Trust & security
How we look after your data.
What we do today
- UK GDPR, by design. ParrotPal Ltd is a UK company. Health and nutrition data is special-category data, and we treat it that way: collected with your explicit consent, used to run the service you signed up for.
- We never sell your data. No selling, trading or renting of personal information — to anyone. (It's in our Privacy Policy, and it's a hard rule.)
- Minimum data, maximum purpose. We collect what the LeanShield™ Score and your coaching actually need — calories, protein, training, weight trajectory — not your life story.
- Encryption in transit. All traffic between your device, our services and our partners runs over TLS.
- Payments never touch us. Subscriptions are handled entirely by Apple. We never see or store your card details.
- Deletion on request. Email support@parrotpal.com and we'll delete your account and personal data, subject only to what the law requires us to keep.
- Tightly held access. Production access is restricted to a small number of named people. We're a focused team — your data isn't wandering around an org chart.
What we're certifying next
We're building LeanShield™ to clinical-grade standards, and we'd rather show the work than claim the badge early. Underway as part of our 2026 compliance programme:
- Cyber Essentials Plus certification
- Appointment of an independent Data Protection Officer
- Independent penetration testing of the LeanShield™ API and dashboards
- ISO 27001 certification programme
- MHRA regulatory determination and registration pathway for the LeanShield™ Score
- Clinical safety documentation (DCB0129) and an NHS DTAC readiness pack
- Data protection impact assessments (DPIAs) across every product surface
None of the above is listed as a badge we hold today — that's the point. As each lands, it moves up this page.
For clinical & enterprise partners
Partner deployments run privacy-first by default: a data-processing agreement per deployment, patient-level data visible only to the clinical teams treating those patients, and population views built on aggregate-only reporting designed so employers and insurers can never identify an individual. Security documentation is available during partner due diligence — ask us anything: partnerships@parrotpal.com.
Found a problem?
If you believe you've found a security vulnerability in anything we run, please tell us directly and give us a fair chance to fix it: support@parrotpal.com. We read every report and we'll respond.