TrueVitals Privacy Policy

Introduction and Scope

TrueVitals is a UK-based wellness company providing health and lifestyle testing services. We are the "data controller" of your personal information under the UK General Data Protection Regulation (UK GDPR), meaning we determine how and why your personal data is processed. This Privacy Policy explains what information we collect, how we use and share it, and your rights in relation to your data. We are committed to handling your data lawfully, fairly, and transparently, in accordance with data protection principles (e.g. using data only for specified purposes, minimizing what we collect, keeping data accurate, and ensuring security). By using TrueVitals services, you agree to the practices described in this policy.

Data We Collect

We collect personal data that you provide to us when you sign up or use our services, as well as data generated in the course of providing our wellness services. This includes:

  • Identity and Contact Information: Your name, email address, and other contact details. We may also collect basic demographics such as gender (used, for example, to personalize health insights). These details help us create and manage your account and communicate with you
  • Payment Details: Information needed to process payments for our services (e.g. billing address and card details). Note: TrueVitals itself does not store full payment card numbers; we use accredited payment processors to handle transactions securely (see Data Sharing below).
  • Health and Lifestyle Information (Special Category Data): Information about your health and lifestyle that you provide or that we obtain through our services. For example, this includes responses you give about your lifestyle or symptoms, and health data derived from lab tests you take with us (your test samples and results). Health-related information is considered "special category" personal data under UK GDPR due to its sensitive nature. We will always handle this data with extra care and, where required, obtain your explicit consent for its processing.

We collect the above information directly from you (e.g. via our website or app forms), and from our service processes (for instance, lab test results). We do not knowingly collect any personal data beyond what is needed for the purposes outlined in this policy. If you choose not to provide certain information (such as health details needed for a test), we may not be able to offer the related service.

How We Use Your Data

TrueVitals uses your personal and health data for specific, explicit, and legitimate purposes. The ways in which we use your information include:

  • Providing Our Wellness Services: We use your information to perform and manage the services you request. This includes matching you to appropriate health test panels based on the information you provide, arranging sample collection or test kits, and processing your samples through our partner laboratory (Nationwide Pathology Limited) to obtain results. We use your name and details to register your test and ensure results are correctly matched to you, and we use your contact information to update you on test progress or issues.
  • Delivering Test Results and Insights: Once your sample is analyzed by our lab partner, the test results (which contain your health data) are returned to TrueVitals. We then process these results to provide you with understandable health insights. Specifically, TrueVitals uses OpenAI's ChatGPT API (a cloud-based artificial intelligence service) to generate a clear interpretation of your lab results for you. This means your test data is securely transmitted to the OpenAI API, which acts only as a data processor on our behalf to analyze the results and return an explanatory report. OpenAI is contractually bound to use your data only for this purpose and not for its own needs. The AI-generated interpretation is then presented to you through your secure TrueVitals account. For your privacy, we do not send test results or personal health reports via email; you must log in to your TrueVitals account to view them.
  • Service Improvement and Research: We may use your information to improve TrueVitals' offerings and user experience. For example, we might review usage trends or analyze anonymized/aggregated data (that does not identify you) to understand how users benefit from our services and to develop new features. Using data in this way helps us refine our health recommendations and panels in our legitimate interest of continually enhancing our services. Any analysis for improvement is done in a privacy-conscious manner (we use de-identified data wherever possible).
  • Customer Support and Communication: We will use your contact details to send you service-related communications. This includes confirmations of your orders, reminders about appointments or sample submissions, notices when results are ready, and responses when you contact Customer Care. We may also send updates about our services or new features. We will not send you marketing emails without your consent, and you can opt out of any optional communications at any time.
  • Payments and Billing: We use payment and contact information to process your transactions and bill you for services you purchase. This involves using third-party payment processors (who are PCI-DSS compliant) to handle your payment information securely.
  • Legal and Safety Purposes: Where necessary, we may process or disclose data to comply with legal obligations or regulatory requirements (for example, for financial record-keeping, or if required by a court order). We may also use or share data as needed to enforce our terms of service or to detect/prevent fraud or other security issues, in line with applicable laws.

Use and Sale of Anonymized Health Data

Important: We may use and sell anonymized health and lifestyle data for research and commercial purposes. Here's what you need to know:

What Data May Be Used

We may use and sell anonymized versions of:

  • Your biomarker test results (blood panel data, metabolic markers, vitamin levels, etc.)
  • Lifestyle information you provide (diet, exercise habits, sleep patterns, symptoms)
  • Correlations between your biomarkers and lifestyle factors
  • Health trends and patterns derived from your data combined with other users' data

Anonymization Process

Before any data is used for these purposes, we:

  • Remove all directly identifying information (name, email, address, phone number, etc.)
  • Remove indirect identifiers that could potentially identify you when combined
  • Aggregate data with other users to ensure individual patterns cannot be distinguished
  • Apply technical and statistical measures to prevent re-identification

Who May Receive This Data

Anonymized data may be shared with or sold to:

  • Medical and scientific research institutions
  • Pharmaceutical and biotechnology companies
  • Health technology companies developing wellness products
  • Academic researchers studying health trends and biomarkers
  • Government health agencies for public health research

Purposes for Data Use

Recipients may use anonymized data for:

  • Scientific research into health, nutrition, and wellness
  • Development of new health products, treatments, or diagnostic tools
  • Population health studies and epidemiological research
  • Advancing understanding of biomarker relationships and health outcomes
  • Public health initiatives and policy development

Your Rights Regarding Anonymized Data

Please note that:

  • Once data is properly anonymized, it is no longer considered personal data under UK GDPR
  • You cannot request deletion of anonymized data as it cannot be linked back to you
  • We do not offer opt-out mechanisms for anonymized data use, as this is part of our business model
  • If you object to this practice, you should not use our services

Revenue from anonymized data sales helps us keep our testing services affordable and supports continued research into health and wellness. By using TrueVitals, you acknowledge and consent to these practices.

Personal Data - What We Do NOT Sell

We do not sell your personal data that can identify you. This includes your name, contact details, identifiable health records, or any data that could be traced back to you personally. All data sales involve only properly anonymized information as described above.

We will not use your personal data in any way that is incompatible with the purposes described above. If we intend to use your data for any new purpose, we will update this Privacy Policy and notify you as required.

Legal Bases for Processing

Under UK GDPR, TrueVitals must have a valid legal basis to process your personal data. Depending on the context, we rely on one or more of the following legal grounds:

  • Performance of a Contract: Most data processing we do is to provide you with the services you have requested – in other words, to fulfill our contract with you. When you sign up for TrueVitals and order a wellness test, we must use your personal data to carry out that service (e.g. process your order, have your sample analyzed, and deliver your results). This is a necessary part of our agreement with you.
  • Consent: We will ask for your consent in situations where we need it. In particular, because we handle health-related information (a special category of data), we seek your explicit consent to process this sensitive data for the purposes of our services, including the creation of anonymized datasets for research and commercial use. For example, when you provide us with health and lifestyle inputs or agree to undertake a health test, we will obtain your consent to process that information for analysis, providing results, and creating anonymized data. You may also be asked for consent for certain optional uses of data, such as receiving promotional communications (if we ever offer such an option). You have the right to withdraw your consent at any time if you change your mind (with effect for future processing), by contacting us (see Contact Information below) or using provided tools. Note that if you withdraw consent for us to process your health data, we may not be able to continue providing some services to you. Withdrawal of consent does not affect anonymized data already created.
  • Legitimate Interests: In some cases, we process your data to pursue our legitimate business interests, in a manner that does not override your rights and freedoms. For instance, we have a legitimate interest in improving and personalizing our services, in ensuring IT security, and in sending you service-related updates. When we rely on this basis, we carefully consider and balance any potential impact on you and your rights. For example, using an AI analysis to enhance the explanation of your results is in our interest to provide a high-quality service, and we do so under strict privacy safeguards. We do not use legitimate interests as a basis for any processing that is highly intrusive or to send you unsolicited marketing.
  • Legal Obligation: Sometimes we must process or retain certain data to comply with a legal obligation. For example, UK law may require us to keep transaction records for a certain period for tax or accounting purposes, or to disclose information if formally required by law enforcement. In these cases, the law forms the basis for processing.

We will always identify the appropriate legal basis for our activities as required by UK GDPR. If you have questions about the specific legal basis for any particular processing of your data, please contact us.

Data Sharing and Disclosure

We treat your personal information as confidential and do not sell your personal data that can identify you. We only share personal data with third parties for the purposes outlined above and only when necessary to run our business or comply with the law. The categories of recipients with whom we may share your data are:

  • Laboratory Partner (Nationwide Pathology Limited): When you purchase a TrueVitals health test, we work with our accredited lab partner, Nationwide Pathology Limited, to analyze your biological samples (such as blood or saliva). We share only the information required to perform the test – typically your first name, a unique test identifier, and relevant demographic details (e.g. gender or age if needed for analysis) – along with the sample itself. Nationwide Pathology Limited uses this information solely to conduct the lab analysis and quality checks, and then returns your test results to TrueVitals. Nationwide Pathology Limited is contractually obligated to handle your data securely and in compliance with data protection law, and will not use it for any other purpose.
  • OpenAI (ChatGPT API Service): As noted, we use OpenAI's ChatGPT API to help generate the interpretive commentary on your test results. To do this, we securely transmit your lab results (and possibly brief, relevant background info you provided) to OpenAI's system. OpenAI acts as our data processor – it processes your data only on TrueVitals' instructions and does not use your information for its own purposes. We have a data processing agreement in place with OpenAI to protect your data, and this arrangement includes safeguards such as Standard Contractual Clauses since your data may be processed on servers outside the UK (for example, OpenAI may process data in the United States). The information sent to OpenAI is limited to what's necessary for the AI to generate your results interpretation, and OpenAI is not permitted to store or retain your data beyond delivering the service.
  • Payment Processors: If you make payments on our site, your payment details (like credit/debit card information or PayPal details) will be processed by a third-party payment provider. These payment processors are independent controllers or processors of your payment data, and they are compliant with stringent security standards (PCI DSS). TrueVitals does not receive or store your full card number or security code; we only get confirmation of payment or basic billing info. We share with the payment provider the information necessary to process the transaction (such as your name, order amount, and payment token). The payment provider is authorized to use this data only to process your payment and comply with legal obligations (e.g. anti-fraud checks).
  • Service Providers and Affiliates: We may employ other trusted third-party companies and individuals to help us support or deliver our services (for example, IT infrastructure hosting, email/SMS delivery services for sending notifications, analytics providers, or customer support tools). These parties only access your data to perform tasks on our behalf and under our instructions, in accordance with this Privacy Policy. They are bound by contractual confidentiality and data protection obligations. For instance, we might use a secure cloud hosting service to store data or an analytics service to understand aggregate usage patterns. Any such providers are carefully vetted for strong data protection practices.
  • Research and Commercial Partners: We may share anonymized and de-identified health and lifestyle data with research institutions, pharmaceutical companies, biotechnology firms, and other commercial partners as described in the "Use and Sale of Anonymized Health Data" section above. This anonymized data cannot be traced back to you personally.
  • Legal Compliance and Protection: We may disclose personal information to third parties (such as regulators, law enforcement or courts) if we believe disclosure is required by law or necessary to exercise, establish, or defend legal claims. For example, if we are compelled by a court order or regulatory demand to release data, we will comply after verifying the request's legitimacy. We may also share information in connection with an investigation of fraud, harassment, security threats, or other violations of law or our terms of service, but only to the extent permitted by data protection laws.

Aside from the parties above, we will not share your personal data with any other third parties unless you have given your consent. In particular, we do not share your personally identifiable information with third parties for their own marketing or advertising purposes. Any third parties that process personal data on our behalf (processors) are subject to strict data protection agreements ensuring your data remains secure. TrueVitals remains responsible for the handling of your data by all such partners. If you have questions about third parties we use, feel free to contact us for an up-to-date list of our key service providers.

Data Retention

We keep your personal data only for as long as necessary to fulfill the purposes we collected it for, and as required or permitted by law. This means:

  • For active customers, we will retain your information for as long as your TrueVitals account is open and you are using our services, so that we can provide you with ongoing service (for example, to show your past test results, or to reference your health history for new recommendations).
  • If you close your account or it has been inactive for an extended period, or if we have finished providing services to you, we will either delete your personal data or anonymize it so that it no longer identifies you, unless we are required to keep it longer for legal reasons. For instance, we might retain certain transaction records or communications for a number of years to comply with tax, accounting, or regulatory obligations. Likewise, we may keep minimal information to honor opt-out requests or to resolve disputes.
  • We periodically review the data we hold. When the retention period for particular data expires, or if we determine we no longer need the data, we will ensure it is securely erased or anonymized. At the end of the applicable retention period, personal data will be permanently deleted or rendered irrecoverable.
  • Anonymized data may be retained indefinitely as it no longer constitutes personal data and supports ongoing research and commercial activities.

The exact retention periods can vary depending on the type of data and the purpose. If you'd like more detail on how long a specific type of data is kept, please contact us. In all cases, we retain personal data in compliance with applicable law and not longer than necessary.

Data Security Measures

TrueVitals takes the security of your personal information very seriously. We have implemented robust technical and organizational measures to protect your data from loss, misuse, unauthorized access, alteration, or disclosure. These measures include:

  • Secure Storage: All personal data is stored on secure servers with strong access controls. We use encryption to protect data in transit (e.g. SSL/TLS encryption for our website so that information you enter is securely transmitted) and, where appropriate, encryption at rest for sensitive data stored in our databases.
  • Access Controls: Your TrueVitals account is password-protected, and sensitive data (like your test results and profile information) can only be accessed by logging into your account with your unique credentials. This means that only you (or persons you authorize) can view your wellness results, as they are accessible only behind your secure login. We strongly advise you to keep your login credentials confidential and use a strong password. Internally, access to personal data is limited to authorized TrueVitals personnel and contractors who need the information to perform their duties (for example, customer support or medical professionals interpreting results), and these persons are bound by confidentiality obligations.
  • Administrative and Organizational Security: Our staff are trained on data protection best practices. We maintain policies to prevent unauthorized access to data, and we regularly review our security practices. We also ensure that any third-party service providers we use implement appropriate security measures.
  • Monitoring and Testing: We employ firewalls and intrusion detection systems to guard our network. Our systems are monitored for vulnerabilities and we periodically test and evaluate the effectiveness of our security measures. We update our practices in line with evolving threats and industry standards.

While we strive to protect all data, please note that no method of transmission over the Internet or electronic storage is 100% secure and we cannot guarantee absolute security of information at all times. However, we continuously work to protect your information and have incident response plans in place. In the unlikely event of a data breach affecting your personal data, we will promptly notify you and the relevant authorities as required by law.

Your Rights and Choices

As a user of TrueVitals, you have a number of important rights regarding your personal data. We want to make sure you are fully aware of your data protection rights. Subject to certain legal conditions and exceptions, these include:

  • Right of Access: You have the right to request a copy of the personal data we hold about you. We will provide you with a copy of your information, usually within one month of your request. This is commonly known as a "data subject access request." Note that this right does not extend to anonymized data, as it cannot be linked back to you.
  • Right to Rectification: If any of your personal data is inaccurate or incomplete, you have the right to ask us to correct it. We encourage you to keep your profile information up-to-date, and you can also contact us to fix any errors.
  • Right to Erasure: You have the right to request deletion of your personal data in certain circumstances – for example, if the data is no longer necessary for the purposes it was collected, or if you withdraw consent and we have no other legal basis to continue processing. This is sometimes called the "right to be forgotten." Please note that we cannot delete data that we are required to keep by law, data that is necessary for establishing or defending legal claims, or anonymized data that can no longer be linked to you.
  • Right to Restrict Processing: You can ask us to restrict (pause) the processing of your personal data under certain conditions. For instance, if you contest the accuracy of the data or have objected to processing (see below), you can request restriction while we address the issue.
  • Right to Object: You have the right to object to our processing of your data in some cases. You can object to processing based on our legitimate interests if you feel it impacts your rights. You also have an absolute right to object to any direct marketing (though currently TrueVitals does not send marketing communications without consent). Please note that you cannot object to the creation of anonymized data from your health information, as this is a fundamental part of our business model and service offering.
  • Right to Data Portability: For data you provided to us and which we process by automated means based on your consent or contract, you have the right to request that we transfer this data to you or another service provider in a commonly used format. For example, you could ask us to export your test result history so you can store it or share it elsewhere.
  • Right to Withdraw Consent: Where we rely on your consent to process data (such as health information or optional features), you have the right to withdraw that consent at any time. Withdrawing consent will not affect the legality of any processing we already carried out, including any anonymized data already created from your information, but it will mean we stop the relevant processing going forward. If you withdraw consent, certain services (for example, ongoing health analysis) may no longer be usable, but we will inform you if that is the case.
  • Right to Lodge a Complaint: If you have a concern about how we are handling your personal data, you have the right to lodge a complaint with the relevant data protection supervisory authority. In the UK, this is the Information Commissioner's Office (ICO). We encourage you to contact us first so we can address your concerns directly, but you are entitled to contact the ICO at any time. (ICO website: ico.org.uk)

To exercise any of your rights, please contact us at our Customer Care email provided below. We may need to verify your identity before fulfilling certain requests (to ensure we don't disclose data to the wrong person). We will respond to your requests within one month, as required by law, and will inform you if we need more time or cannot comply for a lawful reason. There is generally no fee for exercising your rights, though a reasonable fee may apply if a request is manifestly unfounded or excessive.

Cookies and Tracking Technologies

When you visit TrueVitals' website or use our app, we may use cookies and similar tracking technologies to enhance your experience and gather analytics information. Cookies are small text files placed on your device that help us remember your preferences and understand how you use our services. For example, we might use cookies to keep you logged in during a session or to collect anonymous data about which pages of our site are most popular.

We use the following types of cookies:

  • Necessary Cookies: These are essential for our site to function (for example, to remember your login state or settings). Without these cookies, certain features of the service may not work.
  • Analytics and Performance Cookies: We use these to collect information about how users interact with our website (such as page visits and click patterns) so we can improve our content and user experience. For instance, we may use Google Analytics or similar tools to gather aggregate usage statistics. The data collected typically does not identify you personally, but it may include your IP address, browser type, and browsing behavior.

We do not use cookies for advertising or marketing to third parties. All our cookies are used either for the functioning of the service or our own analysis to improve it. We comply with applicable laws regarding cookies (such as the Privacy and Electronic Communications Regulations in the UK). This means that, where required, we will obtain your consent before placing non-essential cookies (like analytics cookies) on your device. On your first visit, you will be presented with a cookies consent banner or settings where you can agree or opt out of certain cookies.

You have choices in how cookies are used:

  • Cookie Preferences on our Site: We provide a mechanism (such as a cookie settings panel) for you to manage your preferences. You can choose to disable certain categories of cookies (except those strictly necessary).
  • Browser Settings: Most web browsers let you refuse or delete cookies. You can adjust your browser settings to remove or reject cookies. Please note that if you disable cookies entirely, some parts of our service (like staying logged in) may not work properly.

For more detailed information, please see our Cookie Policy (which provides a list of cookies in use and their purposes). By using our site with cookies enabled, you consent to our use of cookies as described. You can withdraw or change your cookie consent at any time via the methods above.

Children's Privacy

TrueVitals' services are not intended for individuals under the age of 18. We do not knowingly collect or solicit personal data from anyone under 18 years old. If you are under 18, please do not attempt to use our site or send any personal information about yourself to us (this includes not only registering an account but also not providing any health or contact information). If we learn that we have inadvertently collected personal data from a child under 18, we will take steps to delete such information promptly.

Parents or guardians: if you become aware that a minor in your care has provided us with information, please contact us so that we can remove the data and terminate any account if applicable. We reserve the right to ask for proof of age if we suspect a user is under 18.

Changes to This Privacy Policy

We may update or revise this Privacy Policy from time to time, for example to reflect changes in our services or legal obligations. If we make changes, we will post the updated policy on this page and update the "Last updated" date at the top. If any changes are material or significantly affect how we use your data, we will notify you either by sending an email to the address associated with your account or by placing a prominent notice on our website. We encourage you to review this policy periodically to stay informed about how we are protecting your information. Your continued use of TrueVitals services after any changes to this policy constitutes your acceptance of the updated terms.

Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please feel free to contact us. TrueVitals Customer Care handles privacy inquiries and can be reached at CustomerCare@truevitals.co.uk. You may also write to us at our business address (if provided on our website) or contact us through the support channels in our app/website. We are here to help and will respond as soon as possible.

If you need to reach our Data Protection Officer (if one is appointed) or have specific questions about data protection, please indicate that in your message, and we will direct your query appropriately.

Thank you for trusting TrueVitals with your wellness journey. We are dedicated to safeguarding your privacy every step of the way.