Privacy Policy

1. Overview

Your privacy matters to us.

Lina Health Ltd (“Lina”, “we”, “us”, “our”) is committed to protecting your personal data. This Privacy Policy explains what data we collect, why we collect it, how we use it, and your rights under applicable data protection laws.

Key principles:

• We collect only what's necessary to provide our service
• We never sell your personal data
• You control your information
• We comply with UK GDPR and applicable data protection laws

2. Data Controller

Lina Health Ltd is the data controller responsible for your personal data.

Registered Address: Unit 82a, James Carter Road, Mildenhall, Bury St. Edmunds, England, IP28 7DE

Contact: hello@findlina.com

Data Protection Officer: hello@findlina.com

3. Data We Collect

3.1 Account Data

• Name
• Email address
• Sign-in method (Apple, Google, or email)
• Account creation date
• Profile preferences

3.2 Wellness & Health Data (User-Logged)

• Medication doses and timing
• Side effects and symptoms
• Weight and body measurements
• Meal logs and notes
• Mood and energy tracking
• Photos (if you choose to upload them)
• Custom journal entries
• Water and protein intake

3.3 App Usage Data

• Features used (e.g., check-ins, reminders)
• Time spent in app
• Button clicks and navigation patterns
• Session frequency and duration

3.4 Technical Data

• Device type and model
• Operating system version
• App version
• IP address (anonymized where possible)
• Crash reports and error logs
• Unique device identifiers

What We DON'T Collect

• Prescription records or data from your pharmacy
• Information from your medical provider (unless you explicitly share)
• Payment card details (handled entirely by Apple/Google)
• Social Security or national ID numbers
• Genetic or biometric data

4. How We Use Your Data

4.1 Provide the Service

• Create and maintain your account
• Enable core tracking features
• Sync data across your devices
• Send reminders (if enabled)
• Provide customer support

4.2 Improve the App

• Analyze usage patterns to improve features
• Fix bugs and technical issues
• Develop new functionality
• Conduct research (anonymized/aggregated only)

4.3 Communicate With You

• Send important service updates
• Respond to your inquiries
• Share educational content (with consent)
• Conduct user research and surveys (optional)

4.4 Safety & Compliance

• Prevent fraud and abuse
• Enforce our Terms of Use
• Meet legal obligations
• Protect our and users' rights

5. Legal Basis for Processing

Under UK GDPR, we process your data based on:

• Contract: To provide the Lina service you signed up for
• Consent: For optional features like marketing emails and analytics
• Legitimate Interests: To improve our service and prevent fraud
• Legal Obligation: To comply with applicable laws

6. Sharing Your Data

We never sell your personal data. We may share it only with:

6.1 Service Providers

• Supabase – Database hosting (EU/UK servers, SOC 2 certified)
• Apple/Google – Payment processing and app distribution
• Email service providers – For transactional emails
• Cloud storage – For secure data backup

All service providers are bound by data processing agreements.

6.1.1 AI Services (Ask Lina Feature)

Our “Ask Lina” feature uses third-party AI services to provide personalized health and wellness responses:

• OpenRouter – AI model routing service (routes to Google Gemini and OpenAI models)
• Google Gemini – AI model for generating responses
• OpenAI GPT-4o-mini – AI model for generating responses

What data is shared: Your anonymized health summary including weight trends, daily check-ins, and meal logs. Your name and other personally identifiable information are removed before transmission.

Your consent: You must explicitly consent before any data is shared with AI services. You can revoke consent at any time by not using the Ask Lina feature. These AI providers offer equivalent or greater data protection standards under applicable laws.

6.2 Legal Requirements

We may disclose data if required by law.

6.3 Business Transfers

If Lina Health Ltd is acquired or merged, your data may be transferred to the new owner. We will notify you before any such transfer.

7. International Data Transfers

Your data is primarily stored on servers located in the European Union and United Kingdom. If data is transferred outside the UK/EU, we ensure appropriate safeguards.

8. Data Storage & Security

8.1 Where Data Is Stored

Primary hosting: EU/UK-based servers (Supabase). All infrastructure is SOC 2 certified.

8.2 Security Measures

• Encryption in transit (TLS/SSL) and at rest
• Access controls and authentication
• Regular security audits
• Employee training on data protection
• Incident response procedures

9. Data Retention

• Active accounts: We keep your data as long as your account is active.
• After deletion: Personal data deleted within 30 days.
• Backups: Removed within 90 days.
• Aggregate anonymized data: May be retained indefinitely for research.

10. Your Rights

Under UK GDPR, you have the right to:

• Access
• Rectification
• Erasure
• Restrict Processing
• Data Portability
• Object
• Withdraw Consent
• Complain to ICO

Email hello@findlina.com with your request. We'll respond within 30 days.

11. Automated Decision-Making

We do not use automated decision-making or profiling that produces legal or similarly significant effects on you.

12. Children's Privacy

Lina is not intended for anyone under 18 years of age.

13. Cookies and Tracking

The Lina mobile app does not use cookies.

14. Marketing Communications

Opt-in required. Easy unsubscribe.

15. Third-Party Links

Our app may contain links to third-party websites. We are not responsible for their privacy practices.

16. Changes to This Policy

We may update this policy. Material changes notified 30 days in advance.

17. Contact Us

Email: hello@findlina.com — Lina Health Ltd, Unit 82a, James Carter Road, Mildenhall, Bury St. Edmunds, England, IP28 7DE

18. Supervisory Authority

UK Information Commissioner's Office — ico.org.uk — Helpline: 0303 123 1113

This Privacy Policy is effective as of November 2025.