and cognitive contribution profile (where a 6Q Leadership assessment has been completed).

Service Users — Meeting Genie Board

If your organisation uses Meeting Genie Board, we process your name, role, attendance records, declarations of interest, contributions during board proceedings, and AI-generated summaries that reference your contributions. This data constitutes governance records.

Service Users — Return on Heartbeats®

If your organisation uses Return on Heartbeats®, we process your anonymous descriptions of operational experiences. If voice capture is used, audio is transcribed and the recording deleted — audio is not retained. Responses are aggregated and not attributed to individuals.

Service Users — National Heartbeats

National Heartbeats is a free, public-facing platform for citizens to share their experiences of UK public services. For National Heartbeats, Front Foot MI Ltd is the data controller (not a data processor for another organisation).

We collect: email address, outward postcode (e.g. “SK1”), age bracket, and ethnicity group (the latter two only if you choose to verify). We do not collect your name, full address, or date of birth. If voice capture is used, audio is transcribed and immediately discarded — we never store audio. Selfie verification runs entirely in your browser; the image never leaves your device.

Full details, including our dual-layer privacy architecture, children's data handling, and data sharing arrangements, are set out in Schedule E of our Platform Terms.

Consultancy Clients

If your organisation engages us for direct consultancy, we process contact data (name, email, phone number, job title) and engagement data necessary to deliver the agreed services.

3. How We Use Your Data

We process your data under the following lawful bases (UK GDPR):

Contractual Necessity

To deliver Insight Genie reports, Dynamic Genie workshops, Meeting Genie Board services, Return on Heartbeats analysis, and consultancy services agreed with your organisation.

Legitimate Interests

To analyse trends in healthcare and organisational leadership (anonymised where possible), to improve our services, and to maintain platform security.

Consent

For sending newsletters or marketing material (only if you have opted in). You may withdraw marketing consent at any time by contacting us. For individual participants in Insight Genie and Return on Heartbeats® who are not parties to the service agreement, processing of your contributions is based on your explicit consent (given via the in-app consent screen) and your organisation's legitimate interests in service improvement. For National Heartbeats, where we are the data controller, processing is based on your explicit consent given during registration or before recording.

4. AI Processing Disclosure

All Fit to Care platforms use artificial intelligence tools to assist with analysis, synthesis, and reporting. We use commercially available AI services (including but not limited to OpenAI, Anthropic, and Google AI) as sub-processors.

AI is used as a support tool — it does not make autonomous decisions about individuals. Where AI-generated outputs are used in governance contexts (Meeting Genie Board), they are reviewed and approved by a designated human officer before being recorded as formal records.

We have opted out of AI providers using our data to train their models where such opt-out mechanisms are available. Data shared with AI sub-processors is subject to our Data Processing Agreements and applicable security controls.

5. Data Sharing and Security

5.1 Third Parties

We do not sell your data. We may share data with trusted sub-processors who assist in running our platforms, including secure cloud hosting providers (Google Cloud Platform, Firebase), AI service providers, and our hosting and development partners. All sub-processors are contractually bound to equivalent data protection standards. A current list of our sub-processors is available on request by emailing anthony.lawton@fittocare.co.uk.

5.2 Security

We employ enterprise-grade encryption in transit and at rest, role-based access controls, and operate in accordance with Cyber Essentials and DSPT (Data Security and Protection Toolkit) requirements applicable to NHS suppliers. Our cloud infrastructure operates in UK data centres (europe-west2, London) where available.

6. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which we collected it:

  • Insight Genie: Individual response data is retained until the project completion report is delivered and deleted within 30 days thereafter. Anonymised aggregated data may be retained for benchmarking.
  • Dynamic Genie: Session data is retained for up to 12 months after the engagement concludes, then securely deleted.
  • Meeting Genie Board: Governance records are retained in accordance with your organisation's retention policy and applicable statutory obligations (typically a minimum of 6 years for NHS board records). Deleted upon written instruction from your organisation.
  • Return on Heartbeats®: Individual response data is retained for the duration of the improvement programme and up to 12 months thereafter. Anonymised aggregated data may be retained for longer.
  • National Heartbeats: Registration data is retained until you delete your account (then removed within 72 hours). Anonymised intelligence data is retained for 7 years. Aggregate analytics follow a 2-year rolling window. See Schedule E for full details.
  • Website and marketing data: Contact form data is retained for up to 24 months. Marketing consent records are retained for as long as the consent remains active.

7. Your Legal Rights

Under the UK GDPR, you have the right to:

  • Request access to your personal data
  • Request correction of inaccurate data
  • Request erasure (“right to be forgotten”) in certain circumstances
  • Object to processing where we rely on legitimate interests
  • Withdraw consent at any time (where processing is based on consent) — to withdraw, email anthony.lawton@fittocare.co.uk and withdrawal takes effect within 5 working days
  • Data portability (to receive your data in a structured, machine-readable format)
  • Object to automated decision-making and profiling that has legal or similarly significant effects on you, and request human review of any such decision

How to exercise your rights: Where your organisation is the data controller (Insight Genie, Dynamic Genie, Meeting Genie Board, Return on Heartbeats®), please contact your organisation's Data Protection Officer in the first instance. For National Heartbeats (where we are the data controller), contact us directly. You may also contact us at anthony.lawton@fittocare.co.uk.

You have the right to make a complaint to the Information Commissioner's Office (ICO) at www.ico.org.uk or by calling 0303 123 1113.

8. Cookies

We use essential cookies to make our site work. With your permission, we may use analytics cookies to understand visitor traffic. You can adjust your browser settings to refuse cookies. For more information, see our Cookie Policy.

9. Changes to This Policy

We may update this Privacy Policy from time to time. The “Effective Date” at the top of this page will be revised to reflect changes. We encourage you to review this page periodically.

Contact Us

If you have any questions about this Privacy Policy, please contact us at:

Front Foot MI Ltd trading as Fit to Care
Data Protection Contact: Anthony Lawton
Email: anthony.lawton@fittocare.co.uk
Phone: +44 (0)7921 786777
Registered Office: Park House, 2 Park View, Gatley, Stockport, Cheshire, SK8 4BL
Company Number: 05457319
ICO Registration: Z3134310