Privacy Policy
Last updated: 7 July 2026. This is a starting-point draft — have it reviewed by a solicitor before relying on it, and replace this notice once reviewed.
Be Health ("we", "us") provides blood-testing and health-guidance services through this website and our mobile app. This policy explains what personal data — including health data — we collect, why, and what rights you have over it. We act as the "data controller" for the personal data described here.
What we collect
- Account details: name, email, phone, date of birth, sex.
- Health data: the biomarker results from your blood tests, your answers to any health questionnaire, and notes from consultations with our clinicians. This is "special category data" under GDPR and is only processed with your explicit consent, given at signup.
- Order and payment data: which tests you've bought, appointment times, and confirmation that a payment succeeded. Card details themselves are entered directly into Stripe's own secure payment page — we never see or store your card number.
- Communications: messages you send our care team, and any consultation you have with a clinician.
- Technical data: IP address and basic device information, used for security (e.g. fraud prevention, rate-limiting) and, only with your consent, analytics.
Why we process it, and on what legal basis
- To provide the service you've asked for — book your blood draw, deliver your results, run your consultation — under our contract with you.
- To process your health data specifically, we rely on your explicit consent, which you give separately from your account and marketing consent, and which you can withdraw at any time (see "Your rights" below). Withdrawing consent does not affect results already produced.
- To send you service messages (appointment reminders, result notifications) as part of delivering the service.
- To send you offers or promotions, only with your separate, opt-in marketing consent, which you can turn on or off at any time in your account settings.
- To keep the platform secure and prevent fraud, under our legitimate interest.
Who we share it with
- Partner laboratories, to carry out your blood draw and produce your results.
- Stripe, to process payment — Stripe receives your payment details directly; we only receive confirmation that payment succeeded and the amount charged.
- Our clinicians, to interpret your results and hold your consultation.
- Email and push-notification providers, solely to deliver the messages described above — they do not use your data for their own purposes.
- We do not sell your personal data, and we do not share your health data with advertisers.
Cookies and analytics
We use only strictly necessary cookies to keep you signed in and your booking flow working. If Google Analytics is enabled, it only loads after you accept it in the cookie banner — you can withdraw that choice at any time using the "Cookie settings" link in the footer.
How long we keep it
We keep account and order data for as long as your account is active, and health results for as long as required by applicable clinical record-keeping obligations, after which they are deleted or anonymised. If you delete your account, we remove your personal data within a reasonable period, except where we are legally required to retain specific records (e.g. financial records for tax purposes).
Your rights
Under GDPR/UK GDPR you have the right to: access the personal data we hold about you; correct it if inaccurate; request erasure ("right to be forgotten"); restrict or object to certain processing; and receive your data in a portable format. You can exercise most of these directly from your account, or by contacting us. You also have the right to lodge a complaint with your local data protection authority.
Contact
Questions about this policy or your data can be sent through the contact form on this site, or directly to the email address shown in your account.