Privacy Policy
Peachy Healthcare Limited ("we", "us", "our", "Peachy Healthcare") is a company registered in England & Wales with company number 14871854 and registered office at 792 Wickham Road, Croydon, England, CR0 8EA.
We are committed to protecting and respecting your privacy. We are the data controller of the personal information described in this policy. This means we are responsible for deciding how and why your personal information is processed.
Peachy Healthcare is a consumer health technology company. We sell at-home testing kits and related products, and we use our platform to translate laboratory results into plain-English, personalised insights and recommendations. Our current and planned products include the DNA Skin Kit, UV Detection Stickers, and (in development) the Microbiome Kit and Blood Test.
"Personal information" means information that identifies you personally, such as your name or contact details, or data that can be linked to such information to identify you.
Some of the information we handle is special category data under the UK GDPR — in particular your genetic data (from the DNA Skin Kit) and other health data (from our microbiome and blood testing products, and any health information you choose to share with us). We apply additional protections to this data, explained throughout this policy.
We work with third parties to deliver our products — including accredited laboratory partners, payment providers, delivery couriers, and sales platforms such as TikTok Shop. Some of these third parties are separate data controllers with their own privacy policies; where that is the case, we tell you.
What this policy covers
This policy sets out how we handle personal information that you give us, that we generate about you, or that we receive from third parties, when you:
• browse our website or use our web platform;
• join a waitlist or register interest in a product;
• buy or use one of our testing kits or products;
• receive and view your results and insights; or
• contact us.
Please read it carefully. If you do not provide information that is necessary for us to deliver a product or service, we may not be able to provide that product or service to you. You can always choose to stop using our website, platform, or services.
What personal information we collect and how
Information you give us
Account and profile information — when you create an account we collect and retain your name, email address, and the username and password you use to log in. You may also choose to provide a delivery address, telephone number, date of birth, and other profile details.
Order and delivery information — when you buy a product we collect the information needed to fulfil your order, including your delivery address and order history. Where you buy through a third-party marketplace (for example TikTok Shop), that platform collects your order and delivery details and shares with us only what we need to fulfil and support your order.
Payment information — payments are processed by our third-party payment provider. We do not store your full card details. We receive confirmation of the transaction and limited details needed to manage your order, refunds, and accounting.
Sample and test information (special category data) — to provide a testing product we collect the biological sample you send us and the data derived from it:
• DNA Skin Kit: a cheek-swab (buccal) saliva/DNA sample, from which genetic (genotyping) data is generated by our laboratory partner.
• Microbiome Kit (planned): a stool sample, from which microbiome composition data is generated.
• Blood Test (planned): a finger-prick blood-spot sample, from which biomarker results are generated.
The results of these tests, and the personalised insights and recommendations our platform generates from them, are health and/or genetic data and are treated as special category data.
Information you choose to add — any additional health, lifestyle, or profile information you choose to enter to personalise your insights (for example skin concerns, goals, or preferences), and any photographs you choose to upload.
Support and correspondence — the content of any query, question, or complaint you raise with us by email, contact form, or other channels, including the email address needed to respond.
Marketing and engagement — if you join a waitlist or register interest, we collect your name and email address. If you interact with us on social media, we may receive information about those interactions.
Information we collect automatically
Each time you use our website or platform we may automatically collect:
• Technical information, including the type of device you use, a unique device identifier, mobile or network information, your operating system, browser type, and time-zone setting; and
• Usage information, including details of how you use our website, platform, and services.
We collect some of this information using a small amount of essential storage on your device. We do not use analytics or advertising cookies. See Cookies and storage below.
Information we receive from third parties
• Laboratory partners provide us with the results generated from your sample.
• Payment providers provide confirmation and limited details of your transactions.
• Sales platforms (for example TikTok Shop) provide the order and contact details needed to fulfil and support your purchase.
How we use your personal information and our lawful bases
We only use your personal information where the law allows us to. The lawful bases we rely on are set out below.
1. To perform our contract with you (or take steps at your request before entering a contract)
• To register you and manage your account.
• To take payment, fulfil and deliver your order, and process the sample you send us.
• To generate, deliver, and give you access to your results, insights, and recommendations.
• To provide customer support and to investigate and resolve queries and complaints.
• To send you service communications (for example order updates, dispatch and results notifications, and important changes to our services). These are not marketing.
2. To comply with a legal obligation
• To keep records required by law (for example tax and accounting records).
• To respond to lawful requests from regulators, courts, or other authorities, and to meet our obligations under applicable law and regulation.
3. For our legitimate interests
Where we rely on legitimate interests, we have balanced our interests against your rights.
• To operate, secure, troubleshoot, test, and improve our website, platform, and products.
• To understand how our products are used so we can improve them.
• To respond to general enquiries and feedback.
• To detect and prevent fraud, and to protect our business and our users.
• To keep internal records and carry out analysis, reporting, and statistics using aggregated or de-identified data.
4. With your explicit consent (special category data)
We rely on your explicit consent to process special category data — including your genetic data, health data, and any information about your health that you choose to share. This includes:
• performing your DNA, microbiome, or blood test and generating your results;
• using those results to produce your personalised insights and recommendations; and
• storing your results and (for the DNA Skin Kit) your raw genotyping data.
We request this consent at the point you register your kit. You can withdraw your consent at any time. Withdrawing consent does not affect processing carried out before withdrawal, and in some cases may mean we can no longer provide the relevant service to you. Further detail specific to genetic data is in the DNA Test Service — Additional Notice below.
5. For marketing, personalisation, and (optional) research — with your consent
• Marketing: with your consent (or where the law otherwise permits, such as the "soft opt-in" for existing customers), we will send you information about Peachy Healthcare products and services that may interest you. You can opt out at any time using the unsubscribe link in any marketing email or by contacting us. We do not use your genetic, microbiome, or blood-test results to target marketing unless you have specifically agreed to this.
• Personalisation: we use the information in your profile and (with your consent) your test results to tailor the insights, content, and recommendations we show you.
• Research (optional): if you opt in, we may use anonymised and aggregated data — including from testing — for research carried out with carefully selected research partners to improve understanding of health, skin, and wellbeing. Anonymised data cannot be used to identify you. We will not use identifiable data for research or clinical studies without your separate, explicit, informed consent, and taking part is always your choice.
Sharing your personal information
We do not sell your personal information. We share it only as described below, and only with appropriate safeguards in place.
Laboratory partners. We share the information necessary for your sample to be processed and your results generated. For the DNA Skin Kit, the genetic analysis is performed by our laboratory partner, DNAlysis Biotechnology (dnalife). Microbiome and blood testing (when launched) will be performed by accredited laboratory partners, and we will make clear who processes your sample.
Service providers. We use trusted third parties to perform functions on our behalf — for example payment processing, delivery and fulfilment, IT hosting and security, email and communications, analytics, and customer support. They may access personal information only as needed to perform their function for us, under a written contract that requires them to protect it and use it only on our instructions.
Sales platforms. Where you buy through a third-party marketplace (for example TikTok Shop), that platform is a separate data controller for the information you provide to it, subject to its own privacy policy. We receive only the information needed to fulfil and support your order.
Research partners. As above, any research sharing uses anonymised and aggregated data unless you have given separate explicit consent.
Professional advisers and business transfers. We may share information with our professional advisers (such as lawyers, accountants, and auditors), and in connection with a sale, merger, or reorganisation of our business, subject to appropriate confidentiality protections.
Legal and protection of rights. We may disclose information where we believe in good faith it is necessary to comply with the law, enforce our terms and agreements, or protect the rights, property, or safety of Peachy Healthcare, our users, or others.
At your choice. Other than as set out above, we will give you the opportunity to decide before we share your personal information with a third party.
We will not:
• sell your personal or special category data;
• give any third party direct, real-time access into our systems; or
• share tracking IDs or cookies with advertisers, insurers, or other third parties for their own purposes.
International transfers
Some of our laboratory and service partners are based outside the UK. For example, our DNA laboratory partner, DNAlysis Biotechnology, operates in South Africa, the UK, and Denmark, which may involve transferring your sample and/or genetic data outside the UK.
Where we transfer personal information (including special category data) outside the UK, we ensure an appropriate safeguard is in place, such as:
• transfer to a country the UK Government has decided provides an adequate level of protection; or
• the UK's International Data Transfer Agreement (IDTA), or the UK Addendum to the EU Standard Contractual Clauses, together with a transfer risk assessment and any additional measures needed.
You can ask us for more information about the safeguards that apply to a specific transfer using the contact details below.
How long we keep your personal information
We keep your personal information for as long as we need it to provide our services to you, and for any period required by law. When determining retention periods we consider our contractual obligations, legal record-keeping requirements, limitation periods, our legitimate interests, any actual or potential disputes, and guidance from the ICO.
• Account and order data: kept for the life of your account and for the period we are required to retain transaction records afterwards (for example for tax and accounting).
• DNA results and raw genotyping data: because your genes do not change, we store your DNA results and raw genotyping data so that we can give you continued access and provide updated insights over time. We keep this data only while you have an account and consent in place, or as otherwise required or permitted by law. You can ask us to delete it (see Your rights and the DNA Test Service — Additional Notice).
• Sample destruction: after testing, any remaining physical sample is stored securely by our laboratory partner. You can request destruction of your sample at any time.
When we no longer need your personal information, we securely delete or anonymise it.
How we keep your personal information secure
We use appropriate technical and organisational measures to protect your personal information against unauthorised access, loss, misuse, or alteration. Where we use third-party providers, we impose contractual obligations requiring them to protect the security and confidentiality of your information. Special category data — including genetic, microbiome, and blood-test data — is subject to enhanced protection, including measures such as access controls, encryption, and pseudonymisation where appropriate.
No method of transmission or storage is completely secure, but we take reasonable steps to protect your information and to notify you and the relevant authorities of any breach where we are required to do so.
Age restriction
Our products and services are intended for adults. You must be 18 or over to create an account, purchase a testing kit, or provide a sample. We do not knowingly collect personal information from anyone under 18. If you believe someone under 18 has provided us with personal information, please contact us and we will delete it.
Your rights
Under data protection law you have a number of rights (subject to certain conditions):
• The right to be informed about how we use your information — which is why we provide this policy.
• The right of access to the personal information we hold about you.
• The right to rectification if your information is inaccurate or incomplete.
• The right to erasure ("the right to be forgotten") where there is no compelling reason for us to keep using your information (this is not an absolute right).
• The right to restrict processing in certain circumstances.
• The right to data portability — to obtain and reuse certain information across different services.
• The right to object to processing based on our legitimate interests, and to direct marketing at any time.
• The right to withdraw consent at any time where we rely on your consent (including for special category data). This does not affect the lawfulness of processing before withdrawal.
• The right to lodge a complaint with the Information Commissioner's Office (ICO), the UK data protection regulator (ico.org.uk), though we would welcome the chance to address your concerns first.
You can exercise any of these rights by contacting us using the details below. We usually act on requests free of charge and respond within one month; if a request is complex or excessive we may take longer (and will tell you), charge a reasonable fee, or decline to act, as permitted by law.
Website visitors
If you only visit our website or join a waitlist and have not purchased a product, we will not usually ask for health information. If we ever do, we will make clear why and, where appropriate, ask for your consent.
For visitors we may collect: your name and email address (for example if you register interest); the content of any query you raise; your interactions with us on social media; technical and usage information as described above; and anything else you choose to provide. We use this to respond to you, to tell you about product launches you have asked to hear about, to improve our website, and to analyse website traffic and performance.
Cookies and storage
We keep our use of cookies and similar technologies to a minimum. We use only a small amount of essential storage — a first-party device identifier (`peachy_device`) for security and abuse prevention, storage needed to keep you securely logged in, and Cloudflare Turnstile for bot protection. We do not use analytics or advertising cookies, and we do not track you across other websites. Because we use only strictly necessary and functional storage, we do not need to show a cookie-consent banner, but we disclose everything for transparency. Payments are handled on Stripe's hosted checkout, where any cookies are set by Stripe on their own domain. For full details, please see our Cookie & Storage Policy. If we ever introduce non-essential cookies (such as analytics or advertising) in future, we will put a consent mechanism in place first.
Third-party websites
Our website and platform may contain links to third-party websites or apps that are not under our control. We are not responsible for their content or privacy practices. Please review the privacy policy of any third-party site before providing your information to it.
Changes to this policy
We update this policy from time to time. Any changes will be posted on our website and platform and, where appropriate, notified to you. Where changes are significant, we may ask you to read and acknowledge them before you continue using our services.
Contact us
If you have any questions, comments, or requests about this policy, or you wish to exercise your rights, please contact us:
Peachy Healthcare Limited
Email: info@peachyhealthcare.com
Website: www.peachyhealthcare.com
Data protection contact: info@peachyhealthcare.com
If you are not satisfied with our response, you have the right to complain to the Information Commissioner's Office (ICO) at ico.org.uk.
DNA Test Service — Additional Notice
This notice provides additional information about how we process your personal data when providing the DNA Skin Kit service. It applies in addition to the main Peachy Healthcare Privacy Policy above.
What we collect
When you purchase. We collect your name, contact and delivery details, and the details of any query you raise. If you buy the kit as a gift for someone else, you must have their permission to share their delivery and contact details with us. Our third-party payment provider collects your payment details to process your order. Our lawful basis for this is performance of our contract with you and our legitimate interests.
When you take the test. To carry out the test we collect your DNA sample (a cheek swab). Your kit is sent to you, and your sample is processed and handled by our third-party laboratory partner, DNAlysis Biotechnology (dnalife).
Consent. Carrying out the DNA test means we process your genetic data, which is special category data. We rely on your explicit consent to do this. You provide consent when you register your kit — for example by confirming where prompted in our platform, or by another method we specify. The person taking the test is responsible for providing consent. If you do not provide consent, we will not be able to perform the test or provide your report. You can withdraw your consent at any time.
How we use your DNA information
We use your DNA data only for the following purposes, and in line with your preferences:
• to deliver your kit and collect your sample;
• to have your sample analysed by our laboratory partner;
• to review your results and produce your personalised report, delivered via the Peachy platform;
• to store your full DNA report and raw genotyping data for current and future services we make available to you (we hold more data than appears in your initial report, which may be relevant for future insights);
• to contact you about your test — for example when results are ready, if there is a problem, or with information about your order or results;
• to respond to your queries;
• to verify your login credentials; and
• with your consent, to tell you about new or related Peachy services.
We will not use your DNA-related information for any other purpose without your consent, and you may withdraw consent at any time.
Anonymised research. We may carry out research with carefully selected research partners using anonymised and aggregated data, including from DNA testing. Because this data is anonymised, we cannot identify whose data is used.
Clinical trials. We will not use identifiable data for clinical trials without your explicit and informed consent. You may be invited to give this consent via the platform.
Results and report
We receive and store your DNA test results and related materials from our laboratory partner. Your results are delivered as a report within the Peachy platform. The report contains the genotypes and insights included in the DNA Test specification at the time of your order, framed as wellness insights to help you understand your skin biology.
We also store the raw genotyping data generated from your sample. This is kept securely and may be requested or managed by you in line with your rights under the UK GDPR. From time to time — and for as long as we are permitted to hold your data — we may update your report and make further insights available as they are developed. We do not guarantee that additional insights will be provided after your initial report, and we will not use your results for any other purpose without your consent.
Important — what the DNA Skin Kit is and is not
The Peachy DNA Skin Kit is a wellness and insight product, not a medical device and not a diagnostic test. Your results indicate genetic predispositions and are not a diagnosis and not medical advice. Genetic predisposition is probabilistic — your genes may make you more or less prone to certain outcomes, but do not determine them. Always consult a qualified healthcare professional about any medical concern. Peachy does not replace clinical care.
Security and destruction of your sample
We impose appropriate obligations on our laboratory partner to protect the security and privacy of your information. After testing, any remaining DNA sample is stored securely by the laboratory partner on our behalf. You can request destruction of your sample at any time, at which point it will be securely destroyed. Our laboratory partner destroys the DNA test results it holds within one month of providing them to Peachy Healthcare.
A note on our Microbiome Kit and Blood Test (in development)
Our Microbiome Kit and Blood Test are in development and not yet available. When they launch, they will involve processing health data (special category data) — microbiome composition data from a stool sample, and blood biomarker results from a finger-prick sample. We will publish specific additional notices for these products, confirming the laboratory partner, sample handling, and consent arrangements, before they go on sale. As with all Peachy products, these are wellness and insight tools and are not intended to diagnose, treat, or cure any medical condition; where a result may be clinically significant, we will signpost you clearly to a GP.