Privacy

We know that your data is extremely personal and private to you, and we take data protection very seriously. As well as being compliant with all relevant data protection regulations such as GDPR, Thriva provides healthcare services which means we are subject to other regulations which together help ensure we look after your data while providing a reliable and high quality service.
What does our CQC registration mean for you?

In 2023 Thriva became QCQ registered. CQC is the independent regulator of health and social care in England. It monitors, inspects, rates and regulates clinical services.

This means Thriva is able to support users to better understand and improve their health by offering regulated medical services in addition to our existing testing services - from conducting a blood test, this test being reviewed by a GP, having a GP video consultation to discuss the results, to the GP’s diagnosis and prescription.

Other regulatory requirements

Our home blood testing kits are CE-marked. This means everything in our kits meets health and safety requirements within the European Economic Area.

Our team of NHS doctors, technologists and clinicians use the power of technology to ensure that everything we do is safe and credible. Some parts of our products are certified medical devices, and these are also regulated by the Medicines and Healthcare products Regulatory Agency (MHRA).

Data protection details

We rely on a lawful basis and special category conditions for processing health data:

  • We use a combination of different Article 6 lawful bases for different processing activities. These will primarily be performance of a contract, compliance with a legal obligation and legitimate interest.
  • We use the Article 9 special category condition for the provision of healthcare systems and services.

For the full details, please review our Privacy Notice.

Opting out

Thriva is committed to allowing our customers control over what happens to their personal data. If you want to delete your account with us at any point, you can do so by clicking here and following the prompts to confirm. You may wish to download your test results first.

Security

Thriva takes extensive measures to ensure the security of our services and protect the data of our customers.
Our standards

Thriva has achieved and maintains an ISO 27001 certification, the international standard for managing information security.

Vulnerability disclosure

Thriva encourages anyone who believes they have found a security bug or vulnerability in any of the applications or services we create or use to report it to infosec@thriva.co.

When investigating and reporting an issue, please:

  • Include as much detail as possible such as: website, IP or page where the vulnerability can be observed; a brief description of the type of vulnerability; steps to reproduce the issue
  • Comply with applicable laws and regulations
  • Do not attempt to modify any data or access personal data of our customers
  • Do not use any tools or take any actions that are likely to impact the availability or integrity of our services
  • Do not share the vulnerability information beyond Thriva, without Thriva's written consent

Thriva values the expertise and effort of those who take the time to report vulnerabilities. Thriva will respond to anyone who has submitted a valid report. You are welcome to ask about the status of a vulnerability report.

At this time, Thriva does not operate a bug bounty programme or provide monetary rewards for vulnerability disclosures.