Privacy policy

Privacy Policy

Last updated: November 2025

Lina Health Ltd
Unit 82a, James Carter Road, Mildenhall, Bury St. Edmunds, England, IP28 7DE
Contact: hello@findlina.com

1. Overview

Your privacy matters to us.

Lina Health Ltd ("Lina", "we", "us", "our") is committed to protecting your personal data. This Privacy Policy explains what data we collect, why we collect it, how we use it, and your rights under applicable data protection laws.

Key principles:

• We collect only what's necessary to provide our service

• We never sell your personal data

• You control your information

• We comply with UK GDPR and applicable data protection laws

2. Data Controller

Lina Health Ltd is the data controller responsible for your personal data.

Registered Address:
Unit 82a, James Carter Road
Mildenhall, Bury St. Edmunds
England, IP28 7DE

Contact: hello@findlina.com
Data Protection Officer: hello@findlina.com

3. Data We Collect

3.1 Account Data

• Name

• Email address

• Sign-in method (Apple, Google, or email)

• Account creation date

• Profile preferences

3.2 Wellness & Health Data (User-Logged)

• Medication doses and timing

• Side effects and symptoms

• Weight and body measurements

• Meal logs and notes

• Mood and energy tracking

• Photos (if you choose to upload them)

• Custom journal entries

• Water and protein intake

3.3 App Usage Data

• Features used (e.g., check-ins, reminders)

• Time spent in app

• Button clicks and navigation patterns

• Session frequency and duration

3.4 Technical Data

• Device type and model

• Operating system version

• App version

• IP address (anonymized where possible)

• Crash reports and error logs

• Unique device identifiers

What We DON'T Collect

• Prescription records or data from your pharmacy

• Information from your medical provider (unless you explicitly share)

• Payment card details (handled entirely by Apple/Google)

• Social Security or national ID numbers

• Genetic or biometric data

4. How We Use Your Data

4.1 Provide the Service

• Create and maintain your account

• Enable core tracking features

• Sync data across your devices

• Send reminders (if enabled)

• Provide customer support

4.2 Improve the App

• Analyze usage patterns to improve features

• Fix bugs and technical issues

• Develop new functionality

• Conduct research (anonymized/aggregated only)

4.3 Communicate With You

• Send important service updates

• Respond to your inquiries

• Share educational content (with consent)

• Conduct user research and surveys (optional)

4.4 Safety & Compliance

• Prevent fraud and abuse

• Enforce our Terms of Use

• Meet legal obligations

• Protect our and users' rights

5. Legal Basis for Processing

Under UK GDPR, we process your data based on:

• Contract: To provide the Lina service you signed up for

• Consent: For optional features like marketing emails and analytics

• Legitimate Interests: To improve our service and prevent fraud

• Legal Obligation: To comply with applicable laws

6. Sharing Your Data

We never sell your personal data.

We may share it only with:

6.1 Service Providers

Third parties who help us operate the app:

• Supabase – Database hosting (EU/UK servers, SOC 2 certified)

• Apple/Google – Payment processing and app distribution

• Email service providers – For transactional emails

• Cloud storage – For secure data backup

All service providers are bound by data processing agreements and only process data on our instructions.

6.2 Legal Requirements

We may disclose data if required by law, to:

• Comply with legal obligations or court orders

• Protect rights, property, or safety

• Detect, prevent, or address fraud or security issues

6.3 Business Transfers

If Lina Health Ltd is acquired or merged, your data may be transferred to the new owner. We will notify you before any such transfer.

7. International Data Transfers

Your data is primarily stored on servers located in the European Union and United Kingdom. If data is transferred outside the UK/EU, we ensure appropriate safeguards are in place, such as:

• Standard Contractual Clauses approved by the UK ICO

• Adequacy decisions

• Binding Corporate Rules

8. Data Storage & Security

8.1 Where Data Is Stored

• Primary hosting: EU/UK-based servers (Supabase)

• Backup locations: EU/UK regions with adequate safeguards

• All infrastructure is SOC 2 certified

8.2 Security Measures

• Encryption in transit (TLS/SSL) and at rest

• Access controls and authentication

• Regular security audits

• Employee training on data protection

• Incident response procedures

No system is 100% secure. While we use industry-standard measures, we cannot guarantee absolute security. We will notify you and relevant authorities of any data breach as required by law.

9. Data Retention

• Active accounts: We keep your data as long as your account is active

• After deletion: Personal data deleted within 30 days

• Backups: Removed within 90 days (technical limitation)

• Aggregate anonymized data: May be retained indefinitely for research

• Legal requirements: Some data may be retained longer if required by law

10. Your Rights

Under UK GDPR, you have the right to:

• Access: Request a copy of your personal data

• Rectification: Correct inaccurate or incomplete data

• Erasure: Request deletion of your data ("right to be forgotten")

• Restrict Processing: Limit how we use your data

• Data Portability: Receive your data in a machine-readable format

• Object: Object to processing for marketing purposes

• Withdraw Consent: Withdraw consent at any time

• Complain: Lodge a complaint with the UK Information Commissioner's Office (ico.org.uk)

To exercise any rights: Email hello@findlina.com with your request. We'll respond within 30 days. We may ask for verification of your identity.

11. Automated Decision-Making

We do not use automated decision-making or profiling that produces legal or similarly significant effects on you.

12. Children's Privacy

Lina is not intended for anyone under 18 years of age. We do not knowingly collect data from children. If we discover we've collected a child's data, we'll delete it promptly. If you believe a child has provided us with personal data, please contact us at hello@findlina.com.

13. Cookies and Tracking

The Lina mobile app does not use cookies. We may use similar technologies for:

• Maintaining your logged-in session

• Remembering your preferences

• Analytics (with your consent)

You can control these through your device settings.

14. Marketing Communications

• Opt-in required: We only send marketing emails if you consent

• Easy unsubscribe: Every email includes an unsubscribe link

• Transactional emails: Password resets and service notifications cannot be opted out of

15. Third-Party Links

Our app may contain links to third-party websites or services. We are not responsible for their privacy practices. We encourage you to read their privacy policies.

16. Changes to This Policy

• We may update this policy to reflect new features or regulations

• Material changes: We'll notify you via email or in-app notification at least 30 days before changes take effect

• Continued use after changes means you accept the updated policy

• The latest version will always be available at findlina.com/privacy

17. Contact Us

Questions? Concerns? Requests?

Email: hello@findlina.com
Data Protection Officer: hello@findlina.com

Lina Health Ltd
Unit 82a, James Carter Road
Mildenhall, Bury St. Edmunds
England, IP28 7DE

We aim to respond to all privacy inquiries within 48 hours on business days.

18. Supervisory Authority

You have the right to lodge a complaint with the UK Information Commissioner's Office:

Information Commissioner's Office
Wycliffe House, Water Lane
Wilmslow, Cheshire, SK9 5AF
Website: ico.org.uk
Helpline: 0303 123 1113

This Privacy Policy is effective as of November 2025.