Data Protection & Privacy Policy

1. Introduction

Welcome to Optima.ai. We are committed to protecting your personal and health data. This policy outlines how we collect, process, and safeguard your data when you use our services, including ordering at-home diagnostic test kits, accessing your results via our AI-powered platform, and receiving communications from us. We aim to be transparent, compliant, and respectful of your privacy.

2. Data Controller & Contact

Optima.ai Ltd is the legal entity responsible for determining the purposes and means of processing your personal data. If you have any questions about how we handle your data, or if you wish to exercise your legal rights, please contact our Data Protection Officer at DPO@optima.ai.

3. What Data We Collect

We collect a range of personal data to provide and improve our services:

• Account & Contact Data: Your name, email address, phone number, and home address are collected to manage your account and deliver your test kit.
• Health Profile Data: Information like your age, biological sex, medical history, symptoms, lifestyle habits, and wellness goals helps us tailor your experience and results.
• Test Result Data: This includes your raw biomarker results, any analysis from our lab partners, and AI-generated insights.
• Technical Data: We automatically collect data about your device, browser, and usage patterns to improve site performance and security.
• Payment Data: Billing and transaction information is collected securely through our payment providers.
• Marketing Preferences: Your communication choices, such as opting into email or SMS updates.
• Aggregated/Anonymous Data: We use anonymised data for product development, research, and statistical analysis.

4. How We Collect Data

We collect your data in three main ways:

• Direct Collection: When you create an account, fill in your health questionnaire, order a kit, or contact our support team.
• Automated Technologies: As you interact with our website or dashboard, we use cookies and analytics tools to gather technical and usage information.
• Third Parties: Our partners such as laboratories and courier services may share information necessary to fulfil your test and deliver your results.

5. Why We Process Your Data

We process your data for the following purposes, each with a lawful basis:

Our AI models are used to generate health insights based on your test results. These models are continuously monitored and refined, but they do not replace professional medical advice. All outputs are reviewed against reference ranges and guidelines.

• To fulfil your order and provide our service (contractual obligation under Article 6(1)(b)).
• To analyse your test results and generate insights (healthcare provision under Article 9(2)(h)).
• To remind you about sample returns or subscription renewals (legitimate interest under Article 6(1)(f)).
• To send promotional messages if you've opted in (consent under Article 6(1)(a)).
• To run analytics and maintain platform security (legitimate interest under Article 6(1)(f)).

6. Sharing Your Data

We do not sell your data. We only share it with trusted partners when absolutely necessary:

• Laboratories and logistics providers to process and deliver your test.
• Healthcare professionals for optional clinical interpretation.
• Technology providers who host our platform and support analytics.
• Regulators or legal authorities if required by law.

If your data is transferred outside the UK or EEA, we ensure it is protected using safeguards such as Standard Contractual Clauses.

7. Security & Data Retention

We implement industry-standard security measures, including data encryption, secure servers, and access controls, to protect your information.

We retain your data only for as long as necessary to meet legal, regulatory, and operational needs. For example, test results may be stored for up to 8 years to comply with medical record guidelines.

8. Your Rights

You have the right to:

• Access the data we hold about you.
• Correct inaccuracies in your information.
• Request deletion (where applicable).
• Restrict or object to certain types of processing.
• Request data portability (e.g., to transfer your results to another provider).
• Withdraw consent at any time.
• Lodge a complaint with the Information Commissioner's Office (ICO).

9. Cookies & Tracking

We use cookies to personalise your experience and understand how our site is used. These may include:

• Essential cookies for login and navigation.
• Performance cookies for analytics.
• Marketing cookies to tailor communications.

Non-essential cookies (such as marketing and analytics) are only used with your consent. You can update your cookie preferences at any time via our cookie banner or manage cookie preferences in your browser.

10. Policy Updates

We may update this policy from time to time. Any material changes will be clearly communicated via email or notifications in your user dashboard. By continuing to use our services, you accept the latest version of this policy.