top of page

Privacy Policy

Last Updated: 1 January 2026

Your Health, Your Data, Your Control

 

1. Introduction: Our Commitment to Your Privacy

 

This document serves as the Privacy Policy for Una, outlining how we collect, use, share, and protect your personal information when you use our website and application. It must be read together with the Terms and Conditions of Una available here. This Privacy Policy applies to visitors to our website (www.una-app.com) (the “Website”), prospective users, and users of the Una application (the “App”). 

 

We understand that the information shared within the App is personal, and often sensitive. We are committed to safeguarding this data through the implementation of the highest standards of privacy and security measures required by law, including the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. Our policy is designed to empower you by clearly articulating your rights and our responsibilities. By maintaining transparency regarding our data practices, we seek to build and sustain your trust, which is a core tenet of our ethical responsibility.

 

2. What Information Is Collected About You

 

We collect various categories of information to provide our services, enhance your experience, and ensure security. Each category is handled with appropriate safeguards, with particular attention paid to sensitive health data.

 

  • Personal Information

 

This includes basic details that can directly identify you. When you sign up, we may collect personal data such as (but not limited to) your name, email address, year and month of birth, password, and general location information like time zone and language.

 

  • Sensitive Health Information

 

This includes some of the core data necessary for the App’s functionality and is considered special category personal data under UK law. This data is collected only with your explicit consent to provide accurate insights and features. Specific details may include:

    • Menstrual cycle dates (start, end, flow) and related symptoms (e.g., pain, mood, discharge, body temperature).

    • Pregnancy details (if applicable, including due date and trimester).

    • Weight, height, and Body Mass Index (BMI).

    • Any other health-related inputs you choose to provide.

 

  • Technical and Usage Information

 

Data is collected automatically as you interact with the application. This includes device model, operating system, unique device identifiers, IP addresses, application version, and interactions with various features. This information helps us understand application performance and user engagement. Cookies and similar tracking technologies may be utilized for this purpose.

 

  • Information from Third-Party Integrations

 

If you choose to connect the App with third-party services (such as Apple HealthKit, Google Health Connect, or wearable devices including Oura), we may receive information from those services with your permission.

 

This information is likely to include health-related and activity data, such as menstrual cycle information, sleep data, steps, heart rate, or similar metrics. Under UK GDPR, this type of information may constitute special category personal data (health data).

 

Third-party wearable providers and platforms are independent data controllers for the data they collect. To enable Una to access and use this data, you will typically need to:

 

  • authorize the connection with the relevant third-party provider; and

  • provide explicit consent for the Company to process any special category health data received from that integration.

 

We will only process such data in accordance with the permissions and consents you provide.

 

Information Collected via Our Website

When you visit our Website, we may collect limited personal data, including:

  • Contact information you choose to provide (such as name and email address) when signing up for updates, joining a waitlist, applying for membership, or contacting us;

  • Technical information such as IP address, browser type, device information, operating system, referral URLs, and pages visited;

  • Usage and interaction data to understand how visitors navigate and use our website.

This information is collected to operate and improve our Website, respond to enquiries, communicate with prospective users, and understand interest in Una.

Cookies and Analytics

Our Website may use cookies and similar technologies to ensure it functions properly, to analyse traffic and usage patterns, and to understand how visitors engage with our content.

These may collect information such as IP address, device identifiers, browser type, and pages visited. Where required by law, we will obtain your consent before placing non-essential cookies on your device.

You can manage cookie preferences through your browser settings or via any cookie consent tools we may make available.

3. How Your Information Is Used

 

The primary objective for collecting personal data is to deliver the core functionality of the App and to continuously enhance your experience. We adhere to a strict principle of data minimization, meaning we collect and use only the personal data necessary for our specific, clearly explained purposes. All processing of your data is conducted under a valid lawful basis as required by data protection law (for example, your explicit consent for health data, or our need to perform our contract with you for providing the service).

 

  • To Provide and Improve Our Services 

 

We use your data to facilitate core functions like offering personalized wellbeing and healthy habit-building insights and recommendations. This also includes the development of new features and technologies, including artificial intelligence and machine learning models, to support your wellbeing journey. This is based on your explicit consent, where we process special category personal data such as health-related information.

 

  • For Research and Development 

 

We may utilize aggregated or de-identified data for internal research, product development, and contributions to broader scientific studies. In such cases, all direct identifiers are removed to ensure the data cannot be linked back to an individual. For participation in specific scientific studies with external partners, your explicit consent will always be sought.

 

  • For Artificial Intelligence and Machine Learning Development 

 

We use data to make our wellbeing insights and features smarter. Wherever possible, we do this with anonymized or combined data that cannot identify you. In rare cases, we may need to use limited personal data inside our systems, but we keep it protected and use only what is necessary. We will never use information that can directly identify you to train models outside our organisation unless you give us clear permission.

 

  • For Communication and Customer Support

 

We use your contact information to respond to inquiries, provide technical support, send essential updates and security alerts, and conduct customer satisfaction surveys.

 

For Website visitors, this processing is based on our legitimate interests in responding to enquiries and operating our business, or your consent where you have chosen to receive marketing communications.

 

You may opt out of non-essential communications at any time by using the unsubscribe link in our emails or by contacting us at admin@una-app.com.

 

  • For Security and Legal Compliance

 

We use data to detect and prevent fraudulent activities, enhance application security, investigate potential data breaches, and ensure adherence to legal obligations.

 

4. Who Your Information Is Shared With

 

We engage with various third parties to operate and deliver our services, always ensuring that data sharing adheres to strict privacy and security protocols.

 

  • Service Providers

 

We use trusted third-party companies for services such as (but not limited to) cloud hosting, analytics, customer support, and payment processing. These providers are contractually bound to protect your data and are permitted to use it only for the specific purposes we instruct.

 

  • Aggregated or Anonymized Data

 

Data that has been stripped of all personal identifiers may be shared for broad research, statistical analysis, and general business insights. This type of data cannot be linked back to an individual.

 

  • Legal Obligations

 

In rare and specific circumstances, we may be legally compelled to disclose user information when a valid court order or subpoena is received from law enforcement or government authorities. We are committed to challenging requests that are not legally sound and will notify affected users of such requests whenever legally permissible.

 

  • No Sale or Rental of Sensitive Personal Data

 

We do not sell or rent your sensitive personal data, including your health data, for monetary gain or targeted advertising purposes.


5. Keeping Your Data Safe: Our Security Measures

 

We are committed to safeguarding your personal data. We employ robust technical and organizational measures to protect against unauthorized access, loss, misuse, or alteration of information.

 

  • Encryption

 

Your data is protected through encryption both during transmission (data in transit) and when stored on our servers (data at rest).

 

  • Access Controls

 

Access to user data is strictly limited to employees and, where necessary, third party service providers, whose job functions necessitate such access.

 

  • Organizational Safeguards

 

We store personal profile data separately from sensitive health data for an enhanced layer of protection.

 

 

6. Your Rights Over Your Data 

 

You possess significant rights concerning your personal data. We are dedicated to facilitating the easy and effective exercise of these rights.

 

  • Right to Access and Know 

 

You have the right to inquire about the personal information we have collected about you and to request a copy of your data.

 

  • Right to Correction

 

You have the right to request the correction or update of any inaccurate or incomplete personal or health data.

 

  • Right to Deletion (Right to be Forgotten)

 

You can request the deletion of your personal data under certain circumstances. Note that this right is not absolute and may be subject to legal obligations requiring the retention of certain data.

 

  • Right to Withdraw Consent

 

Where our processing of data relies on your consent, you have the right to withdraw that consent at any time. If you withdraw consent for processing essential to providing the service – such as use of health information – some core features of the app may no longer function.

 

  • Right to Object and Limit Processing

 

You have the right to object to certain types of processing or request limitations on how your data is used. For example, you can object to your data being used for direct marketing purposes, and you can ask us to restrict processing of your data in specific cases – e.g., while a requested correction is being made. 

 

  • Right to Data Portability

 

You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit that data to another service provider.

 

  • Right to Lodge a Complaint

 

You have the right to lodge a complaint with a supervisory authority if you believe your data protection rights have been violated. In the UK, this is the Information Commissioner’s Office (ICO). We would, however, appreciate the chance to address your concerns directly before you approach the ICO or other authorities, so please feel free to contact us about any issues.

 

To exercise any of the rights described above, please send an email to our Privacy team at privacy@una-app.com

 

We may need to verify your identity before processing your request to ensure the security of your data. We will respond to all valid requests in accordance with applicable laws and regulations.

 

7. International Data Transfers

 

Una is established in the United Kingdom and primarily designed for users based in the UK. We do not currently direct our marketing activities outside the UK.

 

Your personal data is primarily stored and processed in the UK and/or the European Economic Area (EEA). If personal data is transferred outside the UK, we ensure that appropriate safeguards are in place in accordance with UK GDPR. 

 

8. Children's Privacy

 

The App is designed for adult users and is not intended for use by children. For residents of the European Economic Area (EEA), the UK, and Canada, the age limit is typically 16 years old. For users in the United States, the services are not intended for children under 13 years of age. We do not knowingly collect personal information from children under these age limits without appropriate consent. If we become aware that we have inadvertently collected data from a child without proper consent, we will take immediate steps to delete that information.

 

9. Biometric Data

 

The App does not collect or process your biometric data, such as fingerprints or facial scans. However, you may choose to use your device’s built-in biometric security features (e.g., Face ID or Touch ID) to secure access to your account. This is a device-level function, and we do not receive or store any of your biometric information.

 

10. Changes to This Policy

 

This Privacy Policy may be updated periodically to reflect changes in our data practices, evolving legal obligations, or alterations in business operations. When significant changes are made, we will notify you through the App or via email. The "Last Updated" date at the top of this policy will also be revised accordingly.

 

11. Contact Us

 

For any questions about this Privacy Policy, our data practices, or to exercise your privacy rights, please contact our Privacy Team.

Email: privacy@una-app.com   

Data Controller: HappyCo Ltd.

Registered Address: HappyCo Ltd, 124 City Road, London EC1V 2NX, United Kingdom

bottom of page