Do Health
What we measure
Why we exist
The four pillars

Privacy Policy

Menwell is on a mission to become the go-to global platform for online health. Through the Do Health website (our “Site”) and the Do Health app (our “App”) we provide people with easy access to recommendations to help them make proactive decisions about their lifestyle and wellbeing.

We understand that lengthy legal documents are no fun. However, we ask that you read this Privacy Notice (“Notice”) carefully as it contains important information including who we are, how and why we collect, store, use and share personal information, your rights in relation to your personal information, and how to contact us or the supervisory authority in the event you have a complaint.

What does this Privacy Policy cover?

This Notice covers any personal information we might collect from you or which we have obtained about you from a third party: (1) when you use our Site and/or App; (2) when you register an account with us, (3) when you purchase our products or services, (4) when you interact with our social media channels, (5) when you provide feedback, take part in market research or user testing, or provide customer testimonials, (6) where you provide services to us as a Supplier, or (7) where you have requested to receive information about our products and services.

Our Site, App, products and services are not intended for individuals under the age of 18, and we do not knowingly collect data relating to children.

If you do not agree with the contents of this Notice, you should not sign-up for an account, purchase products or services, or otherwise submit information to us.

Who collects information about you?

Menwell Limited is responsible for the personal information it collects, stores, uses and shares. When we do so we are responsible as a ‘controller’ of that personal information. When we refer to “Menwell”, “we”, “our”, “us” or “the Company” in this Notice we are referring to Menwell Limited (company number 11476975) acting as the controller for the Do Health brand. This Notice applies only to the Do Health brand, the Do Health website, the Do Health app and related Do Health services. Other Menwell brands may publish separate privacy notices. For details of how to get in touch, please see the “Contact Us” Section of this Notice.

Useful Terms

In this Privacy Policy:

“Customer” means individuals who register an account with Do Health who may or may not purchase products or services from us.

“App Users” means individuals who use our App. App Users may include Customers.

“Website Visitors” means individuals who visit our Site. Website Visitors may include Customers.

“Suppliers” means those external vendors and suppliers that provide products and/or services to Menwell.

“Personal information” or “personal data” means any information about an individual from which that person can be directly or indirectly identified. It does not include data where the identity has been removed (i.e. anonymous data).
What personal information do we collect?

We may collect, use, store and transfer different kinds of personal information about you which we have grouped together as follows:

“Identity Data” such as your first name, last name, username, password, date of birth, user or device identifiers, job title and company.

“Contact Data” such as your email address, home address, business address, telephone number, and professional and/or social network contact details.

“Financial Data” which may include (i) credit card and/ or billing information so that we can take payment from you and verify your location and address details, (ii) your bank details so that we can pay for the services you provide to us (if this is part of the contractual arrangements between us).

“Transaction Data” such as information about payments and details of purchases you have made. 

“Technical Data” such as your internet protocol (IP) address, browser type and version, time zone setting and location, referral sources, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access the Site and/or App.

“Usage Data” which may include information about how you use our Site and/or App (for example, information on the pages you have visited, the length of your visit, and actions taken), or social media channels.

“Audio/Visual Data” including your image and/or voice.

“Assessment Data” which may include information provided in response to questionnaires on the Site and/or App. In certain circumstances, Assessment Data may include Health Data.

“Feedback Data” which may include any feedback you provide to Menwell when you take part in user testing or market research, or when you agree to provide customer testimonials. Depending on the feedback you provide, Feedback Data may include Health Data.

“Marketing and Communications Data” including your preferences in receiving marketing or other communications from us.

“Health Data” means information about your health. This includes blood test results (provided to us by our testing partners where you attend a testing partner clinic for sample collection and analysis) and medical history information you choose to share with us via your account and health profile.

“Chat Data” means in-app chat messages, image attachments shared in chat and conversation history.

“Account Context Data” means your country and language preferences as derived from your account setup and service configuration.

How will we use your personal information?

Customers

When you create a user account with Do Health, we will collect your Identity Data, Contact Data and Health Data. To manage and administer your account we will process your Identity Data, Contact Data, Technical Data, Usage Data, Transaction Data, Financial Data, Assessment Data, Health Data, Audio/Visual Data and Marketing and Communications Data. 

We may process and share some of your data in an anonymised form with third parties for clinical research purposes, including to improve our services, and to contribute to a greater public understanding of how to make lifestyle and wellbeing services more engaging and effective. We will not provide third party researchers with data that identifies you personally, unless you have provided explicit, informed consent to this or there is legal justification to provide this information.

If you agree to take part in market research or user testing, provide a customer testimonial for use on our Site and/or App or in other promotional material, or otherwise provide feedback to Menwell, we may process your Identity Data, Contact Data, Transaction Data, Audio/Visual Data and Feedback Data.

If you sign up to our mailing list, or during the checkout process, you tick the box to receive information on freebies, product discounts and special offers, we will use your Contact Data and Marketing and Communications Data to send you information about our products and services in accordance with your marketing preferences.

We may also use your Contact Data and Marketing and Communications Data to deliver advertisements via social media channels (including Facebook, Twitter, Instagram, and Tik Tok), in accordance with your marketing preferences. When you interact with our channels, the relevant social media company will also process your personal data as joint controllers. For more information we would encourage you to review the privacy notices published by the relevant social media company.

As a Customer, we may also use:

  • Your Identity Data, Contact Data and Transaction Data to administer and manage our relationship with you, such as responding to communications.
  • Your Contact Data to send transactional and service messages in relation to your account.
  • Your Identity Data, Contact Data, Transaction Data, Financial Data, Audio/Visual Data and Assessment Data to provide customer service and support.
  • Your Identity Data, Contact Data, Transaction Data, Assessment Data, Usage Data and Technical Data to help us detect and fix technical problems and to maintain the Site and/or App.
  • Your Identity Data, Contact Data, Transaction Data, Assessment Data, Audio/Visual Data, Usage Data and Technical Data to analyse, assess and improve the Site and/or App and the product and service offerings.
  • Your Identity Data, Contact Data, Transaction Data, Technical Data, Usage Data, Audio/Visual Data, Feedback Data and Assessment Data for the day-to-day running of our business (for example, administering and maintain a centralised data warehouse, data back-up and recovery, obtaining appropriate insurance policies etc.).
  • Any of the categories of personal data listed above as necessary to comply with legal or regulatory requirements or to help us establish, exercise or defend legal claims.

Use of Artificial Intelligence (AI) Features 

To power key features within our Site and/or App, we use secure AI systems provided by trusted partners. These systems help us analyse the information you choose to share so that we can provide personalised support, insights, and service functionality.

Where you use features that incorporate AI functionality, we process certain categories of personal data. This section explains what data we collect, how we collect it, how it is used, and when it is shared with third-party AI service providers.

We may collect and process the following categories of personal data in connection with AI-enabled features:

  • “Identity and Contact Data” (name, email address, phone number, date of birth). This data is provided directly by you when creating an account and updating your profile.
  • “Health and Assessment Data” (to the extent applicable: profile, goals and progress, medical history). This data is provided directly by you through questionnaires, uploads, and interactions.
  • “Chat Data” (chat messages, including timestamps, conversation history and image attachments shared in chat). We collect this data when you interact with our AI chat assistant.
  • “Audio/Visual Data” (photos and voice recordings). We collect this data when you voluntarily upload photos or record audio within our Site and/or App.
  • “Transaction and Financial Data” (subscription status and other e-commerce data). We collect this data when you manage subscriptions or use wallet features within the Site and/or App.
  • “Account Context Data” (country and language preferences). This data is derived from your account setup and service configuration.

Your personal data may be used by AI for the following in-app features:

  • Chat assistant: Our AI-powered chat assistant provides instant, tailored support. When you send a message:
    • Your message is securely processed by AI to generate a response.
    • Messages are shared with our AI providers solely so they can analyse and respond.
  • Personalised Insights and Pattern Analysis: When you interact with any part of the app e.g. to log completions for your weekly plan and share any other kind of feedback.
  • AI may analyse patterns to generate personalised insights and guidance. AI provides insights and supportive guidance. It does not provide medical diagnoses.
  • Voice Mode: If you use audio recording:
    • Your audio recording is processed by AI to convert it into text.
    • The audio is processed by AI to understand what you said and how you said it.

Some AI processing may take place outside the UK or European Economic Area (EEA). Where this occurs, we implement approved legal safeguards, including Standard Contractual Clauses (SCC)s. These safeguards ensure your personal data remains protected to UK GDPR standards.

Your personal data is not used to train AI models. Our AI providers process data solely to provide services to Do Health and do not use your personal data to train or improve their general AI models.

As a condition of creating an account and using the Site and/or App, you are required to acknowledge and accept our use of AI-enabled processing as described in this Privacy Notice.

Website Visitors and App Users

When you visit our Site or use our App, we automatically collect Technical Data and Usage Data about you through our and our technology partners’ use of cookies and similar technologies (for more information about this, please see our Cookie Policy) to deliver relevant Site and/or App content to you, to measure and understand the effectiveness of the content we serve you, to improve our Site and/or App content, marketing and user experience, and to administer and protect the Site and/or App.

If you use the contact address shown on our Site and/or App to get in touch with us, we will collect your Identity Data and Contact Data together with the contents of your message.

Social Media Users

We use social media channels (including Facebook, Twitter, Instagram, and Tik Tok) to advertise Menwell’s products and services. If you follow or otherwise engage with our social media channels, we will collect Usage Data and Technical Data to analyse how users interact with those channels. If you use social media to send us messages or posts, we may use your Contact Data together with the contents of your message to communicate with you. If you engage with advertisements published on social media channels, we may collect your Identity Data, Contact Data and Marketing and Communications Data in accordance with your marketing preferences.

When you interact with our channels, the relevant social media company will also process your personal data for the purposes set out above as joint controllers. For more information we would encourage you to review the privacy notices published by the relevant social media company.

Suppliers

If you are a Supplier, we collect Identity Data, Contact Data, Transaction Data, and Financial Data about you, or individuals at your organisation, in the course of the creation, negotiation and management of contracts and receiving products or services from you.

As a Supplier, we may also use:

  • Your Identity Data, Contact Data, and Transaction Data to store (and update where necessary) your contact details on our database, so that we can contact you in relation to our agreements and the services you provide.
  • Your Identity Data, Contact Data, Transaction Data and Financial Data to administer and manage our business relationship with you and to obtain services from you.
  • Your Identity Data, Contact Data, and Financial Data to comply with legal or regulatory requirements.
  • Any of the categories of personal data listed above as necessary to comply with legal or regulatory requirements or to help us establish, exercise or defend legal claims.

Other Individuals

We may use your Identity Data and Contact Data to invite you to take part in market research, user testing or feedback activities where we consider this relevant to improving our products and services. If you agree to take part in market research or user testing, we may process your Identity Data, Contact Data, Audio/Visual Data and Feedback Data in order to analyse your feedback and identify areas for improvement in the Site and/or App and/or our products and services.

What is our legal basis for processing your personal information?

If you are a Customer:

Where we process your personal information to create, administer and manage your user accounts and fulfil our services to you, this processing is necessary to perform the contract we have entered into with you.

In the event that we process your Health Data for the above purposes, this processing is necessary for the provision of health and social care (wellbeing and lifestyle insights) within the meaning of Article 9(2)(h) of the UK GDPR.

Where we process your personal information to invite you to take part in market research, user testing or feedback activities, we do so on the basis of our legitimate interests in improving our products and services and developing new offerings, and we have balanced these interests against your rights and freedoms.

Where we process your personal information to obtain your feedback for market research, user testing, or customer testimonials, or to send you information about our products and services, we do so on the basis of your consent.

Where we process your Feedback Data, including testimonials, for use in marketing or promotional materials we do so on the basis of your consent.

Where we process your personal information to administer and manage our relationship with you, to send transactional and service messages, to provide customer service and support, to help detect and fix technical problems and to maintain the Site and/or App, to analyse, assess and improve the Site and/or App and the product and service offerings, for the day-to-day running of our business, or to help us establish, exercise or defend legal claims, we consider this is necessary for our legitimate interests and that your interests and fundamental rights do not override those interests.

If we are legally required to process your personal information to comply with legal or regulatory requirements (such as disclosure to a regulator) we do so on the basis of compliance with a legal obligation.

When we process your personal data in connection with AI-enabled features on our Site and/or App, we rely on one or more of the following lawful bases under UK GDPR:

  • Contractual necessity - where processing is necessary to perform our contract with you and provide the services and functionality you request through the Site and/or App.
  • Legitimate interests - where processing is necessary for our legitimate interests in operating, maintaining and improving the Site and/or App and its AI-enabled features, provided those interests are not overridden by your rights and freedoms.
  • Consent - where we ask you to consent to AI-enabled processing (for example, through onboarding disclosures and in-app consent mechanisms).

Some AI-enabled features may involve the processing of Health Data, which is special category data under UK GDPR. Where AI-enabled processing involves Health Data, we rely on:

  • Your explicit consent, obtained during onboarding (and/or through in-app consent mechanisms), to the extent required by law for the relevant processing; and/or
  • The provision of health and social care (wellbeing and lifestyle insights) within the meaning of Article 9(2)(h) of the UK GDPR i.e. the insights we provide are intended to help you take actionable steps to improve or maintain your health.

If you are a Website Visitor:

Where we process your personal information to deliver relevant website content to you, to measure and understand the effectiveness of the content we serve you, to improve our Site content, marketing and user experience, to administer and protect the Site, and to receive, review and respond to messages sent to the contact address on our Site, we consider this is necessary for our legitimate interests and that your interests and fundamental rights do not override those interests.

Where we use cookies to collect personal information for the purposes of data analytics, we do so on the basis of your consent (for more information about this, please see our Cookie Policy).

If you are a social media user:

Where we process your information to analyse engagement with our social media channels and to communicate with you, we consider this is necessary for our legitimate interests and that your interests and fundamental rights do not override those interests.

Where we process your information to send you information about our products and services, we do so on the basis of your consent.

If you are a Supplier:

Where we process your personal information in the course of the creation, negotiation and management of contracts and receiving products or services from you, this processing is necessary to perform the contract we have entered into with you.

We will rely on legal obligation if we are legally required to hold or disclose your personal information to comply with legal or regulatory requirements, such as disclosure to regulators.

Where we process your information to administer and manage our business relationship with you, and for all other purposes listed above, we consider this is necessary for our legitimate interests and that your interests and fundamental rights do not override those interests.

Other individuals:

Where we process your personal information to obtain your feedback for market research or user testing, we do so on the basis of your consent.

How do we collect personal information about you?

We may collect information from the following sources:

Directly from you: This is the information you (or an individual with authority to act on your behalf) has provided to us for the purposes set out in this Notice. It includes any information you provide to us whether by phone, email, web or app form, with our AI chat assistants or otherwise.
Directly from our testing partner: We receive blood test results from our testing partners where you have attended a testing partner clinic for sample collection and analysis. Our testing partners act as our data processor when processing your personal information on our behalf and act on our instructions in accordance with an Article 28 data processing agreement.

Third-party sources: Where you are a Supplier, this will include information about you or your colleagues that is available through publicly available sources, such as professional networking sites (including LinkedIn) and general market research. Information we collect automatically: When you visit our Site and/or App, we collect certain Technical and Usage Data automatically from your device.

Who do we share your personal information with?

We may share and disclose your personal information with the following categories of third parties for the purposes described in this Notice:

Service providers. We use a number of Suppliers who perform functions on our behalf and/or help us in providing the products and services to you, such as cloud-based software providers, online storage providers, web hosting providers, email service providers, web analytics providers and the following AI service providers:

  1. Google via Google Vertex
  2. Anthropic via Google Vertex
  3. OpenAI

Our service providers are required to keep your personal information strictly confidential and are not allowed to use it for any other purpose than to carry out the services they are performing for us. We enter into data processing agreements with all relevant providers to ensure that your personal information is processed in accordance with applicable data protection laws and is subject to appropriate safeguards.

Professional advisors. We may disclose personal information to our professional advisers, such as lawyers, auditors, accountants, and insurers, if necessary, as part of the professional services they are performing.

Business transfers. We may share personal information with third parties to whom we choose to sell, transfer or merge part of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, the new owners may use your personal information in the same way as set out in this Notice. 

Compliance with laws. We may very occasionally be required to disclose some personal information as required to comply with the law.

Security and international data transfers

Security

We work tirelessly to safeguard the security and integrity of our Site and/or App and the systems we use to process your personal data. We have implemented widely accepted standards of technology and operational security (having regard to the type and amount of personal data processed) to prevent against personal information being accidentally lost or used or accessed in an unauthorised or unlawful way. However, it is generally understood that no method of electronic storage or transmission online is 100% secure. As a result, whilst we have implemented appropriate technical and organisational measures, we cannot guarantee the absolute security of your personal data, or accept responsibility for any unauthorised access or loss of personal data that is beyond our control.

We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.

We also have procedures in place to deal with any suspected data security breach. We will notify you promptly in the event of any breach of your personal data which might expose you to serious risk.

International data transfers.

Where personal information is shared and disclosed as set out above, these parties may be established outside the United Kingdom. For example, some of the service providers we use to support our services are based in the United States, and this involves a transfer of your personal information to the USA. Whenever we transfer your personal information outside the United Kingdom, we ensure that a similar degree of protection is afforded to it by ensuring appropriate safeguards are implemented. This may include, where appropriate, relying on an adequacy decision or signing up to an International Data Transfer Agreement containing Standard Contractual Clauses protecting your data rights. To find out more information regarding the specific mechanism used by us when transferring your personal information outside the United Kingdom, please contact Menwell’s Data Protection Officer at dpo@manual.co.

Our use of cookies and similar technologies

We may use cookies and other information gathering technologies to learn more about how you interact with our Site and/or App. You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of our Site and/or App may become inaccessible or not function properly. Please see our Cookie Policy for more information about the cookies we use.

Third party links and services

Our Site and/or App may include links to third-party websites, plug-ins, and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our Site and/or App, we encourage you to read the privacy notice of every website you visit.

How long do we keep your personal information for?

We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal information, we consider the amount, nature and sensitivity of the personal information, the potential risk of harm from unauthorised use or disclosure of your personal information, the purposes for which we process your personal information, and whether we can achieve those purposes through other means, and the applicable legal requirements.

Marketing

If you receive marketing communications from us, you can ask us to stop sending you marketing messages at any time by following the unsubscribe links in any marketing message or by contacting Menwell’s Data Protection Officer at dpo@manual.co.

Please note that opting out of marketing communications does not opt you out of receiving important service-related communications.

Your rights

Subject to any exemptions provided by law, you may have the right to:

  • Request access to your personal information (commonly known as a “data subject access request”) and to certain other supplementary information that this Notice is already designed to address.
  • Request correction of the personal information we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
  • Request erasure of your personal information. This enables you to ask us to delete or remove personal information in certain circumstances. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
  • Receive the personal information concerning you which you have provided to us in a structured, commonly used, and machine-readable format and have the right to transmit those data to a third party in certain situations.
  • Object to processing of your personal information at any time for direct marketing purposes.
  • Object to decisions being taken by automated means which produce legal effects concerning you or significantly affecting you.
  • Object in certain other situations to our continued processing of your personal information.
  • Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
  • Withdraw your consent to our processing of your personal information, where we have collected and processed it with your consent.

For more information, please refer to the appropriate data protection legislation or consult the Information Commissioner’s Office for guidance. If you would like to exercise any of these rights, please contact Menwell’s Data Protection Officer at dpo@manual.co and let us have enough information to identify you. We may need to request specific information from you to help us confirm your identity. This is a security measure to ensure that personal information is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

How to contact us

Please address requests and questions about this Notice to Menwell’s Data Protection Officer at dpo@manual.co.

How to Complain

We hope that we can resolve any query or concern that you raise about our use of your personal information.

You also have the right to make a complaint to your supervisory authority. In the UK, this is the Information Commissioner’s Office (www.ico.org.uk).

Changes to this Notice

This version was last updated on 19 February 2026. To ensure that you are always aware of how we use your personal information we will update this Notice from time to time to reflect any changes to our use of your personal information and as required to comply with changes in applicable law or regulatory requirements. However, we encourage you to review this Notice periodically to be informed of how we use your personal information.

It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during your relationship with us.