Privacy policy

Last updated: 5 May 2026

Company: Clubwell Ltd (Company Number: 10834866)
ICO Registration Number: ZA887370
Address: 2D Eagle Road, Redditch, England, B98 9HF, United Kingdom
Contact: privacy@clubwell.com

1. Introduction

Hi there from Clubwell! Our mission here is to help you on your wellness journey to live healthier and happier for longer. To do so to the best of our ability, we collect personal information from you as you use our services. This Privacy Policy describes how Clubwell Ltd ("Clubwell," "we," "us," or "our")  collects, uses, processes, stores, and discloses your personal information, including health data, when you visit our website, use the Clubwell app, purchase products, or otherwise interact with us.

This Privacy Policy is designed to comply with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and other applicable UK data protection laws. We are registered with the Information Commissioner's Office (ICO) under registration number ZA887370.

Please read this Privacy Policy carefully. By using any of our Services, you acknowledge that you have read and understood how we collect, use, and protect your information as described in this Privacy Policy.

2. Who We Are (Data Controller)

Clubwell Ltd is the data controller responsible for your personal information. This means we determine how and why your personal data is processed. If you have any questions about this Privacy Policy or how we handle your data, please contact us at:

  • Email: privacy@clubwell.com
  • Post: Clubwell Ltd, 2D Eagle Road, Redditch, England, B98 9HF, United Kingdom
  • ICO Registration: ZA887370

3. Information We Collect

We collect different types of personal information depending on how you interact with our Services:

3.1 Account and Contact Information

When you create an account or make a purchase, we collect:

  • Full name
  • Email address
  • Postal address (billing and shipping)
  • Telephone number
  • Date of birth
  • Gender
  • Country of residence
  • Username and password
  • Account preferences and settings

3.2 Health and Biometric Data (Special Category Data)

IMPORTANT: The Clubwell app collects and processes sensitive health data to calculate your MST (Metabolic Sugar Tolerance) Score and help you track your health journey.

When you use the Clubwell app, consent to health tracking and use connected medical devices, we collect:

Health Metrics and Measurements:

  • Blood glucose levels
  • Blood pressure (systolic and diastolic)
  • Blood lipid profiles (total cholesterol, HDL, LDL, triglycerides)
  • Uric acid levels

Body Composition Data:

  • Weight
  • Height
  • Waist circumference
  • Body Mass Index (BMI)
  • Body fat percentage
  • Muscle mass
  • Skeletal muscle mass
  • Body protein percentage
  • Fat-free body weight
  • Subcutaneous fat
  • Visceral fat level
  • Body water percentage
  • Bone mass
  • Basal metabolic rate
  • Metabolic age

Self-Reported Health Data:

  • Ideal weight goals
  • Food and drink you consume
  • Diet Preferences
  • Self-rated sleep quality (1-10 scale)
  • Self-rated physical activity/movement (1-10 scale)
  • Self-rated stress/calm levels (1-10 scale)

Metabolic Sugar Tolerance (MST) Score Data:

  • Automatically calculated MST Score based on your health measurements
  • Historical MST Score trends and analysis
  • Progress tracking data

User-Generated Content:

  • Progress photos you voluntarily upload
  • Recipe photos and descriptions
  • Posts, comments, and messages shared in theClub community
  • Any other health-related information you choose to share

Legal Basis for Processing Health Data: We process your health data based on your explicit consent under Article 9(2)(a) UK GDPR. When you create an account and begin using the health tracking features of the Clubwell app, you will be asked to provide clear, informed consent for us to collect and process your health data. You may withdraw this consent at any time through your account settings or by contacting appsupport@clubwell.com.

3.3 Medical Device Information

When you purchase and use our medical devices, we collect:

  • Device serial numbers and identifiers
  • Device connection status (Bluetooth pairing)
  • Measurement timestamps

Our Medical Devices:

  • MST Monitor (Class IIa medical device)
  • Other Health Results branded devices (Class I and IIa)

Important Note: While we sell medical devices manufactured by Health Results, Health Results does not have access to any of your personal health data collected through the Clubwell app. We are the sole data controller for all health information you provide.

3.4 Payment and Financial Information

When you make a purchase:

  • Payment card information (processed securely by Stripe or PayPal - we do not store complete card numbers)
  • Billing address
  • Transaction history
  • Order details (items purchased, dates, amounts)
  • Refund and return information

3.5 Technical and Usage Information

When you use our Services, we automatically collect:

  • IP address
  • Device type and identifiers (phone model, operating system)
  • Browser type and version
  • Mobile app version
  • Pages visited and features used
  • Time and date of visits
  • Referring website addresses
  • App crashes and technical errors (via Firebase Crashlytics)
  • Location data (country-level, derived from IP address)

3.6 Communication Data

  • Customer support inquiries and responses
  • Emails and messages you send us
  • Survey responses and feedback
  • Marketing preference choices

3.7 Community and Social Data ("theClub")

If you participate in theClub community features:

  • Username and profile information (visible to other users)
  • Photos you upload (please note: photos may include metadata such as the date, time, and location where the photo was taken. We recommend reviewing your device’s camera settings if you wish to disable location tagging)
  • Posts, comments, and replies
  • Recipes and cooking tips you share
  • Direct messages with other users (processed via CometChat)
  • Reactions and engagement with other users' content
  • Report and moderation data

4. How We Collect Your Information

We collect personal information through the following methods:

4.1 Directly From You

  • When you create an account
  • When you make a purchase
  • When you manually enter health measurements into the app
  • When you upload photos or post content
  • When you contact customer support
  • When you subscribe to marketing communications
  • When you participate in surveys or promotions

4.2 Automatically Through Technology

  • Through cookies and similar tracking technologies on our website
  • Through the Clubwell mobile app when installed on your device
  • Via Google Analytics and Firebase Analytics
  • Through error tracking via Firebase Crashlytics

We may use server-side tracking technologies (including Meta Conversions API and TikTok Events API) to transmit event data (such as purchases or page views) directly from our servers to advertising partners to improve measurement accuracy. We use CustomerLabs, a server‑side tracking platform, to collect certain website and app events, such as page views, add-to-cart actions, and purchases. This data is securely transmitted to our advertising and analytics partners (such as Meta and Google) for measurement, attribution, and optimisation purposes. Server-side tracking is subject to your consent where required by law. Where required by law, such server-side advertising event data is transmitted only where you have provided consent to marketing and advertising cookies.

4.3 From Connected Devices

  • Via Bluetooth connection from MST Monitor and Biometric Scales
  • Measurements are transmitted securely and encrypted during transfer

4.4 From Third-Party Service Providers

  • Shopify (website platform and e-commerce data)
  • Stripe and PayPal (payment confirmation data)
  • Marketing and analytics partners (see Section 6)

5. How We Use Your Information

We use your personal information for the following purposes:

5.1 To Provide Core Services (Legal Basis: Contract Performance)

  • Create and manage your Clubwell account
  • Calculate and display your MST Score
  • Enable health tracking and progress monitoring
  • Process purchases and deliver products
  • Provide customer support
  • Enable participation in theClub community
  • Send transactional communications (order confirmations, shipping updates, account notifications)

5.2 For Health and Wellness Features (Legal Basis: Explicit Consent)

  • Generate personalised health insights based on your measurements
  • Track trends in your health data over time
  • Provide recommendations tailored to your health goals
  • Enable comparison of your progress with your historical data

Medical Disclaimer: The MST Score, personalised health insights, and recommendations we provide are for informational and wellness purposes only. They do not constitute medical advice, diagnosis, or treatment. The MST Score is calculated automatically using an algorithm based on your health measurements. While this is automated processing, it does not constitute automated decision-making that produces legal effects or similarly significantly affects you. Always consult qualified healthcare professionals before making medical decisions or changes to your health regimen.

5.3 For Product Improvement (Legal Basis: Legitimate Interests)

  • Analyse usage patterns to improve app functionality
  • Identify and fix technical issues and bugs
  • Develop new features and services
  • Conduct internal research and analytics
  • Ensure security and prevent fraud

5.4 For Marketing and Communications (Legal Basis: Consent or Legitimate Interests)

  • Send promotional emails about products, offers, and exclusive content
  • Provide personalised product recommendations
  • Show you targeted advertisements on third-party platforms
  • Conduct retargeting campaigns based on your browsing behaviour
  • Enable affiliate marketing partnerships

You can opt out of marketing communications at any time by clicking the "unsubscribe" link in any marketing email or by updating your preferences in your account settings. Note that you will still receive essential transactional emails related to your purchases and account. The use of marketing and advertising cookies for behavioural advertising is based on your consent (where required by law).

Health data collected from connected medical devices and health measurements you manually enter is NOT used for marketing purposes or transferred to third parties for marketing and advertising. This includes your blood glucose levels, blood pressure readings, body composition measurements, and MST Score. We may use non-health information (such as your name, email address, purchase history, and app usage patterns) for marketing purposes as described above.

5.5 For Legal and Regulatory Compliance (Legal Basis: Legal Obligation)

  • Comply with UK GDPR and Data Protection Act 2018
  • Comply with MHRA medical device regulations
  • Respond to legal requests and court orders
  • Protect against fraud, abuse, and security threats
  • Enforce our Terms of Service
  • Maintain records as required by law

6. How We Share Your Information

We share your personal information only in the following circumstances:

6.1 With Essential Service Providers (Data Processors)

We work with trusted third-party companies that process data on our behalf under strict contractual obligations. All processors are required to:

  • Process data only according to our instructions
  • Maintain appropriate security measures
  • Comply with UK GDPR requirements
  • Sign Data Processing Agreements (DPAs)

Categories of Service Providers:

Infrastructure and Hosting Providers:

·       What they do: Host our website, mobile app, and databases; provide content delivery networks for photos and media

·       Data they receive: Account information, health data, user-generated content, technical data

·       Location: UK-based servers with UK data residency; some content replicated in EU (Frankfurt) for performance

·       Why we use them: To provide fast, secure, and reliable access to the Services

E-commerce and Payment Processors:

·       What they do: Power our online store, process payments securely, manage transactions

·       Data they receive: Names, email addresses, billing/shipping addresses, order history, subscription details; payment card information is processed directly by payment processors and never stored by Clubwell

·       Specifically: We use Shopify for e-commerce, Stripe and PayPal for payment processing, and Recharge to manage subscriptions, recurring billing, discount logic, and customer subscription accounts.

·       Why we disclose: These platforms are user-facing and visible during checkout; they are essential for purchasing products

·       Health data: Payment processors do NOT receive your health measurements or MST Score data

E-commerce Platform (Shopify):

We use Shopify to power our online store. Shopify processes your purchase data both as a Data Processor (on our behalf) and as a Data Controller (for their own purposes).

Data Shopify receives: Name, email address, billing/shipping addresses, order history, payment confirmation data, browsing activity, device information, IP address.

Shopify as Data Controller: Through the Shop channel and Shop Pay, Shopify independently processes your data to:

·       Enable order tracking in the Shop app

·      Provide product recommendations across Shopify's merchant network

·       Improve checkout experiences across all Shopify stores

Shopify's processing as a Data Controller is governed by their Consumer Privacy Policy: https://www.shopify.com/legal/privacy

Data Protection: We have a Data Processing Agreement with Shopify ensuring UK GDPR compliance for data they process on our behalf.

International transfers: Shopify is based in Canada (which has UK adequacy status) but may process data in the US under Standard Contractual Clauses.

Marketing and Communications Platforms:

·       What they do: Send promotional emails, manage email campaigns, measure marketing effectiveness, create marketing content, customer data analytics

·       Data they receive: Names, email addresses, purchase history, marketing preferences, publicly shared content from theClub community

·       Health data: Marketing platforms do NOT receive your private health measurements, blood test results, or MST Score data

·       Why we use them: To keep you informed about new products, features, and health tips relevant to your interests

Advertising Platforms:

·       Who we use: We use third-party advertising platforms including Meta Platforms (including Facebook and Instagram), TikTok Inc., and Shopify Audiences and Shop

·       Data they receive: Device identifiers, Cookie data, IP address, Website browsing activity, Purchase events, Hashed contact identifiers (where applicable)

·       Health data: Advertising platforms do NOT receive your private health measurements, blood test results, or MST Score data

·       Why we use them: These technologies allow us to measure advertising effectiveness, perform conversion tracking, conduct retargeting campaigns, and build custom and lookalike audiences

CustomerLabs

·       Who they are: We use CustomerLabs as a server-side data processor. CustomerLabs processes event and analytics data on our behalf according to our instructions and applicable privacy laws

·       Why we use them: This allows us to securely transmit data to our advertising and analytics partners for tracking and reporting

Analytics and Performance Monitoring:

·       What they do: Track website and app usage, measure feature effectiveness, identify technical issues and crashes, monitor performance

·       Data they receive: Device information, usage patterns, session data, crash logs, anonymised behaviour data

·       Specifically: We use Google Analytics for website analytics and Firebase for mobile app analytics and crash reporting

·       Why we disclose: These are industry-standard tools; Google Analytics is visible in your browser's developer tools

·       Why we use them: To understand how users interact with our Services and identify areas for improvement

Community and Communication Tools:

·       What they do: Enable messaging and community features within theClub, facilitate user-to-user communication

·       Data they receive: Usernames, profile photos, messages, posts, comments, photos/videos shared in community

·       Why we use them: To provide social features and peer support within the app

Customer Support and Engagement:

·       What they do: Provide helpdesk systems, chatbot services, ticketing systems for customer inquiries

·       Data they receive: Contact information, support conversation history, technical issues reported

·       Why we use them: To respond to your questions and resolve issues efficiently

Content Moderation Services:

·       What they do: Automated AI screening of user-generated content in theClub to identify prohibited content

·       Data they receive: Public posts, comments, images shared in community forums

·       Why we use them: To maintain a safe, respectful community environment

Business and Professional Services:

·       What they do: Provide legal, accounting, auditing, consulting, and compliance services

·       Data they receive: Limited personal data as necessary for specific professional services

·       Why we use them: To meet legal obligations, conduct audits, and receive professional advice

Inventory and Operations Management:

·       What they do: Manage product inventory, order fulfilment tracking, business operations

·       Data they receive: Customer names, email addresses, shipping addresses, order details

·       Why we use them: To ensure accurate stock levels and efficient order processing

·       Health data: Inventory systems do NOT receive your health measurements or MST Score data

AI Assistants and Productivity Tools:

·       What they do: Provide AI-powered assistants that connect to our business systems (such as our Shopify store) to help our team query data, draft communications, analyse orders, and perform operational tasks more efficiently

·       Data they receive: Depending on the queries our team runs, this may include customer names, email addresses, shipping and billing addresses, order history, product information, and marketing analytics

·       Specifically: We use Anthropic's Claude, connected to our Shopify store via the Model Context Protocol (MCP). Anthropic processes data submitted through this connection on our behalf under their Commercial Terms of Service and incorporated Data Processing Addendum, and does not use this data to train its models

·       Why we use them: To improve operational efficiency, customer support response times, and business analysis

·       Health data: AI assistants do NOT receive your health measurements, blood test results, MST Score, or any data from the Clubwell app. Their access is limited to our e-commerce systems

6.2 When Required by Law

We may disclose your information:

  • To comply with legal obligations and regulatory requirements
  • In response to valid requests from law enforcement or government authorities
  • To protect the rights, property, or safety of Clubwell, our users, or others
  • To enforce our Terms of Service
  • In connection with legal proceedings or investigations

6.3 Business Transfers

If Clubwell is involved in a merger, acquisition, asset sale, or bankruptcy, your information may be transferred to the acquiring entity. We will notify you via email and/or prominent notice in the app before your information is transferred and becomes subject to a different privacy policy.

6.4 With Your Consent

We may share your information with third parties when you explicitly direct us to do so or provide clear consent.

6.5 Aggregated and De-Identified Data

We may share de-identified data for research, marketing, or other business purposes. This de-identified data cannot reasonably identify you individually.

6.6 With Research Partners

We may share anonymised, aggregated data with research partners for:

·       Health and nutrition research

·       Product improvement studies

·       Academic research collaborations

·       Industry surveys and benchmarking

Data shared: De-identified, aggregated statistics that cannot identify you individually

We do NOT share: Your individual identifiable health data with research partners without your separate explicit consent

While Clubwell does not expressly 'sell' information to others, certain uses of cookies on our website to collect, use, and disclose information may constitute 'sales' or 'sharing' of personal information or the use of personal information for 'targeted advertising' purposes under applicable privacy laws. We do not sell your identifiable health measurements, blood test results, or MST Score data to third parties.

7. International Data Transfers

Your personal information is processed and stored within the United Kingdom. In limited circumstances, we may transfer data to service providers located in other countries:

European Economic Area (EEA): We transfer data to EU/EEA countries (e.g., Bunny CDN's Frankfurt servers) which are recognised as providing adequate data protection.

United States: Some service providers are based in the US (Shopify, Stripe, Klaviyo, Google, Recharge, Anthropic). These transfers are protected by:

  • EU Standard Contractual Clauses (SCCs) approved by the European Commission
  • UK International Data Transfer Addendum where required
  • Additional contractual safeguards ensuring UK GDPR compliance

All international transfers comply with UK GDPR requirements and include appropriate safeguards to protect your data.

Shopify Inc., based in Canada with adequacy status, may process in US under Standard Contractual Clauses.

Advertising and tracking providers including Meta, TikTok, and CustomerLabs may process data in the United States under appropriate safeguards such as Standard Contractual Clauses.

Please note that while outside of the United Kingdom, your personal information will be subject to applicable local laws, which might permit foreign governments, courts, law enforcement, or regulatory agencies to access your information in certain circumstances

8. Data Security

We implement appropriate technical and organisational measures to protect your personal information against unauthorised access, alteration, disclosure, or destruction.

8.1 Technical Security Measures

  • Encryption in transit: All data transmitted between your device and our servers uses TLS/SSL encryption
  • Secure authentication: Password-protected accounts with secure login processes
  • Bluetooth security: Medical device connections use secure Bluetooth protocols
  • Access controls: Role-based access restrictions limiting who can view your data
  • Regular security updates: Ongoing monitoring and patching of security vulnerabilities
  • Backup systems: Regular secure backups with 30-day retention

8.2 Organisational Security Measures

  • Data Processing Agreements: Binding contracts with all service providers
  • Staff training: Regular data protection and security training for employees
  • Limited access: Only authorised personnel have access to personal data
  • Audit logging: Tracking of data access and modifications
  • Incident response plan: Procedures for handling potential data breaches

8.3 Your Responsibilities

Please help us keep your data secure:

  • Choose a strong, unique password for your Clubwell account
  • Do not share your login credentials with anyone
  • Log out of your account on shared devices
  • Keep your device and app updated with the latest security patches
  • Report any suspicious activity to privacy@clubwell.com immediately

Important: No method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your personal information, we cannot guarantee absolute security.

9. Data Breach Notification

In the unlikely event of a data breach that poses a risk to your rights and freedoms:

  • We will notify the ICO within 72 hours of becoming aware of the breach
  • We will notify you directly without undue delay if the breach poses a high risk to you
  • Our notification will include the nature of the breach, likely consequences, and measures taken to address it

If you suspect unauthorised access to your account, contact us immediately at privacy@clubwell.com.

10. Data Retention

We retain your personal information only for as long as necessary to fulfil the purposes described in this Privacy Policy, unless a longer retention period is required by law.

10.1 Active Users

  • Account information: Retained while your account is active
  • Health data: Retained while your account is active and for legitimate business purposes
  • Transaction records: Retained for 7 years as required by UK tax law

10.2 Inactive Users

  • We retain your account and associated data indefinitely. You may delete your account at any time
  • Transaction records will be retained separately as required by law

10.3 Account Deletion

When you delete your account:

  • Your identifiable personal data will be permanently deleted
  • We may retain de-identified data that cannot reasonably be used to identify you. We will not attempt to re-identify this information except as required or permitted by law
  • Back-up copies may assist for up to 30 days before deletion

10.4 Marketing Data

  • If you opt out of marketing: Your email address is retained on a suppression list to ensure we don't contact you again
  • If you wish to have your email address completely removed from our systems (including the suppression list), email privacy@clubwell.com with “Delete my email” in the subject line. We will delete your email within 30 days

11. Your Data Protection Rights

Under UK GDPR, you have the following rights regarding your personal information:

11.1 Right to Access (Subject Access Request)

You have the right to request a copy of the personal information we hold about you. We will provide this information in a commonly used electronic format within 30 days of your request.

To request access: Email privacy@clubwell.com with "Subject Access Request" in the subject line. We may ask for identification to verify your identity.

11.2 Right to Rectification

You have the right to request correction of inaccurate or incomplete personal information. You can update most information directly in your account settings, or contact us at privacy@clubwell.com.

11.3 Right to Erasure ("Right to be Forgotten")

You have the right to request deletion of your personal information in certain circumstances:

  • The data is no longer necessary for the purposes for which it was collected
  • You withdraw consent (where consent was the legal basis)
  • You object to processing and there are no overriding legitimate grounds
  • The data has been unlawfully processed
  • Deletion is required to comply with a legal obligation

To request deletion: Use the "Delete Account" option in app settings or email appsupport@clubwell.com.

Note: We may retain certain information where we have a legal obligation or legitimate interest (e.g., fraud prevention, legal disputes).

11.4 Right to Restriction of Processing

You have the right to request that we limit how we use your information in certain situations:

  • You contest the accuracy of the data
  • Processing is unlawful but you don't want it erased
  • We no longer need the data but you need it for legal claims
  • You have objected to processing pending verification of legitimate grounds

11.5 Right to Data Portability

You have the right to receive your personal information in a structured, commonly used, machine-readable format (e.g., CSV file) and to transmit it to another service provider where technically feasible.

This applies to:

  • Information you provided to us
  • Processing based on consent or contract
  • Processing carried out by automated means

11.6 Right to Object

You have the right to object to processing based on legitimate interests or for direct marketing purposes:

  • Marketing: Opt out via the unsubscribe link in emails or update preferences in your account
  • Legitimate interests: Contact privacy@clubwell.com explaining your objection. We will stop processing unless we can demonstrate compelling legitimate grounds that override your interests.

11.7 Right to Withdraw Consent

Where we process your health data based on consent, you have the right to withdraw that consent at any time. This will not affect the lawfulness of processing before withdrawal.

To withdraw consent: Go to Account > Health Tracking > Continue without health tracking or email appsupport@clubwell.com.

Effect of withdrawal: If you withdraw consent for health data processing, we will no longer be able to calculate your MST Score or provide personalised health tracking features.

11.8 Automated Decision-Making Rights

The MST Score is calculated automatically using an algorithm based on your health measurements. While this is automated processing, it does not constitute automated decision-making that produces legal effects or similarly significantly affects you. The MST Score is provided for informational and wellness purposes only and is not used to make decisions about you without human involvement.

If you have concerns about how your MST Score is calculated, please contact appsupport@clubwell.com.

11.9 How to Exercise Your Rights

Email: privacy@clubwell.com
Subject line: Include the specific right you wish to exercise (e.g., "Subject Access Request")
Response time: We will respond within 30 days (1 month) of receiving your request
Verification: We may request identification to verify your identity before processing requests
Free of charge: Exercising your rights is free unless requests are manifestly unfounded or excessive

Authorised representatives: You may appoint someone to act on your behalf. We will require proof of authorisation before processing their request.

12. Children's Privacy

The Clubwell app and Services are not intended for use by children under the age of 16. We do not knowingly collect personal information from children under 16. We implement reasonable measures to prevent individuals under 16 years of age from creating an account, including requiring date of birth during registration. However, we cannot guarantee that minors will not gain access to our Services by falsifying their age.

If you are under 16, please do not:

  • Create a Clubwell account
  • Use the Clubwell app
  • Provide any personal information to us
  • Use our medical devices

If you are a parent or guardian and believe your child under 16 has provided us with personal information, please contact us immediately at privacy@clubwell.com. We will delete such information promptly.

Medical devices warning: Our medical devices are designed for adult use only. Do not use on children without consulting a healthcare professional.

13. theClub Community Features

13.1 Public Content

When you post content in theClub community (photos, recipes, comments, messages):

  • Your username and profile photo will be visible to other Clubwell users
  • Your posts and comments will be visible to all members of theClub
  • Other users may reply to, react to, or share your content within the community
  • Content you share is subject to our Community Guidelines

Privacy tip: Do not share personally identifiable information (full name, address, phone number, email) in public posts.

13.2 Direct Messaging

  • Direct messages are private between you and the recipient(s)
  • Messages are processed via CometChat under a Data Processing Agreement
  • We do not read your private messages except as necessary for moderation, security, or legal compliance

13.3 Content Moderation

  • All public content in theClub is subject to automated AI moderation
  • Our moderation team reviews flagged content
  • We reserve the right to remove content that violates our Community Guidelines
  • Repeated violations may result in account suspension or termination

13.4 Reporting and Blocking

  • You can report inappropriate content or users via the Report button
  • You can block users to prevent them from contacting you or seeing your content
  • Reports are reviewed by our moderation team within 24 hours
  • Contact report@clubwell.com for urgent safety concerns

13.5 Content Ownership and Use

  • You retain ownership of content you post
  • By posting, you grant Clubwell a non-exclusive license to display, distribute, and promote your content within the Services
  • We may use your public posts (with attribution to your username) in marketing materials or on social media
  • You can delete your posts at any time (except where legal preservation is required)

14. Cookies and Tracking Technologies

14.1 What Are Cookies?

Cookies are small text files stored on your device when you visit our website or use our app. They help us provide and improve our Services.

14.2 Types of Cookies We Use

Strictly Necessary Cookies:

  • Essential for the website and app to function
  • Enable core features like account login and shopping cart
  • Cannot be disabled without affecting functionality

Performance and Analytics Cookies:

  • Google Analytics: Tracks how visitors use our website (anonymised data)
  • Firebase Analytics: Monitors app usage and performance
  • Helps us improve user experience and identify technical issues

Marketing and Advertising Cookies:

We use advertising and marketing technologies provided by:

  • ·       Meta Platforms, Inc. (Facebook and Instagram)

·       TikTok Inc.

·       Shopify (including Shop and Shopify Audiences)

These technologies include:

·       Meta Pixel

·       Meta Conversions API

·       TikTok Pixel

·       TikTok Events API

·       Shopify tracking technologies

These tools collect information such as:

·       IP address

·       Device identifiers

·       Browser information

·       Pages viewed

·       Products viewed

·       Items added to cart

·       Purchases

·       Referring URLs

·       Interaction with advertisements

We may also share limited identifiers such as your email address or phone number in hashed format with advertising partners to:

·       Measure ad performance

·       Create custom audiences

·       Create lookalike audiences

·       Deliver personalised advertisements

·       Improve advertising effectiveness

In addition to browser-based cookies, we use server-side tracking through CustomerLabs to collect and transmit certain events for analytics and advertising purposes. Where required by law, this data is only sent after you have given consent via our cookie consent tool. This ensures that your preferences for marketing and advertising tracking are respected.

Health data (including blood glucose, blood pressure, MST Score, and other medical measurements) is never shared for advertising purposes.

For users located in the United Kingdom and European Economic Area, marketing and advertising cookies are only placed on your device where you have provided consent through our cookie banner. You may withdraw your consent at any time via your cookie settings.

Functionality Cookies:

  • Remember your preferences and settings
  • Store items in your cart between sessions
  • Remember your login status

14.3 Third-Party Cookies

Some cookies are placed by third-party services:

  • Shopify: E-commerce, checkout, and Shop channel functionality (see Shopify's privacy policy for their cookie usage)
  • Stripe/PayPal: Payment processing

These third parties have their own privacy policies governing their use of your information.

14.4 Managing Cookies

Browser settings: Most browsers allow you to:

  • View and delete cookies
  • Block all cookies
  • Block third-party cookies
  • Set preferences for specific websites

Note: Disabling cookies may affect functionality and limit your ability to use certain features.

14.5 Mobile App Tracking

The Clubwell app collects:

  • App usage data
  • Crash reports and diagnostics

14.6 Cookie-Based Data Sharing

Certain uses of Functional Cookies and Targeted Advertising Cookies on our website may constitute 'sales' or 'sharing' of personal information under some privacy laws. You can manage your cookie preferences and opt out of this data sharing by adjusting your cookie settings in your browser or cookie banner,

15. Third-Party Websites and Links

Our Services may contain links to third-party websites, products, or services not operated by Clubwell:

  • Social media platforms
  • Partner websites
  • Educational resources
  • Product manufacturer websites

We are not responsible for:

  • The privacy practices of these third-party sites
  • The content or accuracy of information on external sites
  • Any data you provide to third parties

We recommend reviewing the privacy policy of any third-party site before providing personal information. Our inclusion of links does not imply endorsement.

16. Marketing Communications

16.1 What We Send

We may send you:

  • Promotional emails: Product launches, special offers, exclusive content, health tips
  • Retargeting ads: Personalised advertisements on Facebook, Instagram, and Google based on your browsing behaviour
  • Affiliate marketing: Communications from carefully selected partners (you can opt out)

16.2 Legal Basis

  • Existing customers: Legitimate interest (soft opt-in) for similar products
  • New subscribers: Explicit consent via email signup
  • Always: Clear opt-out mechanism in every marketing email

16.3 How to Opt Out

  • Email: Click "Unsubscribe" at the bottom of any marketing email
  • Contact us: Email support@clubwell.com

Effect of opting out:

  • You will stop receiving promotional emails
  • You will continue to receive transactional emails (order confirmations, account updates, security alerts)
  • Your preferences will be updated within 48 hours

16.4 Transactional vs. Marketing Emails

Transactional (cannot opt out):

  • Order confirmations and shipping notifications
  • Password resets and security alerts
  • Account changes and billing notifications
  • Critical app updates affecting functionality

Marketing (can opt out):

  • Product recommendations and promotions
  • Newsletter and health tips
  • Surveys and feedback requests
  • Event invitations

17. US State Privacy Rights

If you are a resident of California or another U.S. state with applicable privacy laws, you may have the right to:

·       Access the personal information we hold about you

·       Request correction of inaccurate information

·       Request deletion of your personal information

·       Receive a portable copy of your data

To exercise these rights, please contact privacy@clubwell.com.

You may designate an authorised agent to submit requests on your behalf.

18. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect:

  • Changes to our data processing practices
  • New features or services
  • Legal or regulatory requirements
  • Feedback from users or regulators

18.1 How We Notify You of Changes

Material changes:

  • Email notification to your registered email address
  • Prominent notice in the app for 30 days
  • Request for renewed consent where required by law

Minor changes:

  • Updated "Last Updated" date at the top of this policy
  • Notice on website and in app

18.2 Your Continued Use

Continued use of our Services after changes become effective constitutes acceptance of the updated Privacy Policy. If you do not agree to changes, you should stop using the Services and may delete your account.

18.3 Version History

We maintain previous versions of this Privacy Policy for reference. Contact privacy@clubwell.com to request historical versions.

19. Contact Us and Complaints

19.1 General Inquiries

For any questions about this Privacy Policy or our data practices:

Email: privacy@clubwell.com
Post: Clubwell Ltd, 2D Eagle Road, Redditch, England, B98 9HF, United Kingdom
Customer Support: support@clubwell.com

Response time: We aim to respond to all privacy inquiries within 5 business days.

19.2 Complaints Procedure

If you are unhappy with how we have handled your personal information:

Step 1: Contact us at privacy@clubwell.com with details of your complaint. We will investigate and respond within 30 days.

Step 2: If you are not satisfied with our response, you have the right to complain to the supervisory authority:

Information Commissioner's Office (ICO)
Website: https://ico.org.uk/make-a-complaint/
Phone: 0303 123 1113
Post: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

19.3 Right to Appeal

If we decline your request to exercise data protection rights, you have the right to appeal our decision. Contact privacy@clubwell.com with "Appeal" in the subject line, explaining why you believe our decision was incorrect. We will review your appeal and respond within 30 days.

20. Definitions

Personal Information: Information that identifies or can reasonably be linked to you as an individual.

Special Category Data: Sensitive personal data including health information, which receives enhanced protection under UK GDPR.

Data Controller: The entity that determines how and why personal data is processed (Clubwell Ltd).

Data Processor: A third party that processes personal data on behalf of the controller (our service providers).

Data Subject: The individual to whom personal data relates (you).

Processing: Any operation performed on personal data, including collection, storage, use, sharing, and deletion.

MST Score: Metabolic Sugar Tolerance Score - a proprietary health metric calculated from your blood glucose, blood pressure, lipids, and body measurements.

theClub: Clubwell's in-app community feature where users can share content, recipes, and support with other members.

21. Legal Basis Summary

For transparency, here is a summary of our legal bases for processing your personal information:

Data Type

Legal Basis

Purpose

Account information

Contract

To provide Services you requested

Payment information

Contract

To process transactions

Health data & MST calculations

Explicit Consent

To provide health tracking features

Usage analytics

Legitimate Interests

To improve Services and fix bugs

Marketing emails (existing customers)

Legitimate Interests

To promote similar products

Marketing emails (new subscribers)

Consent

To send promotional communications

Transaction records

Legal Obligation

To comply with tax and accounting laws

Community content

Contract

To enable participation in theClub

Device security logs

Legitimate Interests

To prevent fraud and maintain security

Technical and Usage Information

Legitimate Interests

To operate services, improve functionality, security

Communication Data

Contract / Legitimate Interest

To provide customer support

Customer/order data processed via AI assistants

Legitimate Interests

To improve operational efficiency and customer support

Consent to Health Data Processing

By creating a Clubwell account and using health tracking features, you provide explicit consent for Clubwell to:

  • Collect health and biometric data described in Section 3.2
  • Calculate and display your MST Score
  • Store and process your health data to provide personalised tracking
  • Analyse trends in your health measurements over time

You understand that:

  • Provision of health data is voluntary
  • You may withdraw consent at any time (with effect of disabling health features)
  • Withdrawal of consent does not affect the lawfulness of processing before withdrawal
  • Health data will not be sold or shared with third parties except as described in this policy

Your privacy matters to us. Thank you for trusting Clubwell with your health journey.