Privacy Policy

Last Updated:


Your privacy matters


Myora Ltd ("Myora", "we", "us", "our") is committed to protecting your privacy. This policy explains what personal information we collect, why we collect it, how we use and protect it, and the rights you have over it.


Myora Ltd is the data controller for the personal information described in this policy. We are a company registered in England and Wales (Company No. 16694154), with our registered office at 128 City Road, London, EC1V 2NX, United Kingdom. We are registered with the UK Information Commissioner's Office (ICO) under registration number ZC119958.


If you have any questions about this policy or how we handle your data, contact us at team@myora.health.

What we collect


Information you provide to us:

  • Name, email address, phone number (including your WhatsApp number) and other contact details when you join our waitlist, enquire about our services, or sign up to our platform

  • Organisation details if you represent a corporate, HMO, insurer or health scheme

  • Date of birth and gender

  • Health and wellness information you give us through assessments, daily check-ins and coaching — including diet and nutrition, physical activity, sleep, stress, mood, weight, body measurements, blood pressure, blood glucose and other clinical markers, family medical history, and lifestyle factors

  • Messages and communications you send us, including through WhatsApp, our mobile app, email and web forms


Information we collect automatically:

  • Device and browser information

  • IP address and approximate location

  • Pages visited and how you interact with our website and app

  • Cookies and similar technologies (see "Cookies" below)


Information from third parties:

  • Where an organisation (such as an employer, HMO or insurer) sponsors your participation, we may receive your name and contact details from them to enrol you

  • Where you complete clinical screening through one of our partner labs or clinics, we may receive your test results

Special category (health) data


Most of the information above about your health is special category data under data protection law, which receives extra protection. We only collect and use it where you have given us your explicit consent, which you provide when you join the programme and complete your assessment. You can withdraw this consent at any time (see "Your rights").

Why we use your information and our lawful basis


Under the UK GDPR we must have a lawful basis for using your personal data. Our bases are set out below.


What we use your data for

Lawful basis

Providing and personalising your wellness coaching, assessments, ThriveScore, risk insights and progress tracking

Consent, and for health data your explicit consent

Sending you coaching messages and programme content over WhatsApp and our app

Consent

Responding to enquiries and providing support

Our legitimate interests in running and supporting our service

Processing rewards and payments

Performance of our contract with you

Sending you updates and marketing about Myora

Consent (you can opt out at any time)

Producing anonymised, aggregate insights for sponsoring organisations

Our legitimate interests in operating a B2B2C service, using only anonymised data

Improving and securing our website, app and services

Our legitimate interests

Meeting legal and regulatory obligations

Legal obligation


We do not sell your personal information to anyone.

WhatsApp messaging: your consent and how to opt out


Myora delivers coaching and programme content through the WhatsApp Business Platform, provided by Meta Platforms Ireland Ltd.


Opt-in. We will only message you on WhatsApp after you have given us your explicit consent — for example by entering your WhatsApp number and confirming that you would like to receive Myora coaching messages when you sign up. We will never message you on WhatsApp without your prior opt-in.


Opt-out. You can stop receiving WhatsApp messages from us at any time by:

  • replying STOP to any of our WhatsApp messages; or

  • emailing us at team@myora.health asking to be unsubscribed.


Once you opt out, we will stop sending you WhatsApp messages promptly. Opting out of messaging does not delete your account or other data — to do that, see "Your rights".


When you communicate with us over WhatsApp, your messages are also processed by Meta in line with WhatsApp's own terms and privacy policy.

Who we share your information with


We share personal data only where necessary, and we require everyone who processes data on our behalf to protect it and use it only on our instructions. We share data with:

  • Service providers (processors) who help us run Myora — including our messaging provider (Meta / WhatsApp), our AI coaching technology provider (Google, for Gemini), our payment providers (Paystack and Stripe), our website and cloud hosting providers, and our clinical screening and lab partners

  • Sponsoring organisations (employers, HMOs, insurers) — these receive only anonymised, aggregate wellness data. They never receive your individual, identifiable health information

  • Professional advisers, regulators and authorities where we are required to by law

International data transfers


Myora operates across the UK and Nigeria (and over time other regions). This means your personal data, including health data, may be transferred to and processed in countries outside the UK — in particular Nigeria, where we run our Lagos programme and work with local clinical and payment partners.

Where we transfer your data outside the UK to a country that does not have UK "adequacy" status, we put appropriate safeguards in place (such as the ICO's International Data Transfer Agreement or equivalent contractual protections) to ensure your data receives an equivalent level of protection. You can request a copy of these safeguards by contacting us at team@myora.health.

How we keep your data safe


We use appropriate technical and organisational measures to protect your information, including encryption of health data in transit and at rest, access controls, and secure hosting. No system is completely secure, but we work to protect your data and to limit who can access it.

If a personal data breach occurs that is likely to put your rights at risk, we will notify the ICO within 72 hours of becoming aware of it, and we will tell you without undue delay where the law requires us to.

Automated processing and profiling


To personalise your programme, Myora uses your assessment and check-in data to calculate health scores and risk insights and to tailor your coaching. This involves automated processing (profiling). These insights are designed to support you, not to make legally significant decisions about you, and they do not replace professional medical advice. You can ask us about how these insights are generated by contacting team@myora.health.

How long we keep your data


We keep personal data only for as long as necessary for the purposes set out in this policy, or as required by law. We keep your wellness and programme data for the duration of your participation plus 2 years, unless you ask us to delete it sooner. After that, we securely delete or anonymise it.

Your rights


Under the UK GDPR you have the right to:

  • Access the personal data we hold about you

  • Correct inaccurate or incomplete data

  • Erase your data ("right to be forgotten")

  • Restrict or object to certain processing

  • Data portability — receive your data in a portable format

  • Withdraw consent at any time, where we rely on consent (this will not affect processing carried out before you withdrew it)


To exercise any of these rights, contact us at team@myora.health. We will respond within the timeframes required by law (usually within one month).

You also have the right to complain to the UK's data protection regulator, the Information Commissioner's Office (ICO), if you are unhappy with how we have handled your data. You can contact the ICO at ico.org.uk or on 0303 123 1113. We would, however, appreciate the chance to address your concerns first.

How to delete your data and account


You can ask us to delete your personal data and close your account at any time by emailing team@myora.health with the subject line "Delete my data". We will verify your request and delete or anonymise your data without undue delay, and we will instruct our service providers to do the same. We may keep a minimal record of your request, and a limited amount of data, only where we are required to by law. We will confirm to you once your request has been completed.

Cookies


We use essential cookies to operate our website and analytics cookies to understand how visitors use our site. You can manage or disable cookies through your browser settings. Disabling some cookies may affect how the site works.

Children


Myora is intended for adults. You must be 18 or over to use our services. We do not knowingly collect data from anyone under 18.

Changes to this policy


We may update this policy from time to time. Where changes are significant, we will notify you by email or through our platform. The "last updated" date at the top shows when this policy was last revised.

Contact us


Myora Ltd

Company No. 16694154 (registered in England and Wales)

Registered office: 128 City Road, London, EC1V 2NX, United Kingdom

Email: team@myora.health