Security & Data Protection

Overview

CookJam is designed to support the delivery of nutrition-based healthcare, which requires the responsible handling of sensitive personal and health-related data.

We take a privacy-first and security-by-design approach, ensuring that data is protected throughout its lifecycle, from collection to storage, processing, and deletion.

Our objective is to provide a platform that healthcare providers, insurers, and wellbeing organisations can trust to support patient care while maintaining strong data protection standards.

Our Approach

Security and data protection are built into how CookJam is designed and operated.

We focus on:

• Protecting sensitive health and behavioural data
• Ensuring appropriate access and control
• Maintaining system integrity and availability
• Supporting compliance with UK GDPR and related frameworks

Data Protection Principles

CookJam aligns with the core principles of UK GDPR:

Data minimisation

We collect only the data necessary to deliver and improve nutrition-based care, including dietary inputs, symptom tracking, and relevant user information.

Purpose limitation

Data is used strictly for:

• delivering the service
• supporting patient care
• improving platform functionality and outcomes

We do not use personal data for unrelated purposes.

Transparency and control

Users and partner organisations are informed about how data is used and can exercise their rights in accordance with applicable laws.

Data Storage & Infrastructure

CookJam uses secure, modern cloud infrastructure to ensure reliability and protection of data.

• Data is hosted with reputable cloud providers
• Infrastructure is designed for high availability and resilience
• Hosting is located within the UK and/or European Economic Area where possible
• Backups and recovery processes are in place to maintain data integrity

Encryption & Data Security

We apply industry-standard security measures to protect data:

Encryption in transit

All data transmitted between users and the platform is secured using HTTPS/TLS protocols.

Encryption at rest

Sensitive data is encrypted at rest where applicable.

Secure data handling

Data is processed in controlled environments with appropriate safeguards.

Access Control & Authentication

Access to data is tightly controlled:

• Role-based access controls ensure users only access what is necessary
• Internal access is restricted to authorised personnel
• Authentication mechanisms are enforced across systems
• Access is reviewed and managed on an ongoing basis

Data Segregation

We enforce logical separation of data:

• Patient data is isolated between users and organisations
• Organisational boundaries are respected to prevent unauthorised cross-access
• Multi-tenant architecture is designed with separation controls in place

Data Retention & Deletion

CookJam follows clear data lifecycle practices:

• Data is retained only for as long as required to deliver services
• Retention policies are aligned with legal and operational requirements
• Users may request deletion of their data
• Secure deletion processes are applied when data is no longer needed

GDPR & Regulatory Alignment

CookJam operates in accordance with UK GDPR and general data protection regulations.

Depending on the context, CookJam may act as:

Data Processor

Processing data on behalf of healthcare providers or partner organisations.

Data Controller

For direct interactions with users on the platform.

We support partners with:

• Data Processing Agreements (DPAs)
• Documentation for compliance reviews
• Alignment with internal governance processes

Clinical Use & Responsibility

CookJam is designed to support healthcare delivery, not replace it.

• The platform enables tracking, engagement, and insight into nutrition-related behaviour
• Clinical decisions remain the responsibility of qualified professionals
• The system supports, but does not independently diagnose or prescribe treatment

AI & Data Usage

CookJam incorporates AI to support care delivery and operational efficiency.

This includes:

• documentation support
• behaviour insights
• user interaction assistance

We apply safeguards to ensure:

• AI is used to assist, not replace, clinical judgement
• personal data is not used inappropriately
• controlled environments are used for any model improvement processes
• no unauthorised sharing of personal health data occurs

Security Operations

We maintain ongoing security practices to protect the platform:

• Continuous system monitoring
• Access and activity logging
• Secure development practices
• Regular review of infrastructure and dependencies
• Incident response processes for identifying and addressing risks

Working with Partners

CookJam is designed to integrate into healthcare and wellbeing ecosystems.

We work with partners to meet their security and compliance requirements, including:

• Security and data protection reviews
• Contractual agreements (including DPAs)
• Alignment with organisational policies and governance frameworks

Contact

For security, privacy, or data protection enquiries:

privacy@excelcollective.co.uk