Important: Zebe may process health and wellness information, including data from wearables, integrations, self-reported inputs, bloodwork, GP letters or similar sources. Health data is sensitive and should be handled with extra care. This draft is designed for Zebe as an early-stage UK health and longevity product and should be legally reviewed before publication.
Legal note: This is a practical privacy policy draft adapted for Zebe. It is not legal advice. Before publishing, confirm the final controller details, actual tools/processors, cookie setup, consent flows, retention rules and international transfer safeguards.
1. Who we are
This Privacy Policy explains how Zebe Health Ltd (“Zebe”, “we”, “us” or “our”) collects, uses, stores and shares personal data when you visit our website, join our waitlist, contact us, create an account, use our mobile app or web app, connect health or wearable services, use AI-powered features, participate in a beta, subscribe to a plan, or otherwise interact with Zebe.
Before publication, insert the final legal details: company number [insert company number], registered office [insert registered office address], and any trading address if different.
For privacy questions, requests or concerns, contact us at info@zebe.health. If Zebe later appoints a Data Protection Officer or formal EU/UK representative, add those details here.
2. What this Privacy Policy covers
This Privacy Policy applies to personal data processed through Zebe websites, waitlist forms, contact forms, emails, applications, dashboards, integrations, AI assistant features, analytics tools, payment or subscription flows, beta programmes and related services that link to this policy (together, the “Services”).
This policy does not cover third-party websites, apps, devices, labs, healthcare providers, payment processors, wearable platforms, app stores or social media platforms that we do not control. Their own privacy notices apply to their services.
Where we process personal data on behalf of a business customer, clinic, employer, partner or another organisation under a separate contract, that organisation may be the controller of your data and its own privacy notice may also apply.
3. Our privacy principles
We want Zebe to help people understand their health and longevity signals without invading their privacy. We aim to follow these principles:
- You should understand what data Zebe collects and why.
- You should have meaningful control over health data connections, permissions and deletion requests.
- We will not sell your personal data.
- We will not use your health data for third-party advertising.
- We will limit employee and contractor access to personal data to people who need it to provide, support, secure or improve the Services.
- Where possible, we will use aggregated, anonymised or de-identified data for analytics, research and product improvement rather than identifiable personal data.
- We will design Zebe with security, data minimisation and transparency in mind.
4. Personal data we collect
The types of personal data we collect depend on how you use Zebe and which features you choose. We may collect:
Category | Examples | Why it matters |
Identity and contact data | Name, email address, phone number, country, account ID, login details. | To create accounts, manage access, contact users and respond to requests. |
Waitlist and inquiry data | Waitlist form details, contact preferences, message content, source/campaign, company or role if provided. | To manage launch interest, respond to inquiries and send updates. |
Profile and onboarding data | Age range or date of birth, height, weight, goals, lifestyle, fitness level, habits, preferences and settings. | To personalise Zebe and create relevant insights. |
Health and wellness data | Sleep, activity, heart rate, HRV, recovery, mood, stress, nutrition, bloodwork, biomarkers, GP letters, medications or self-reported health information. | To provide scores, trends, recommendations, summaries and healthspan/lifespan-related features. |
Connected-device and integration data | Data imported from Apple Health, Oura, Garmin, Fitbit or other supported integrations. | To power Zebe’s connected-data experience. |
Uploaded documents and files | Reports, screenshots, PDFs, lab files, letters, notes or images you choose to upload. | To extract or summarise relevant information if you ask Zebe to process it. |
AI interaction data | Prompts, chat messages, outputs, feedback, ratings and context used by Ask Zebe or similar features. | To provide AI responses, improve quality, troubleshoot and maintain continuity. |
Payment and transaction data | Plan, subscription status, billing details, transaction records. Payment card details are normally processed by payment providers, not stored by Zebe. | To process subscriptions, refunds, invoices and account status. |
Device, app and usage data | IP address, browser, device type, operating system, app version, pages viewed, events, logs, crash data and approximate location. | To operate, secure, debug, analyse and improve the Services. |
Marketing and communications data | Email engagement, preferences, unsubscribe status, survey answers, ad/campaign source and event participation. | To send relevant updates and measure campaign performance. |
We may also collect other information that you choose to provide or that is necessary to operate new Zebe features. We should update this policy before launching materially different data collection, such as clinical services, medical-device features, employer dashboards or regulated health programmes.
5. How we collect personal data
We may collect personal data from the following sources:
- Directly from you when you join the waitlist, contact us, complete onboarding questions, create an account, upload information, answer check-ins, submit feedback, use Ask Zebe or communicate with support.
- From connected services when you choose to link them to Zebe, such as Apple Health, Oura, Garmin, Fitbit or other supported wearable, health, nutrition, calendar or wellbeing services.
- From uploaded or imported files if you choose to provide them, such as bloodwork, lab results, health reports, GP letters, medication notes, goal documents or lifestyle logs.
- Automatically when you use the website or app, including device, browser, app, analytics, cookie, log and usage information.
- From payment, subscription, app store, email, support, analytics, hosting, security or customer-management providers where needed to operate the Services.
- From business partners, beta partners or referral sources where you have asked them to connect you with Zebe or where they are authorised to do so.
6. How we use personal data
We process personal data for the purposes below. The final published version should confirm the precise lawful bases for each processing activity.
Purpose | Examples | Likely lawful basis |
Provide the Services | Create accounts, run Zebe features, connect data sources, generate scores, provide dashboards and respond to user requests. | Contract / legitimate interests / consent for health data where required. |
Personalise insights | Understand your goals, recommend actions, explain trends and tailor healthspan or lifespan-related content. | Consent or explicit consent where health data is involved; contract or legitimate interests for non-sensitive data. |
AI features | Process prompts, context and outputs for Ask Zebe, recommendations and support. | Contract / legitimate interests / consent or explicit consent where health data is used. |
Waitlist and launch communications | Manage waitlist, send launch updates, respond to contact forms and invite beta users. | Consent / legitimate interests. |
Product improvement and analytics | Analyse usage, troubleshoot, improve features, perform research and develop new services. | Legitimate interests; aggregated/anonymised data where possible; consent where required. |
Marketing | Send newsletters, announcements, campaigns and relevant offers. | Consent where required; legitimate interests where permitted. |
Payments and subscriptions | Process orders, manage billing, refunds, fraud checks and receipts. | Contract / legal obligation / legitimate interests. |
Security and compliance | Detect abuse, prevent fraud, protect accounts, maintain records, comply with law and enforce terms. | Legal obligation / legitimate interests / vital interests in limited circumstances. |
We may also use aggregated, anonymised or de-identified data for analytics, research, reports, product development and business planning where it no longer identifies you. Zebe should be careful not to describe data as anonymous unless it has been properly anonymised.
7. Health and special category data
Some information processed by Zebe may reveal information about your physical or mental health. This can include wearable metrics, biomarker results, sleep data, activity data, recovery data, nutrition information, mood or stress inputs, GP letters, medical notes, self-reported symptoms, medications, diagnoses, menstrual or reproductive health information, or other information you choose to provide.
Where required by law, we will ask for your explicit consent before processing health data or other special category data. You can withdraw consent by disconnecting a data source, changing relevant settings where available, deleting information where the product allows, closing your account, or contacting us at info@zebe.health.
If you withdraw consent or disconnect a data source, some Zebe features may no longer work or may become less personalised. Withdrawal of consent does not affect processing that happened before consent was withdrawn, and we may retain limited information where required by law, security, dispute resolution, audit or legitimate business records.
Zebe is not an emergency service, medical device, doctor, clinic or substitute for professional medical advice unless we explicitly state otherwise and comply with all relevant regulatory requirements. Do not use Zebe for emergencies, diagnosis, treatment decisions or urgent medical needs. Contact emergency services or a qualified healthcare professional where appropriate.
If Zebe later introduces regulated clinical services, lab services, medical-device features, healthcare professional review, or partnerships with clinics, this Privacy Policy and related consent flows should be updated before launch.
8. AI features, recommendations and Ask Zebe
Zebe may provide AI-powered features, including summaries, explanations, recommendations, scores, coaching-style prompts, chat-based support, trend interpretation, prioritised actions and Ask Zebe responses.
AI outputs may be generated from your prompts, account information, connected health and wellness data, self-reported inputs, uploaded files, usage data and Zebe product logic. AI outputs are informational and may be incomplete, inaccurate or not suitable for your circumstances.
We may use third-party AI, cloud or model providers to help provide AI features. Where we do this, we will aim to use contractual and technical safeguards that limit the provider’s use of your personal data to providing services to Zebe. We should not allow third-party AI providers to use your identifiable health data to train their general models unless we clearly tell you and obtain consent where required.
Please do not include unnecessary sensitive information in prompts or messages. If an AI feature asks whether you want to share additional information, only provide what you are comfortable sharing.
We may retain AI chat history, prompts, outputs and related context to provide continuity, support, safety monitoring, quality assurance, product improvement and your own account history. You may request deletion of this data by contacting info@zebe.health, subject to legal, security or operational retention requirements.
Zebe should not make solely automated decisions using health data that produce legal or similarly significant effects on users unless the correct legal basis, safeguards, consent flows and review mechanisms are in place.
9. Cookies and similar technologies
We may use cookies, pixels, software development kits, local storage, device identifiers and similar technologies to operate the website and app, remember preferences, understand usage, improve performance, prevent fraud, measure campaigns and, where permitted, provide marketing or advertising.
Types of cookies or similar technologies may include essential cookies, preference cookies, analytics cookies and marketing cookies.
Where required by UK or European law, we will ask for consent before using non-essential cookies or similar technologies. Users should be able to accept, reject or manage non-essential cookies through a cookie banner or preference tool.
The final published version should include a separate Cookie Policy or cookie table listing the actual cookies, providers, purposes and retention periods used by Zebe.
10. How we share personal data
We may share personal data where necessary with:
- Hosting, cloud infrastructure, database, security, backup and software providers.
- Analytics, product improvement, customer support, CRM, email, survey, waitlist and communication providers.
- Payment processors, app stores, subscription providers, accounting providers and fraud prevention tools.
- AI, automation, data-processing and model providers that help operate Zebe features.
- Wearable, health, nutrition, lab or other integration partners when you choose to connect or use those services.
- Professional advisers such as lawyers, accountants, auditors, insurers and compliance consultants.
- Regulators, courts, law enforcement or public authorities where legally required or necessary to protect rights, safety, property or security.
- Corporate transaction parties if we are involved in a merger, acquisition, financing, reorganisation, sale of assets or similar business transaction.
- Business or research partners where you have consented, where data is aggregated or anonymised, or where another lawful basis applies.
We do not sell personal data. We do not share identifiable health data with advertisers for their own advertising purposes. If this ever changes, the policy and consent flows must be updated before the change takes effect.
11. International transfers
Zebe may use service providers based outside the United Kingdom or European Economic Area. When personal data is transferred internationally, we will use appropriate safeguards where required, such as adequacy regulations, the UK International Data Transfer Agreement, the UK Addendum to EU Standard Contractual Clauses, EU Standard Contractual Clauses, or another lawful transfer mechanism.
Before publishing, confirm where Zebe data is hosted, which processors are used, whether data is transferred to the United States or other countries, and which transfer safeguards apply.
12. Data retention
We keep personal data for as long as reasonably necessary for the purposes described in this Privacy Policy, including to provide the Services, maintain your account, respond to inquiries, comply with legal obligations, resolve disputes, enforce agreements, maintain security, improve the product and keep appropriate business records.
Example retention periods should be confirmed before launch. A practical starting point is:
- Waitlist and marketing data: until you unsubscribe, ask us to delete it, or it is no longer needed for the original purpose.
- Account data: for as long as your account remains active, then for a limited period after closure unless longer retention is required.
- Health and wellness data: for as long as needed to provide the relevant features or until you delete it, withdraw consent, disconnect the data source or close your account, subject to backup, security, legal and audit retention.
- Support messages: for as long as needed to respond, improve support, maintain records and handle disputes.
- Analytics and logs: for a limited period appropriate to security, diagnostics and product improvement.
Aggregated or anonymised data that no longer identifies you may be kept for longer for research, analytics, product improvement and reporting.
13. Security
We use technical, organisational and administrative measures designed to protect personal data, especially health and wellness data. These may include access controls, encryption, logging, backups, monitoring, vulnerability management, staff training, processor due diligence and internal policies.
No online service can be guaranteed to be completely secure. You are responsible for keeping your login credentials safe and telling us promptly if you believe your account has been compromised.
If Zebe handles large-scale health data, launches medical-grade services, introduces lab integrations, or processes high-risk data at scale, Zebe should complete a Data Protection Impact Assessment and keep security controls under review.
14. Your choices and privacy rights
Depending on where you live and the law that applies, you may have rights to access, correct, delete, restrict, object to or transfer your personal data, and to withdraw consent where processing is based on consent.
For UK and European users, these rights may include:
- Access: ask for a copy of personal data we hold about you.
- Correction: ask us to correct inaccurate or incomplete personal data.
- Deletion: ask us to delete personal data in certain circumstances.
- Restriction: ask us to restrict processing in certain circumstances.
- Objection: object to processing based on legitimate interests or direct marketing.
- Portability: ask for certain data in a structured, commonly used and machine-readable format.
- Withdrawal of consent: withdraw consent at any time where we rely on consent, including explicit consent for health data where applicable.
- Complaint: complain to the UK Information Commissioner’s Office or another relevant data protection authority.
To exercise rights, contact info@zebe.health. We may need to verify your identity before responding. We will respond within the time required by applicable law. Some rights are not absolute, and we may retain limited data where the law allows or requires us to do so.
15. Marketing communications
If you join the waitlist, request updates, create an account, attend an event, download content or otherwise provide contact details, we may send service messages and, where permitted, marketing communications about Zebe.
You can opt out of marketing emails by using the unsubscribe link in the email or by contacting info@zebe.health. You cannot opt out of essential service, security, legal or account-related messages.
We should not use health data to target marketing unless the correct consent, privacy information and controls are in place.
16. Children
Zebe is not intended for children under 18 unless we expressly launch a child or family feature with appropriate safeguards and parental or guardian consent. We do not knowingly collect personal data from children under the applicable age without appropriate consent.
If you believe a child has provided personal data to Zebe without appropriate permission, contact info@zebe.health and we will take appropriate steps.
17. Third-party services and integrations
Zebe may allow you to connect or import data from third-party services, such as wearable devices, health apps, nutrition trackers, calendars, lab providers, file storage services or healthcare-related tools.
When you connect a third-party service, that service may send data to Zebe and may also receive information about the connection. Your use of third-party services is governed by their own terms and privacy policies.
You can usually manage third-party permissions through the third-party service, your device settings, your Zebe account settings where available, or by contacting us. Disconnecting an integration may reduce or stop certain Zebe features.
18. Changes to this Privacy Policy
We may update this Privacy Policy from time to time. If we make material changes, we will take reasonable steps to notify you, such as posting a notice on our website or app, updating the date above, sending an email or using another appropriate method.
The version posted on the website or app will be the current version. You should review it periodically.
19. Contact us
For privacy inquiries, rights requests, deletion requests, consent withdrawals or questions about this Privacy Policy, contact:
Zebe Health Ltd
Email: info@zebe.health
Registered office: [insert registered office address]
Company number: [insert company number]
If you are based in the UK and are unhappy with how we handle your personal data, you may have the right to complain to the Information Commissioner’s Office. We would appreciate the opportunity to address your concern first, so please contact us where possible.