Privacy Policy
Privacy Policy Last Updated: 13 May 2026
Intended Purpose
The Lola Health mobile application is a wellness and lifestyle software product. It is not a medical device, is not registered with the MHRA and does not carry a UKCA, CE or FDA mark. It is not intended for the diagnosis, prevention, prediction, prognosis, monitoring, treatment or alleviation of disease. Clinical interpretation of lab results is provided by the GMC-registered doctor who reviews them, not by the software. Samples are analysed by our UKAS-accredited (ISO 15189) UK partner laboratory. For the full product status notice, see our Product Status and Wellness Disclaimer.
This Privacy Policy describes how Lola Health Ltd ("Lola Health," "we," "us," or "our") collects, uses, and discloses your personal information when you visit, use our services, or make a purchase from https://lolahealth.com (the "Site") or otherwise communicate with us (collectively, the "Services"). This includes data collected via our mobile app, Lola Health, available on Google Play and Apple App Store.
For purposes of this Privacy Policy, "you" and "your" means you as the user of the Services, whether you are a customer, website visitor, or another individual whose information we have collected pursuant to this Privacy Policy.
Please read this Privacy Policy carefully. By using and accessing any of the Services, you agree to the collection, use, and disclosure of your information as described in this Privacy Policy. If you do not agree to this Privacy Policy, please do not use or access any of the Services.
Changes to This Privacy Policy We may update this Privacy Policy from time to time, including to reflect changes to our practices or for other operational, legal, or regulatory reasons. We will post the revised Privacy Policy on the Site, update the "Last Updated" date, and take any other steps required by applicable law.
How We Collect and Use Your Personal Information To provide the Services, we collect and have collected over the past 12 months personal information about you from a variety of sources as set out below. The information that we collect and use varies depending on how you interact with us.
In addition to the specific uses set out below, we may use information we collect about you to communicate with you, provide the Services, comply with any applicable legal obligations, enforce any applicable terms of service, and to protect or defend the Services, our rights, and the rights of our users or others.
Lawful Bases for Processing Under the UK GDPR and the Data Protection Act 2018, we process your personal data on the following lawful bases:
Contract: Where processing is necessary to perform our contract with you, such as fulfilling your order and delivering your test results.
Legitimate Interests: Where processing is in our legitimate interests or those of our clients, provided these do not override your rights and freedoms. This includes improving our services, facilitating communication and service delivery, and assisting clients with data privacy and security compliance. We assess these interests carefully and implement safeguards to protect your rights. For more details, contact us at [email protected].
Legal Obligation: Where processing is necessary to comply with a legal obligation, such as tax, accounting, or regulatory requirements.
Consent: Where you have given clear, explicit consent for us to process your data, including for marketing communications and special category health data. You may withdraw consent at any time by contacting [email protected], though this may affect our ability to provide the service.
What Personal Information We Collect The types of personal information we obtain about you depend on how you interact with our Site and use our Services. When we use the term "personal information," we are referring to information that identifies, relates to, describes, or can be associated with you.
Information We Collect Directly from You: Information that you directly submit to us through our Services may include basic contact details including your name, address, phone number, and email; order information including your name, billing address, shipping address, payment confirmation, email address, and phone number; account information including your username, password, and security questions; shopping information including the items you view, put in your cart, or add to your wishlist; and customer support information including the information you choose to include in communications with us.
Information We Collect through Cookies: We also automatically collect certain information about your interaction with the Services. To do this, we may use cookies, pixels, and similar technologies. This usage data may include information about how you access and use our Site and your account, including device information, browser information, information about your network connection, your IP address, and other information regarding your interaction with the Services.
Information We Obtain from Third Parties: We may obtain information about you from third parties, including from vendors and service providers who may collect information on our behalf, such as companies who support our Site and Services such as Shopify, and our payment processors who collect payment information to process your payment and fulfill your orders. Any information we obtain from third parties will be treated in accordance with this Privacy Policy. We are not responsible for the accuracy of information provided to us by third parties or for any third party's policies or practices.
Use of Mobile App and Additional Data Collection This Privacy Policy also applies to the Lola Health mobile app, available on Google Play and Apple App Store.
The mobile app is the channel through which you view your blood test results, the GMC-registered doctor's review, and Lola Health's educational content. Specific data collected via the app includes account and order data such as name, email, order history, and subscription status; test results data including biomarker values, reference ranges, the doctor's written review, and any notes you provide about your medical history or concerns; and location data, if you enable location services, which we may use to suggest nearby clinics and partner phlebotomists. You can disable location permissions at any time through your device settings.
Data collected through the mobile app may be shared with third parties such as laboratory processing partners or as otherwise outlined in this Privacy Policy.
How We Use Your Personal Information Providing Products and Services: We use your personal information to provide you with the Services in order to perform our contract with you, including to process your payments, fulfill your orders, send notifications related to your account and purchases, create and manage your account, arrange for shipping, and facilitate any returns and exchanges.
Marketing and Advertising: We use your personal information for marketing and promotional purposes, such as to send marketing, advertising, and promotional communications by email, text message, or postal mail, and to show you advertisements for products or services. We will only do this where you have given your consent or where we have a legitimate interest to do so.
Security and Fraud Prevention: We use your personal information to detect, investigate, or take action regarding possible fraudulent, illegal, or malicious activity.
Communicating with You: We use your personal information to provide you with customer support and improve our Services.
SMS Communications and Data Collection When you opt in to receive text messages from Lola Health Ltd, we collect your phone number and related information to send you transactional updates such as order confirmations, reminders, or abandoned cart notifications, and promotional messages where you have consented.
We use this information solely to manage and deliver our SMS communications and to improve the customer experience. Your phone number and SMS consent data are not shared, sold, or transferred to any unaffiliated third parties.
Abandoned Cart Messages: Our website uses cookies and similar technologies to track items you place in your shopping cart, including when you have abandoned your cart. This data is used to determine when to send cart reminder messages via SMS.
Opt-Out: You can unsubscribe from SMS messages at any time by replying STOP to any message. Message and data rates may apply.
Sharing of Data with Partner Clinics Lola Health partners with a limited number of external clinics and healthcare professionals who may provide their clients with referral or discount codes for use on our website.
When you use a partner clinic's referral or discount code during checkout, you acknowledge and agree that your personal and health information, including your blood test results, will be shared securely with the partner clinic identified by the code used at checkout; the partner clinic will be responsible for reviewing your results outside of Lola Health's clinical review system; and the partner clinic may retain your information in accordance with their own privacy policies and data handling standards, which may differ from those of Lola Health.
We only share your data with the partner clinic identified through the referral code you used and never for marketing purposes. If you do not wish for your data to be shared in this way, please do not use a partner code at checkout. See also: Terms of Service Section 17 – Partner Clinics and Referral Codes
Cookies Like many websites, we use cookies on our Site. We use cookies to power and improve our Site and our Services, to run analytics and better understand user interaction with the Services, and to track when shopping carts are abandoned, which helps us determine when to send cart reminder messages via SMS to users who have opted in. We may also permit third parties and service providers to use cookies on our Site to better tailor the services, products, and advertising on our Site and other websites.
Most browsers automatically accept cookies by default, but you can choose to set your browser to remove or reject cookies through your browser controls. Please keep in mind that removing or blocking cookies can negatively impact your user experience and may cause some of the Services to work incorrectly or no longer be available.
For specific information about the cookies used by Shopify, see https://www.shopify.com/legal/cookies.
How We Disclose Personal Information In certain circumstances, we may disclose your personal information to third parties for legitimate purposes subject to this Privacy Policy. Such circumstances may include with vendors or other third parties who perform services on our behalf such as IT management, payment processing, data analytics, customer support, cloud storage, fulfilment, and shipping; with business and marketing partners including Shopify to provide services and advertise to you; when you direct, request, or otherwise consent to our disclosure of certain information to third parties; and in connection with a business transaction such as a merger, to comply with any applicable legal obligations, to enforce any applicable terms of service, or to protect or defend the Services, our rights, and the rights of our users or others.
Please note that text messaging originator opt-in data and consent will not be shared with any third parties.
User Generated Content The Services may enable you to post product reviews and other user-generated content. If you choose to submit user-generated content to any public area of the Services, this content will be public and accessible by anyone.
Third Party Websites and Links Our Site may provide links to websites or other online platforms operated by third parties. If you follow links to sites not affiliated or controlled by us, you should review their privacy and security policies and other terms and conditions. We do not guarantee and are not responsible for the privacy or security of such sites.
Children's Data The Services are not intended to be used by children under the age of 18, and we do not knowingly collect any personal information about children. If you are the parent or guardian of a child who has provided us with their personal information, you may contact us using the contact details set out below to request that it be deleted. See also: Terms of Service Section 1 – Online Store Terms
Security and Retention of Your Information Please be aware that no security measures are perfect or impenetrable and we cannot guarantee perfect security. We recommend that you do not use unsecure channels to communicate sensitive or confidential information to us.
How long we retain your personal information depends on different factors, such as whether we need the information to maintain your account, to provide the Services, comply with legal obligations, resolve disputes, or enforce other applicable contracts and policies. Please refer to our Data Retention Schedule below for specific retention periods.
Your Rights and Choices Under the UK GDPR and the Data Protection Act 2018, you have the following rights in relation to your personal information:
Right to Access: You may request access to personal information that we hold about you.
Right to Delete: You may request that we delete personal information we maintain about you.
Right to Correct: You may request that we correct inaccurate personal information we maintain about you.
Right of Portability: You may request a copy of the personal information we hold about you and request that we transfer it to a third party in certain circumstances.
Restriction of Processing: You may ask us to stop or restrict our processing of personal information.
Withdrawal of Consent: Where we rely on consent to process your personal information, you may withdraw this consent at any time by contacting [email protected].
Right to Object: You have the right to object to processing based on legitimate interests or for direct marketing purposes.
Right to Lodge a Complaint: You have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk if you believe we have not handled your personal data in accordance with the law.
Appeal: You may appeal our decision if we decline to process your request by replying directly to our denial.
Managing Communication Preferences: You may opt out of receiving promotional emails at any time by using the unsubscribe option displayed in our emails.
You may exercise any of these rights by contacting us at [email protected]. We will respond to your request within one calendar month as required under UK GDPR.
Special Category Data (Health Information) As a health testing company, we process special category personal data under Article 9 of the UK GDPR and the Data Protection Act 2018. This includes blood test results including biomarker values, reference ranges, and clinical interpretations; health questionnaire responses including symptoms, medical history, medications, and lifestyle information you provide; doctor review notes including clinical commentary provided by our reviewing physicians; and epigenetic test data for TruDiagnostic products only, including DNA methylation data and derived ageing-related insights.
We process this data under the following lawful bases: explicit consent under Article 9(2)(a), which you provide when you purchase a blood test and agree to our terms at checkout, and you may withdraw consent at any time by contacting [email protected], though this may affect our ability to provide the service; and preventive or occupational medicine under Article 9(2)(h), where processing is necessary for health assessment purposes under the responsibility of a registered healthcare professional bound by professional secrecy.
Your health data is processed and stored on encrypted servers within the UK and EEA; accessible only to authorised personnel including reviewing doctors bound by GMC professional obligations; never sold to third parties or used for insurance underwriting purposes; shared with our UKAS-accredited (ISO 15189) UK partner laboratory solely for the purpose of analysing your blood samples; and for TruDiagnostic products only, shared with TruDiagnostic's CLIA-certified, CAP-accredited US lab for the purpose of DNA methylation analysis, covered by appropriate UK GDPR safeguards as set out below under Data Residency. See also: Medical Disclaimer – Blood Testing Services; Terms of Service Section 6 – Personal Information
AI-Powered Services The Lola Health mobile app includes AI-powered features that produce wellness summaries of your lab data, scoped to non-medical wellness content. Clinical interpretation of any blood test result is provided by the reviewing GMC-registered doctor, not by the software.
AI-generated outputs are for informational purposes only and do not constitute medical advice. All blood test results are reviewed by a doctor before being released to you. You can disable AI features at any time within the app settings. See also: Medical Disclaimer – AI-Powered Features
Data Retention Schedule
Blood test results and doctor reviews: retained for 8 years from date of test to comply with UK medical records guidance and clinical negligence limitation period.
Customer account data including name, email, and address: retained for the duration of the account plus 3 years after deletion for contractual obligations and limitation period for claims.
Order and payment records: retained for 7 years from transaction date for HMRC tax and accounting requirements.
Health questionnaire responses: retained for 8 years from date of submission for clinical record keeping requirements.
Marketing consent and communication logs: retained for the duration of consent plus 1 year after withdrawal as evidence of consent under PECR and UK GDPR.
Website analytics and cookies: retained for up to 26 months for service improvement and analytics.
AI logs: retained for the duration of the account plus 1 year for service improvement and safety monitoring.
After the retention period expires, data is securely deleted or anonymised. You may request earlier deletion by contacting [email protected], subject to our legal and regulatory obligations.
Complaints If you have complaints about how we process your personal information, please contact us at [email protected]. If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk or by calling 0303 123 1113.
Data Residency Your personal data is processed and stored on encrypted servers within the UK and EEA. Service providers supporting our services are required to provide an equivalent level of protection consistent with UK GDPR standards.
If you purchase a TruDiagnostic product (TruAge, TruHealth, or TruAge + TruHealth), your sample and the resulting epigenetic data are sent to TruDiagnostic's CLIA-certified, CAP-accredited US lab for analysis. This is the only personal data we transfer outside the UK and EEA. The transfer is covered by appropriate UK GDPR safeguards under Article 46 contractual safeguards. If you would like more detail on the safeguards in place for this transfer, or do not wish your data to be transferred, contact [email protected] before placing the order.
Contact Should you have any questions about our privacy practices or this Privacy Policy, or if you would like to exercise any of the rights available to you, please contact us at:
Email: [email protected] Support: [email protected]
For the purpose of applicable data protection laws, Lola Health Ltd is the data controller of your personal information.
Lola Health Ltd is a company registered in England and Wales under Company Number 15961806, with its registered office at 167-169 Great Portland Street, 5th Floor, W1W 5PF, London. Lola Health Ltd is registered with the Information Commissioner's Office (ICO Ref: ZB752885).