PRIVACY POLICY

1. INTRODUCTION

1.1 Starlife Technologies, Inc. ("Starlife", "we", "us", "our"), a company registered in Delaware, United States under company number 5313831 with registered office at 131 Continental Dr, Suite 305, Newark, 19713, Delaware, United States respects your privacy and is committed to protecting your personal data.

1.2 This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you use our Services.

1.3 We act as a data controller for the personal data we collect from you, and as a data processor for certain personal data we process on behalf of our Partner Providers.

1.4 By using our Services, you consent to the data practices described in this Privacy Policy.

2. DATA PROTECTION PRINCIPLES

2.1 We comply with applicable data protection laws, including the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2.2 We adhere to the following principles when processing your personal data:

  • Lawfulness, fairness, and transparency

  • Purpose limitation

  • Data minimization

  • Accuracy

  • Storage limitation

  • Integrity and confidentiality

  • Accountability

3. PERSONAL DATA WE COLLECT

3.1 We collect and process the following categories of personal data:

Identity and Contact Data:

  • Name

  • Date of birth

  • Gender

  • Email address

  • Phone number

  • Postal address

  • Identification numbers (where required)

Health Data:

  • Information about medical conditions or symptoms (where relevant to testing)

  • Fasting status and preparation for tests

  • Blood test results

  • Any other health information you provide to us

Service Data:

  • Appointment details

  • Service preferences

  • Payment information

  • Communications with us

Technical Data:

  • IP address

  • Browser type and version

  • Device information

  • Location data

  • Usage data from our websites or applications

3.2 Special categories of personal data:

  • We process health-related information, which is considered a special category of personal data under data protection laws. We process this data with your explicit consent, to protect your vital interests, for the provision of healthcare or treatment, or where necessary for reasons of public interest in the area of public health.

4. HOW WE COLLECT YOUR PERSONAL DATA

4.1 We collect personal data through various channels:

  • Direct interactions (when you create an account, book appointments, or communicate with us)

  • Automated technologies (when you use our website or applications)

  • Third parties (such as Partner Providers, payment processors, or fraud prevention services)

4.2 You are not obligated to provide personal data to us, but failure to do so may result in our inability to provide certain Services to you.

5. HOW WE USE YOUR PERSONAL DATA

5.1 We use your personal data for the following purposes:

To provide our Services:

  • Facilitating blood draw appointments

  • Coordinating with Partner Providers

  • Processing and delivering test results

  • Managing payments and billing

  • Communicating about your appointments or results

To improve our Services:

  • Analyzing usage patterns and trends

  • Developing new features and offerings

  • Enhancing user experience

  • Troubleshooting technical issues

To comply with legal obligations:

  • Maintaining records as required by law

  • Responding to legal requests or court orders

  • Complying with healthcare regulations

  • Protecting against fraud or illegal activity

5.2 Lawful bases for processing:

  • Consent: Where you have given clear consent for us to process your personal data for a specific purpose

  • Contract: Where processing is necessary for the performance of our contract with you

  • Legal obligation: Where processing is necessary for compliance with a legal obligation

  • Legitimate interests: Where processing is necessary for our legitimate interests or those of a third party

  • Vital interests: Where processing is necessary to protect someone's life

  • Public task: Where processing is necessary for the performance of a task carried out in the public interest

5.3 For special categories of personal data (such as health data), we rely on:

  • Explicit consent

  • Substantial public interest

  • Provision of healthcare or treatment

  • Public health

  • Legal claims or judicial acts

6. DATA SHARING AND TRANSFERS

6.1 We share your personal data with the following categories of recipients:

Partner Providers:

  • Healthcare professionals who perform blood draws

  • Laboratories that process blood samples

  • Medical professionals who review results (where applicable)

Service Providers:

  • Payment processors (for processing payments)

  • Cloud service providers (for hosting data)

  • Communication providers (for sending notifications)

  • Analytics providers (for analyzing service usage)

Data Processors:

  • Supabase (for database management)

  • Railway (for application deployment)

  • Anthropic (for AI services)

  • Twilio (for messaging services)

  • Resend (for email services)

Others:

  • Legal and regulatory authorities (when required by law)

  • Professional advisers (such as lawyers, auditors, and insurers)

  • Potential buyers or investors (in connection with a business transaction)

6.2 International transfers:

  • We may transfer your personal data to countries outside the UK or European Economic Area (EEA). When we do so, we ensure appropriate safeguards are in place, such as:

    • Standard contractual clauses approved by the UK Government or European Commission

    • Binding corporate rules

    • Adequacy decisions

    • Other legally approved mechanisms

6.3 We require all third parties to respect the security of your personal data and to treat it in accordance with the law.

7. DATA SECURITY

7.1 We have implemented appropriate technical and organizational measures to protect your personal data, including:

  • Encryption of sensitive data

  • Access controls and authentication

  • Regular security assessments

  • Staff training on data protection

  • Physical security controls

7.2 While we take all reasonable steps to protect your personal data, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security of your data.

7.3 We have procedures to deal with suspected personal data breaches and will notify you and any applicable regulator when we are legally required to do so.

8. DATA RETENTION

8.1 We retain your personal data only for as long as necessary to fulfill the purposes for which we collected it, including for the purposes of satisfying any legal, regulatory, tax, accounting, or reporting requirements.

8.2 We apply the following retention periods:

  • Account information: For as long as you maintain an active account, plus a reasonable period thereafter

  • Service data: Up to 7 years after your last interaction with us

  • Health data: In accordance with medical record retention requirements (typically 8-10 years)

  • Communication records: Up to 3 years after your last communication with us

  • Technical data: Up to 2 years from collection

8.3 In some circumstances, we may anonymize your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.

9. YOUR DATA PROTECTION RIGHTS

9.1 Under UK GDPR and other applicable data protection laws, you have the following rights regarding your personal data:

  • Right to access: You can request copies of your personal data.

  • Right to rectification: You can request that we correct inaccurate or complete incomplete personal data.

  • Right to erasure: You can request that we delete or remove personal data where there is no good reason for us to continue processing it.

  • Right to restrict processing: You can request that we suspend the processing of your personal data.

  • Right to data portability: You can request the transfer of your personal data to you or to a third party.

  • Right to object: You can object to processing of your personal data where we are relying on a legitimate interest or for direct marketing.

  • Rights related to automated decision-making: You can request human intervention for decisions based solely on automated processing.

  • Right to withdraw consent: You can withdraw consent where we are relying on consent to process your personal data.

9.2 To exercise any of these rights, please contact us using the details provided in Section 12.

9.3 You will not have to pay a fee to access your personal data or to exercise any of your other rights. However, we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive. Alternatively, we could refuse to comply with your request in these circumstances.

9.4 We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it.

9.5 We try to respond to all legitimate requests within one month. Occasionally, it might take us longer if your request is particularly complex or if you have made a number of requests. In this case, we will notify you and keep you updated.

10. COOKIES AND SIMILAR TECHNOLOGIES

10.1 We use cookies and similar technologies to enhance your experience on our websites and applications.

10.2 A cookie is a small file placed on your device when you visit our website. We use the following types of cookies:

  • Essential cookies: Necessary for the website to function properly

  • Analytical/performance cookies: Allow us to recognize and count visitors and analyze website usage

  • Functionality cookies: Remember choices you make and provide enhanced features

  • Targeting cookies: Record your visit to our website, the pages you visit, and the links you follow

10.3 You can set your browser to refuse all or some browser cookies or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of our website may become inaccessible or not function properly.

11. CHANGES TO THIS PRIVACY POLICY

11.1 We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons.

11.2 We will notify you of any material changes by posting the new Privacy Policy on our website or through other appropriate communication channels.

11.3 We encourage you to review this Privacy Policy periodically to stay informed about how we protect your personal data.

12. CONTACT INFORMATION

12.1 If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

Data Protection Officer Starlife Technologies, Inc. 131 Continental Dr, Suite 305 Newark, 19713, Delaware United States Email: privacy@starlifetech.com

12.2 If you are located in the UK or EEA, you have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK data protection authority (www.ico.org.uk) or other relevant data protection authority.

12.3 We would, however, appreciate the chance to deal with your concerns before you approach a data protection authority, so please contact us in the first instance.