Privacy policy

PRIVACY POLICY

Muhdo Health Ltd  |  Company Registration No. 10673236

Last updated: 13 May 2026

 

This Privacy Policy describes how Muhdohub ("the Site", "we", "us", or "our") collects, uses, and discloses your personal information when you visit, use our services, or make a purchase from muhdohub.com (the "Site") or otherwise communicate with us regarding the Site (collectively, the "Services"). For purposes of this Privacy Policy, "you" and "your" means you as the user of the Services, whether you are a customer, website visitor, or another individual whose information we have collected pursuant to this Privacy Policy.

 

Please read this Privacy Policy carefully.

 

1. DATA CONTROLLER AND REGULATORY INFORMATION

Muhdo Health Ltd is the data controller of your personal information for the purposes of applicable data protection laws, including UK GDPR and EU GDPR.

 

•      Company Registration Number: 10673236

•      Registered Office: Columba House, Adastral Park, Martlesham Heath, Ipswich, IP5 3RE, UK

•      ICO Registration Reference: ZA482119

•      Data Protection Contact: info@muhdo.com

 

2. SPECIAL CATEGORY DATA — GENETIC AND HEALTH INFORMATION

Where you purchase genetic or epigenetic testing Services, muhdohub processes your Genetic Information and health-related Self-Reported Information. This constitutes "Special Category" personal data under UK GDPR Article 9 and EU GDPR Article 9.

 

The lawful basis for processing this data is your explicit consent, provided at the point of purchase and registration. You have the right to withdraw this consent at any time by contacting us at info@muhdo.com, subject to the limitations set out in our Terms of Service regarding data already processed or transferred.

 

We process Special Category data for the following purposes only:

•      To provide the genetic and epigenetic wellness Services you have purchased.

•      To generate wellness insights, biological age estimates, and lifestyle recommendations.

•      For anonymised, aggregated research purposes where you have provided separate consent.

•      To comply with our legal obligations.

 

We do not use Special Category data for clinical diagnostic purposes, and the Services do not constitute medical advice or diagnosis.

 

3. CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time, including to reflect changes to our practices or for other operational, legal, or regulatory reasons. We will post the revised Privacy Policy on the Site, update the "Last updated" date, and take any other steps required by applicable law.

 

4. HOW WE COLLECT AND USE YOUR PERSONAL INFORMATION

To provide the Services, we collect and have collected over the past 12 months personal information about you from a variety of sources. The information that we collect and use varies depending on how you interact with us. In addition to the specific uses set out below, we may use information we collect to communicate with you, provide or improve the Services, comply with legal obligations, enforce applicable terms of service, and to protect or defend the Services and our rights.

 

Information We Collect Directly from You

Information that you directly submit to us through our Services may include:

•      Contact details including your name, address, phone number, and email.

•      Order information including your name, billing address, shipping address, payment confirmation, email address, and phone number.

•      Account information including your username, password, security questions, and other information used for account security.

•      Health and wellness data including date of birth, height, weight, sex at birth, and Self-Reported Information such as lifestyle habits, subjective health ratings, and questionnaire responses.

•      Genetic Information generated from your saliva sample.

•      Shopping information including items viewed, placed in your cart, loyalty points, reviews, referrals, or gift cards.

•      Customer support information including communications you send us.

 

Information We Collect about Your Usage

We may automatically collect certain information about your interaction with the Services ("Usage Data"). To do this, we may use cookies, pixels, and similar technologies ("Cookies"). Usage Data may include information about how you access and use our Site and your account, including device information, browser information, network connection details, IP address, and other interaction data.

 

Information We Obtain from Third Parties

We may obtain information about you from third parties, including vendors and service providers who collect information on our behalf, such as companies who support our Site and Services (such as Shopify), our payment processors, and advertising partners. Any information we obtain from third parties will be treated in accordance with this Privacy Policy.

 

5. HOW WE USE YOUR PERSONAL INFORMATION

•      Providing Products and Services: to process your payments, fulfil your orders, send account notifications, create and manage your account, arrange shipping, facilitate returns and exchanges, and deliver wellness insights based on your Genetic Information.

•      Marketing and Advertising: to send marketing, advertising, and promotional communications by email, text message, or postal mail, and to show you advertisements for products or services. For EEA residents, the lawful basis is our legitimate interest in selling our products under Art. 6(1)(f) GDPR.

•      Security and Fraud Prevention: to detect, investigate, or take action regarding possible fraudulent, illegal, or malicious activity. For EEA residents, the lawful basis is our legitimate interest in keeping our website secure under Art. 6(1)(f) GDPR.

•      Communicating with You and Service Improvement: to provide customer support and improve our Services. Lawful basis: legitimate interest under Art. 6(1)(f) GDPR.

•      Research: to conduct anonymised, aggregated wellness and genomic research, where you have provided separate explicit consent.

 

6. DATA RETENTION

We retain your personal data for as long as your account is active or as necessary to provide the Services, comply with legal obligations, resolve disputes, and enforce our agreements. The following retention periods apply:

 

•      Account and Registration Information: retained for the duration of your account and for up to 7 years following closure for legal compliance purposes.

•      Genetic Information (digital): retained for the duration of your account. Upon account closure, digital Genetic Information is deleted or anonymised within 90 days, unless you have separately consented to its use in anonymised research.

•      Physical saliva samples and extracted DNA: destroyed within 3 months of sequencing completion.

•      Self-Reported Information: deleted or anonymised within 90 days of account closure.

•      Anonymised, aggregated research data: may be retained indefinitely as it cannot be linked to any individual.

•      Transaction and payment records: retained for 7 years for tax and legal compliance.

 

To request deletion of your data, please use the Account Deletion process at muhdohub.com/pages/app-delete-account-process or contact us at info@muhdo.com.

 

7. COOKIES

Like many websites, we use Cookies on our Site. We use Cookies to power and improve our Site and Services, to run analytics and better understand user interaction, and to permit third parties and service providers to better tailor services and advertising. Most browsers automatically accept Cookies by default, but you can choose to remove or reject Cookies through your browser controls. For specific information about the Cookies used related to powering our store with Shopify, see https://www.shopify.com/legal/cookies.

 

Our website recognises the Global Privacy Control (GPC) signal, which enables you to opt out of certain uses or disclosures of your information for targeted advertising. We do not otherwise recognise "Do Not Track" signals from web browsers or devices.

 

8. HOW WE DISCLOSE PERSONAL INFORMATION

In certain circumstances, we may disclose your personal information to third parties for contract fulfilment purposes, legitimate purposes, and other reasons subject to this Privacy Policy:

•      With vendors or third parties who perform services on our behalf (e.g. IT management, payment processing, data analytics, customer support, cloud storage, fulfilment and shipping).

•      With business and marketing partners to provide services and advertise to you. Our partners will use your information in accordance with their own privacy notices.

•      When you direct, request, or consent to our disclosure of certain information to third parties.

•      With our affiliates or otherwise within our corporate group, in our legitimate interests to run a successful business.

•      In connection with a business transaction such as a merger or bankruptcy, to comply with legal obligations, to enforce applicable terms of service, or to protect or defend the Services, our rights, and the rights of our users.

 

We will never release your individual-level Genetic Information to any third party without your explicit consent, unless required by law.

 

We have in the past 12 months disclosed the following categories of personal information about users for the purposes set out above:

 

Category	Categories of Recipients
Identifiers such as basic contact details and certain order and account information; personal information such as basic contact details and certain order and account information; commercial information such as order information and shopping information; internet or other network activity such as Usage Data; geolocation data such as locations determined by an IP address.	Vendors and third parties who perform services on our behalf (such as internet service providers, payment processors, fulfilment partners, customer support partners, and data analytics providers); business and marketing partners; affiliates.
Identifiers such as name, email address, and phone number; commercial information such as records of products or services purchased; Usage Data.	Business and marketing partners (with consent, for advertising and marketing activities).

 

9. THIRD PARTY WEBSITES AND LINKS

Our Site may include links to websites or online platforms operated by third parties. If you follow links to sites not affiliated or controlled by us, you should review their privacy and security policies and other terms and conditions. We do not guarantee and are not responsible for the privacy or security of such sites. Our inclusion of such links does not imply any endorsement of the content on such platforms or of their owners or operators.

 

10. INTERNATIONAL DATA TRANSFERS

We may transfer, store, and process your personal information outside the country you live in. If we transfer your personal information out of the UK or Europe, we will rely on recognised transfer mechanisms such as the European Commission's Standard Contractual Clauses or UK International Data Transfer Agreements, unless the destination country has been determined to provide an adequate level of protection.

 

11. CHILDREN'S DATA

The full genetic and epigenetic testing Services are not available to individuals under 18 years of age. Account-only access (without genetic testing) requires users to be at least 13 years of age. We do not knowingly collect personal information from children under 13. If you are the parent or guardian of a child who has provided us with their personal information, you may contact us at info@muhdo.com to request that it be deleted.

 

12. SECURITY AND RETENTION OF YOUR INFORMATION

We implement appropriate technical and organisational measures to protect your personal information against unauthorised access, alteration, disclosure, or destruction. Please be aware that no security measures are perfect or impenetrable, and we cannot guarantee absolute security. We recommend that you do not use insecure channels to communicate sensitive or confidential information to us.

 

13. YOUR RIGHTS

Depending on where you live, you may have some or all of the rights listed below in relation to your personal information:

•      Right to Access / Know: request access to personal information we hold about you, including details of how we use and share it.

•      Right to Delete: request deletion of personal information we hold about you.

•      Right to Correct: request correction of inaccurate personal information.

•      Right of Portability: receive a copy of your personal information and request that we transfer it to a third party, in certain circumstances.

•      Right to Opt Out of Sale or Sharing / Targeted Advertising: direct us not to sell or share your personal information or to opt out of targeted advertising processing.

•      Restriction of Processing: ask us to stop or restrict our processing of personal information.

•      Withdrawal of Consent: where we rely on consent to process your personal information, withdraw that consent at any time.

•      Right to Lodge a Complaint with your local data protection supervisory authority.

 

To exercise any of these rights, please contact us at info@muhdo.com. We will not discriminate against you for exercising these rights. We may need to verify your identity before responding to your request.

 

14. COMPLAINTS

If you have complaints about how we process your personal information, please contact us at info@muhdo.com. If you are not satisfied with our response, you may lo