-7.png){kind=small}
Last updated: 18 May 2026
1. Who We Are and How to Contact Us
1.1 This Privacy Policy explains how ZOVRAH UK LTD ("Zovrah", "we", "our", or "us") collects, uses, shares, and protects personal data when you use the Zovrah iOS app, our website, and supporting services (the "Service").
1.2 Data controller. ZOVRAH UK LTD is the data controller. We are registered in England and Wales (Company No. 16660258), registered office 167–169 Great Portland Street, 5th Floor, London, W1W 5PF, and are registered with the UK Information Commissioner's Office (ICO) under reference ZC133750.
1.3 Privacy contact. For any privacy question or to exercise your rights: info@zovrah.com.
1.4 This is a transparency notice, not a contract. Using the Service is not treated as your "agreement" to it. Where we rely on consent — including for health data — that consent is requested separately and explicitly in-app and can be withdrawn (sections 4, 5, 11).
1.5 Zovrah is a wellness product, not a medical device. It does not diagnose, treat, prevent, monitor, predict, or cure any condition. Scores and insights are reflective guidance only and are not a substitute for professional medical advice.
2. The Service and Your Data Journey
In summary: you sign up with email/password or platform single sign-on; you complete onboarding questions; you optionally grant device permissions (health data, camera, photo library, notifications), each of which is optional and the app works without them; you log structured daily reflections and optional entries; our in-app AI coaching feature ("Kairo") generates insights using a third-party AI gateway; subscriptions are processed through the App Store; and consistency milestones may credit cash Rewards you can withdraw. You can export your own data and delete your account at any time from in-app settings.
3. Information We Collect
3.1 Identity and account. Email address; password (stored only as a managed hash); platform sign-in token (if you use platform single sign-on); name, age, gender, lifestyle type, primary goal; optional profile avatar; auto-generated referral code and any referred-by relationship.
3.2 Health and wellbeing data — special category data (UK GDPR Art. 9). This is the most sensitive category and is processed only on your explicit consent:
• Self-reported reflections (morning/midday/evening check-ins): sleep and wake times, sleep quality, time to fall asleep, night wake-ups, morning feeling and stress, mood, energy, stress drivers, day impacts, wind-down, reflection and gratitude text;
• Calculated sleep, stress, nutrition, and readiness scores;
• Meals (name, description, optional photo, AI-derived items, calories/macros, health rating);
• Supplements (name, brand, category, AI-detected components from an optional label photo, notes, daily logs);
• Hydration, caffeine, and weight logs;
• Free-text journal entries with structured emotion tags;
• User-defined habits, goals, and action plans;
• Device health data: with your permission, the app reads sleep, heart rate, HRV, resting heart rate, steps, workouts, and mindfulness sessions from the device's health store. This is read and processed on your device. Only derived aggregates (for example, nightly sleep duration) are saved to our systems; raw health-store samples are not bulk-uploaded.
3.3 Coaching and context data. Kairo chat transcripts; Kairo "memories" (structured summaries of preferences, goals, patterns, and routines, which you can edit and delete); and a derived personal-context profile (rolling baselines, chronotype, top stress drivers, logging cadence).
3.4 Behavioural and engagement data. Streaks, totals, milestone flags, weekly reviews, notification preferences, and reminder schedules.
3.5 Commercial and financial data. Subscription state from our subscription-management provider (active flag, plan, period, store, expiry, customer reference); Reward transactions (GBP amount, type, status, reference); and payout requests including the bank details you provide (account-holder name, sort code/IBAN, account number, country). Card and billing data is handled directly by the App Store; we never see your raw payment instrument.
3.6 Device and technical data. Platform push token (not stored on our systems today); iOS and app version; and crash/diagnostic data handled by the platform's own framework. We do not use third-party analytics or crash-reporting tools.
3.7 Organisation enrolment. If you join via an invite code, we record the organisation ID, organisation type (community/corporate/team), and join timestamp. Organisation administrators do not see individual member health data — see section 7.3.
3.8 What we do not collect. Precise geolocation; contacts; microphone audio; advertising identifiers (IDFA); or browsing activity outside the app.
4. Purposes and Legal Bases
We only process personal data where we have a lawful basis under UK GDPR (and EU GDPR for users in the EEA), and we only process health-related special category data where we also have a condition under Article 9.
We rely on contract (Article 6(1)(b)) to create and maintain your account, to compute your sleep, stress, nutrition, and readiness scores and surface insights, to provide Kairo coaching grounded in your own data, to generate your weekly, monthly, and practitioner reports, and to manage your subscription. Where these activities involve health-related data — as they do for scores, insights, coaching, and reports — the Article 9 condition we rely on is your explicit consent under Article 9(2)(a), obtained separately in-app.
We rely on your consent (given through the device notification permission) to send local check-in reminders.
We rely on a combination of contract, our legitimate interests in preventing fraud, and our legal obligations relating to anti-money-laundering and tax, to operate the Rewards programme and process payouts.
We rely on our legitimate interests in keeping the Service secure, preventing abuse, and debugging. Where this unavoidably involves health-related data, we rely on your explicit consent or, where applicable, the substantial-public-interest condition under Article 9.
We rely on our legal obligations to comply with lawful requests and to keep tax and accounting records, relying on Article 9(2)(g) where health-related data is involved.
4.1 Health data is processed only on explicit consent. We do not rely on contract or legitimate interests as the Article 9 condition for health-related processing; it is carried out under your explicit, freely given, specific, informed consent, captured separately in-app.
4.2 Withdrawing consent. You may withdraw at any time (section 11). Because health data is fundamental to the Service, withdrawal will significantly limit or end core functionality; account deletion is the corresponding remedy. Withdrawal does not affect processing carried out beforehand.
5. AI and Kairo
5.1 How insights are generated. Kairo and related features (chat, insight cards, nutrition extraction from meal photos, supplement-label parsing, dynamic check-in questions) assemble a structured prompt on your device containing the minimum necessary context for the task, and send it to a third-party AI gateway provider that routes it to large language model (LLM) providers for inference. For meal and supplement-label analysis, the relevant photo is uploaded for vision-model inference. Responses are saved to your own records.
5.2 We do not train AI on your data. We do not use your personal data, including health data, to train, fine-tune, or improve any AI or machine-learning model. The AI gateway and LLM providers act as our processors under enterprise terms that prohibit training on, retaining, or repurposing your data. If we ever intend to use personal data for model improvement in future, we will first obtain your separate, explicit opt-in consent and update this Policy; we will not do so on the basis of this Policy as written.
5.3 No significant automated decisions. Kairo provides reflective guidance only. It does not make decisions producing legal or similarly significant effects: it does not determine Rewards eligibility, pricing, access, or any binding outcome. Rewards are awarded by fixed, deterministic rules, not by AI.
5.4 Limitations. Outputs are probabilistic, depend on self-reported data, and may be incomplete or inaccurate.
5.5 Your controls. You can clear individual Kairo memories, clear chat history, and delete your account (which cascades to all AI-derived records).
6. Sub-processors
We use a small set of processors, each bound by a written data processing agreement and permitted to act only on our instructions: a cloud database, authentication, and storage provider; a third-party AI gateway provider and the LLM providers it routes to (under enterprise no-training terms); a subscription-management provider; the App Store (for distribution, in-app purchase, single sign-on, and push delivery); a third-party identity-verification provider (used for fraud/AML checks where required); and a payout provider for Rewards (to be appointed). We maintain a current sub-processor schedule, available on request and on our website, which we may update from time to time (section 14).
7. Sharing Your Information
7.1 We do not sell personal data, and we never share health data for advertising or marketing.
7.2 User-initiated sharing. Practitioner, weekly, and monthly reports are exported by you and shared by you via the device share sheet — we do not push data to any practitioner. If you enable the Accountability Partner feature, a curated, limited slice (for example, streaks or a weekly summary, per your sharing settings) is shared with a user you choose; no raw health data is shared by default and you control and can stop it at any time.
7.3 Organisations. Where you join via an organisation invite, only aggregate, anonymised participation metrics (for example, the percentage of members who checked in this week) may be shared with the sponsoring organisation. Individual member health data is never shared with an employer, community, or team without your explicit, per-user opt-in.
7.4 Legal and regulatory. We disclose data only on a valid legal basis or order, and will notify you unless legally prohibited.
7.5 Corporate transactions. In a merger, acquisition, or restructuring, data may transfer as a business asset under this Policy or an equivalent successor; you will be notified and given a deletion option beforehand.
8. International Transfers
Some processors are located outside the UK, including in the United States. Where personal data is transferred outside the UK/EEA we rely on UK adequacy regulations where they apply, and otherwise on the UK International Data Transfer Agreement or the UK Addendum to the EU Standard Contractual Clauses (and the EU SCCs for EEA users), together with supplementary measures including encryption in transit and at rest, tenant isolation, and contractual no-training terms with AI providers. You can request a copy of the relevant safeguards via info@zovrah.com.
9. Security
We apply, among other measures: encryption in transit and at rest; row-level access controls so each user's records are isolated to that user; secure storage of sensitive tokens in the device keychain; on-device processing of device-health data with only derived aggregates persisted; restricted, role-based internal access; and ongoing monitoring and incident response. No system is completely secure, and you acknowledge the inherent risks of digital services. In the event of a personal data breach we will notify the ICO within 72 hours where required, and affected users without undue delay where the risk is high.
10. Data Retention
We retain personal data only as long as necessary. Our schedule is:
• Account and profile (active user): for the life of the account.
Inactive accounts: after 24 months without sign-in the account is flagged and you are notified; data is deleted or fully anonymised at 36 months.
• Check-ins, journal entries, meal/supplement/hydration/weight logs, and derived scores: for the life of the account; deleted within 30 days of account deletion.
• Kairo chat history and memories: for the life of the account; you can clear them in-app at any time.
• Reward transactions and referral records: 7 years from creation (UK Companies Act / HMRC record-keeping).
• Payout requests and bank details: 7 years from completion for accounting/AML; bank details may be redacted sooner where no longer needed for AML.
• Authentication logs: typically 30–90 days.
• Crash and diagnostic logs: per the platform provider's defaults.
• Backups: disaster-recovery backups roll on a short window (typically 7–28 days), after which deletions fully propagate.
In plain terms: when you delete your account we delete your personal data from active systems within 30 days; certain financial and payout records are retained for up to 7 years to meet legal and tax obligations, in minimised and access-restricted form.
11. Your Rights
11.1 Subject to law, you may: access your data; correct it; request erasure; restrict or object to processing; obtain portability; and withdraw consent at any time.
11.2 How. You can already self-serve access and portability through the in-app PDF/CSV export tools, and most data is directly editable in-app. Erasure is available via in-app account deletion. You can withdraw consent by revoking device permissions in iOS Settings and/or deleting your account. For anything else, contact info@zovrah.com; we may verify your identity and will respond within 30 days (extendable for complex requests, with notice).
11.3 Complaints. You may complain to the ICO (ico.org.uk) or, in the EEA, your local supervisory authority. We would welcome the chance to resolve concerns first.
12. Children
The Service is for adults aged 18 or over only. It is not directed to, and must not be used by, anyone under 18. We do not knowingly collect data from anyone under 18 and will promptly delete it if we become aware of it. Contact info@zovrah.com to report a concern.
13. Marketing, Cookies, and Trackers
13.1 No advertising or behavioural tracking. The app uses no advertising SDKs, no third-party behavioural-analytics SDKs, and no advertising identifiers.
13.2 Email. We currently send only transactional emails (sign-up confirmation, password reset, sign-in links). We do not operate a marketing-email programme. If we introduce one, it will be separate, explicitly opt-in, and one-click unsubscribable; we will not use health data for it.
13.3 In-app offers. Any "offers" in the app are subscription commerce mechanics (for example, introductory pricing or win-back offers) handled through the App Store. They are not behavioural advertising.
13.4 Website. If we publish a marketing website, strictly necessary cookies will be used without consent; any analytics or marketing cookies will be subject to a separate cookie notice and a PECR-compliant consent banner.
14. Changes to This Policy
We may update this Policy. Material changes will be notified in-app and by email at least 14 days before they take effect, and where a change affects consent-based processing we will seek fresh consent rather than relying on continued use. Routine updates (for example, to the sub-processor schedule) may be made without prior notice; the "Last updated" date always reflects the latest change.
15. Contact
ZOVRAH UK LTD · Company No. 16660258
167–169 Great Portland Street, 5th Floor, London, United Kingdom, W1W 5PF
Email: info@zovrah.com · ICO registration: ZC133750