Alula Health Privacy Policy

Our Principles

At Alula, we are committed to empowering you with a complete view of all your health data in a private account that you control.

Control. You are in control of the personal information you provide to us, which includes sharing, use, and retention.

Access. We empower you with access to your data as provided so that you are able to take charge of your health.

Transparency. We are committed to transparent collection, storage, sharing, and processing of your personal information and providing services to help you explore and understand your health.

Protection. The privacy and protection of your personal information is of the utmost importance to us. We are committed to strong security measures and providing you with information regarding collection, processing, and storage of your personal information.


Alula Technologies Limited (“we, “us”, “our” or “Alula”) operates the and websites (“Sites”) and related services (together “Alula HealthCloud”). At Alula, our goal is to empower you with control and sharing of your health information. To this end, we collect, process, use and store the personal information that you provide to us from your mobile applications, provider portals, activity trackers, devices, and services.

Our Privacy Policy outlines:

  • what information we collect;
  • how we may process this information;
  • how we may use this information; and
  • choices about accessing and updating information.
  • This Privacy Policy applies to our Sites as well as to the API services and applications we provide, and related products and services, collectively known as the “Services.” In addition, our Cookie Policy explains our use of browser cookies and other similar tracking technologies, which are part of this Privacy Policy.

    Contact Details

    If you have any questions about this Privacy Policy or our privacy practices, we can be contacted in the following ways:

    Full name of legal entity: Alula Technologies Limited

    Postal address: 1 Mayfair Place, Devonshire House, London W1J 8AJ, England

    Email address: or

    Consenting to Use of Personal Information

    By accepting our End User Terms of Service, you consent to the collection, use, storage, and disclosure of personally identifiable information as outlined in the End User Terms of Service and in this Privacy Policy.

    Connecting Your Personal Information to our Services

    We maintain your personal Information, and in particular protected health information, in compliance with applicable health care privacy and security rules and our contractual obligations with our customers. Currently we act as a conduit between (a) entities that collect and store health data (b) organisational customers that use our Services to collect data from consumers, and (c) consumers such as yourself.

    Through the Service, you can authorise us to access, collect, use, store, and disclose your personal information, including sensitive information that may relate to HIV and/ or other sexually transmitted diseases, mental and behavioural health conditions and treatment, substance abuse conditions and treatment, and other data, throughout the term of your use of the Services.

    Important Definitions

    The following definitions are provided to assist with understanding our Privacy Policy.

    Service or Services. Our Sites as well as the API services and applications we provide, and related products and services, as accessed by a user whether a user has an account or not.

    Personal Information. Personal Information is information that can identify you, either alone or in combination with other information. This includes Protected Health Information that is identified under Protection of Personal Information Act (POPIA) in South Africa, General Data Protection Regulation (GDPR) in the European Union, the UK General Data Protection Regulation (UK GDPR) in the UK, and the Health Insurance Portability and Accountability Act of 1996 (HIPAA) in the United States of America. Please review the section “Information We Collect from You” for more details.

    Anonymised (or De-identified) Information. De-identified or anonymised information does not identify you based on individual pieces of information or combinations of information. Your direct information (e.g., name) and indirect information (e.g., Device ID) are removed, such that you cannot be reasonably re-identified as an individual. This includes de-identified demographic information, de-identified location information, information about the computer or device from which you access the Alula HealthCloud or other online services, or other analyses we create.

    Aggregate Information. Your individual information is combined and compiled with other individuals’ information for the purpose of analysis. The aggregation process involves de-identification of personal information such that you and other individuals cannot be reasonably re-identified as specific individuals.

    Customers. Customers are business partners of Alula that may incorporate our Services as a component or feature of the Customer’s products (e.g., a chronic condition management platform that uses data from Alula HealthCloud to measure your activity levels) or may deliver features within our Services (e.g., a pharmacy that provides your prescription history).

    Information We Collect from You

    We collect personal information as part of providing Services to all of our users. Upon becoming a user of our Services, we will only collect information that you voluntarily authorise for submission. Personal Information may include information you report about yourself and/ or information collected from devices or third parties. We vigorously believe in keeping confidential all personally identifiable information that identifies an individual, including your past, present, or future physical or mental health condition.

    Account Information. We may collect personal information that includes, but is not limited to, identifying data such as name, email address, password, and address information in order to set up and manage your account. If our Services are provided by your employer or your employer’s service provider, your personal information may be forwarded to set up our Services for your use. Depending on the Services used, and your location, we may also collect your South African Identity number, passport number, National Insurance number, Social Security number, date of birth, current benefit coverage, and other official identifiers, such as a driver license number.

    Health Information. We may collect information such as personal activities, health and wellness data, medications, tests, medical records, and health issues submitted through the Services. We will only use this information for the purposes to which you expressly consent.

    Sensitive Information. Certain information you provide is considered sensitive information and may include genetic information, HIV testing or status, mental health, race, ethnicity, and sexual orientation. This information may be recorded in information shared with us by a third party such as a doctor. We will only use this information for the purposes to which you expressly consent.

    Device Information. We may collect device identifiers such as serial number, device type, IP address and browser type, language preferences and location, operating system, date and time of your access, internet service provider or mobile carrier, internet domain and host name, and referral URL.

    Cookies and Similar Technologies. We use cookies and similar technologies as described in our Cookie Policy. We recommend that you review that policy to learn about our practices and the controls available to you.

    Profile Information. We collect the information that you voluntarily enter into a user profile. This may include pictures, nicknames, and other personal details. This information is available to third parties that you consent to sharing your personal information through our Services.

    Research and Studies Information. Your personal information is collected when you voluntarily participate in research and studies through our Services.

    Information from Your Use of Services.

    We collect information related to your use of our Services, such as which healthcare provider you use, which menus you use, pages you view, or search results you click on. You may interact with our support team during the use of our Services, in which case, we would collect information about your communications.

    If you visit the Site, whether or not you become a user of our Services, be advised that we will maintain web logs to record data about all visitors and customers who use this Site and interact with the Services, and we will store this information. These logs may contain IP address information, types of operating system you use, the date and time you visited the site, and, if you are a user of our Services, information about the type of any personal tracker or other device or service you connect to the Services and information about the data uploaded from any such device or service.

    All web logs are stored securely and have restricted access by a very limited number of employees that have to adhere to strict guidelines regarding user data security and privacy.

    How We Use Your Information

    We use your personal information to provide Services to you. Examples of how we use your information include:

  • Authenticating your identity and access to the Services so you can share your personal information with the third parties of your choice;
  • Restricting access to your personal information;
  • Collecting personal information entered by you, imported by you (e.g., from a device) or authorised by you (e.g., blood test results from a lab);
  • Transmitting information to a third party that you authorize to receive your personal information through our Services;
  • Creating an export of your personal information based on your authorisation;
  • Sending you account notifications and updates about your Services;
  • Building new Services and improving existing Services;
  • Conducting scientific and statistical research and studies;
  • Troubleshooting our Services or enforcing Terms of Service use; or
  • Detecting and protecting against error, fraud, malicious activity, or other suspicious or criminal activity.
  • Alula Services

    If you elect to create an Alula account, we may use your personal information to tell you about or present to you products or services that we believe may be of interest to you.

  • We will not, without your express consent, provide your personal information to any third party for their or any other third party’s direct communications.
  • You can opt out of receiving these communications by following the instructions contained in each email we send you.
  • In addition, you can inform us at any time at if you no longer consent to these communications.
  • If you unsubscribe, you will no longer receive these communications, but we will continue to contact you regarding our Services and to respond to your other requests.
  • Non-Personal Data Use

    We may also use non-personal information to analyse data into useful information. This process of data analysis is done using Anonymised and Aggregate Information, is non-personal, and allows us to find correlations and patterns in the data.

    How We Share Your Information

    We do not sell, lease, or rent your individual-level information to any third party, including our customers, without your consent. In certain circumstances we may share your personal information with third parties without further notice to you, as set forth below:

  • Vendors and Service Providers: To assist us in meeting business operations needs and to perform certain services and functions, we may share personal information with vendors and service providers, including providers of hosting services, cloud services and other information technology services providers, email communication software services, access management services, data visualisation services, and web analytics services. Pursuant to our instructions, these parties will access, process or store personal information in the course of performing their duties to us. We require each of our vendors and service providers to enter into a Data Privacy Agreement with us.
  • Business Transfers: If we are involved in a merger, acquisition, financing due diligence, reorganisation, bankruptcy, receivership, sale of all or a portion of our assets, or transition of service to another provider (collectively a “Business Transfer”), your personal information and other information may be shared in the diligence process with counterparties and others assisting with the transaction and transferred to a successor or affiliate as part of that transaction along with other assets.
  • Legal Requirements: We disclose personally identifiable information about you as required or permitted by law, including complying with legal process. We fully cooperate with law enforcement agencies in identifying those who use our Services for illegal activities and may, in our sole discretion, disclose personal information or other information to satisfy any law, regulation, or government request. We reserve the right to release personal information or other information about users who we believe are engaged in illegal activities or are otherwise in violation of our Terms of Service, even without a subpoena, warrant or court order, if we believe, in our sole discretion, that such disclosure is necessary or appropriate to operate our Services or to protect our rights or property, or that of our affiliates, or our officers, directors, employees, agents, third-party content providers, or licensors. We also reserve the right to report to law enforcement agencies any activities we reasonably believe in our sole discretion to be unlawful. If we are legally compelled to disclose information about you to a third party, we will attempt to notify you by sending an email to the email address in our records unless doing so would violate the law or unless you have not provided your email address to us.
  • Information You Share with Others:

  • You can share information to others through our Services by (i) exporting a copy of your personal information, (ii) sending your personal information to customers, health care providers, or other third parties you authorise to receive your personal information through the Service, and (iii) other features that may be offered through our Services. Within our Services, sharing personal information with third parties such as a doctor requires your consent. You provide consent to sharing through the settings in our application. You may also participate in research or clinical studies by providing express consent.
  • When you decide to disclose your personal information to customers, doctors, other healthcare professionals, family members, or other individuals, whether or not you are using our Services, these third parties may store, process, or use your personal information differently than from what we describe in our Privacy Policy. Please review the section “Protecting Your Personal Information” and review the privacy policies of third parties with whom you share your personal information.
  • Customers may use the personal information you elect to share with them in accordance with your authorisation and/or display your data to you in a more usable format. Depending on the service provided by the customer, it may be integrated with data about you from one or more other sources as well (e.g., a dashboard showing exercise data together with test data extracted from personal health records).
  • Automated Decision Making. For some Services that we provide, and only in cases where you have provided your explicit consent, we will continuously update your account in almost real-time using information you provide to us from various t sources. As an example, if you have consented to us using health information from your Apple Watch, we will use this to automatically and continually update your health score on our app.

    Anonymised Data Sharing. Alula may use and share your anonymized or aggregated information for services improvements, public health, research, analytics and other legally permissible purposes.

    Transfer of data overseas. Personal Identifiable Data collected from you is processed, stored, and hosted in the United Kingdom. De-identified data (data that cannot identify you) may be transferred outside of the United Kingdom.

    Personal Information Security

    The protection of that data is of the utmost importance to us. We use all reasonable technical, physical, and administrative controls to protect your personal information from unauthorised access or disclosure and to ensure the appropriate use of information. We store your Personal Identifiable data in the United Kingdom. We maintain a high level of data protection via safeguards such as data backup, audit controls, access controls, and data encryption. Our Site and Services use Secure Socket Layer (SSL) technology to encrypt all connections to and from our Site and Services to enhance security of electronic data transmissions. However, no data transmission or storage system is guaranteed to be 100% secure. If you have questions about security or possible reason to believe that your interaction with our Site or Services is no longer secure (e.g., you feel that your account’s security may be compromised), please contact us immediately at

    Your Access and Choices

    You are the owner of your health data. We help you move your data throughout the healthcare ecosystem, but you have the ultimate control over who has access to which information.

    You can review your personal information that is stored and available within our Services at any time. You also have choices concerning the personal information you authorise to be stored within our Services and the export of your personal information. Please review the following options you have to control the management, use, change, and deletion of your personal information that is stored within our Services.

    Your Personal Information with our Services

    You authorise the personal information that is collected, stored, maintained, processed and used within our Services.

    Deleting or De-authorising Your Data

    We will delete your data as soon as we have no further need for it. For sensitive personal data, in most cases this will be within 48 (forty-eight) hours. For other non-account data, it will be within 6 (six) months.

    You may request to delete any personal information and to de-authorise the collection, use, storage, and disclosure of personal information in the future by sending us an email at Any such deletion or de-authorisation will have no effect on sharing of personal information before we receive and are able to act upon such a request.

    During the use of our Services, you may authorise us to send your personal information to customers or third parties who are providing you value. You will have full transparency regarding whom within the ecosystem you previously sent your personal information. To delete a copy of your records from these entities, you will need to follow their policies and procedures for data deletion.

    Exporting a Copy of Your Data

    You can export a copy of your personal information that is stored within our Services. If you have questions about exporting Personal Information from our Services, please contact

    Changes to Your Personal Information

    We work with multiple medical and wellness providers to enable you to obtain and hold copies of your personal information. We may also provide tools for you to manually enter health data or collect data from devices. While we strive to collect complete and accurate information from the sources provided to us, we do not have control over the accuracy, completeness, or quality of information entered or sent to us. For example, you may identify incorrect, incomplete, or outdated information from a third-party provider. If you have questions or find issues with your personal information, it is your responsibility to identify issues and ensure corrections are made to the original source of information.

  • For manually entered information, you are responsible for reviewing information and making corrections.
  • For a device, you should contact the device’s manufacturer.
  • For a care provider, you should contact the provider who controls your original information.
  • Your Responsibility to Protect Your Personal Information

    You are responsible for your handling, sharing, re-sharing and/ or distribution of your personal information. We will have no responsibility or liability for any consequences that may result from your disclosure of your personal information. Moreover, if you forward personal information electronically to another person on or off the Site or Services, we are not responsible for any harm or other consequences from third party use or re-sharing of your information. We recommend sharing personal information only with individuals and other third parties that you know and trust.

    In addition, we urge you to take precautionary measures in maintaining the integrity of your data. Please be responsible in making sure no one can see or has access to your personal accounts and login username and password information. If you use a public computer, such as the library or a university, or a shared device, always remember to log out of the Site or Services.

    If you use our Site or Services through your employer’s computer network or through an internet café, library or other potentially non-secure internet connection, such use is at your own risk. It is your responsibility to check beforehand with the company’s privacy and security policy with respect to Internet use.

    We cannot guarantee the identity of any other non-employee person with whom you may interact in the course of using the Site or Services, or the authenticity of any information that others may provide.

    Third-Party Sites and Trusted Relationships

    Our Site contains links to other sites. We do not share your personal information with those sites except as authorised under the End User Terms of Service and with your consent where required and are not responsible for their privacy policies and procedures. We encourage you to learn their particular privacy policies, but we seek to work with trusted partners and organisations that will adhere to similar privacy and ethical standards to ours.

    Account Closure

    You may close your account by sending a request to . We will close your account and delete the personal information within your account within 30 (thirty) days of our receipt of your request. Please note that deletion of personal information within our Services does not include any information that you previously provided to a third party through our Services or research that you consented to participate in. You must contact third parties separately regarding controls and choices for the personal information that you shared. We cannot remove personal information from ongoing or completed studies that use this information.

    As stated in our Terms of Service, we may retain your personal information in backup copies as required by law or contractual obligations with third parties. We may also retain de-identified personal information, and limited account registration information needed for accounting, audit, and compliance purposes.

    Other Important Information


    We will notify you:

  • where required by law, if there is a data breach affecting your personal information and provide instructions for further actions you may take, if any; and
  • of a Business Transfer and, if the recipient of your personal information pursuant to a Business Transfer will use your personal information in a way that differs from this Privacy Policy, you may delete or export your personal information as described above and/or close your account.
  • Data Retention

    Identifiable information about you is held no longer than necessary for our business purposes or to meet legal requirements and in any event no longer than 6 (six) months.


    We do not knowingly allow individual Customers under the age 13 (thirteen) to create accounts that allow access to our secure Site, without them obtaining the prior consent of a parent or guardian.

    Changes to this Privacy Policy

    We may amend our Privacy Policy in the future. In the event changes are made, we will be sure to post changes at the Site and at other places we deem appropriate. We will post an effective date when an update is published. If you object to any changes, you may delete your account by contacting us at .

    Concerns or Questions

    If you have any questions or suggestions on ways we can improve our privacy policy with respect to personal information, please email us at .

    This Privacy Policy was last updated on 25 July 2023.