Effective Date: 18th March 2026
1. Introduction: Our Commitment to Your Privacy
At Cato Health, we are committed to transparency and clarity, especially in how we handle your personal information. We understand that trusting a company with your data is a significant decision, particularly when it comes to health and wellness. This Privacy Policy explains, in plain English, exactly how we collect, use, store, and share any personal information you provide through our website, mobile application, and other services (collectively, our "Service").
Our commitment to you:
- We will never sell your personal data to anyone.
- We will always be clear about how we use your data.
- We will only keep your data for as long as we need it, or as required by law.
- We will use appropriate technical and organisational security measures to protect your information.
- We will make it easy for you to access, export, and manage your data.
- We will respond to any data protection requests within one calendar month.
- If we ever need to change how we use your data, we will tell you first and, where required, seek your consent before making any changes.
Data Controller
Cato Health ("Cato Health," "we," "us," or "our") is a brand name of Cato Longevity Limited, a company registered in England and Wales under company number 16812178, with its registered office at 11A Fulham Park Road. We are the data controller for the personal data described in this Privacy Policy.
ICO Registration
Cato Health (Cato Longevity Limited) is registered with the Information Commissioner's Office (ICO)
under registration number Z7436918.
View our ICO registration on the official ICO website
Data Protection Officer
If you have any questions about this Privacy Policy or our data practices, you can contact our Data Protection Officer at:
Email: info@cato.health
Post: Data Protection Officer, Cato Longevity Limited, 11A Fulham Park Road, London SW6 4LH
2. Summary of Key Points
- What we collect: Account details, health and wellness data (from blood tests, wearables, questionnaires, and uploads where applicable), your interactions with our AI platform, service usage data, and communications with us.
- Why we collect it: To power our AI health platform, provide personalised insights, support clinical review of recommendations, improve our service, and communicate with you.
- Our legal basis: Contract performance (Article 6(1)(b) UK GDPR), explicit consent for health data (Article 9(2)(a) UK GDPR), legitimate interests for service improvement, and legal obligation where required.
- How we protect it: Encryption in transit and at rest, role-based access controls, regular security assessments, and staff training.
- Who we share with: Only trusted service providers who help us deliver the Service, under strict data processing agreements. Never for third-party marketing or to train third-party AI models.
- International transfers: Some data may be processed outside the UK, subject to appropriate safeguards (see Section 14).
- How long we keep it: Specific retention periods apply to different categories of data (see Section 10).
- Your rights: You can access, correct, delete, restrict, port, or object to the processing of your data at any time (see Section 13).
3. What Information We Collect
We collect only what we need to provide and improve our Service. Depending on the specific Plan you purchase or features you enable, this may include the following categories:
Account Information
- Full name and contact details (email address, phone number, home address).
- Date of birth.
- Password and login credentials (stored in hashed form).
- Health and lifestyle data provided via our onboarding questionnaire.
- Payment information (processed by our third-party payment processor, Stripe; we do not store full card details).
Health and Wellness Data (Special Category Data)
- Blood biomarker test results (where your Plan includes blood testing).
- Data from connected devices or integrations, including activity levels, sleep patterns, heart rate, and other metrics from wearables such as Oura, Apple Watch, or Garmin (where applicable to your Plan).
- Calculated health scores and metrics derived from your data.
- Health records or test results you upload to the platform.
AI Health Intelligence Companion Interactions
- Conversations between you and our AI platform.
- Questions you ask and topics you explore.
- Recommendations and insights generated for you.
- Your feedback on recommendations and insights.
- Your adherence to health goals and commitments.
Service Usage Information
- How you interact with our application (pages visited, features used, content accessed).
- Time spent using the Service and session frequency.
- Technical information about your device (device type, operating system, browser type) and internet connection (IP address).
- Crash reports and performance data.
Communications
- Customer service interactions.
- Feedback and survey responses.
- Messages sent through our platform.
Data We Receive from Third Parties
Where you connect third-party devices or services to your Cato Health account, we receive data from those providers as described above. We may also receive data from our laboratory partners when your blood tests are processed. In all cases, we will inform you about what data we receive and how it is used before or at the time of collection.
4. How We Use Your Information
The content below sets out each purpose for which we process your personal data, the categories of data involved, and the legal basis we rely on:
| Purpose | Data Categories | Legal Basis (Art. 6) | Special Category Condition (Art. 9) |
|---|---|---|---|
| Account creation and management | Account information | Contract performance (Art. 6(1)(b)) | N/A |
| Processing and analysing health data to deliver personalised insights | Health and wellness data, AI interactions, questionnaire data | Contract performance (Art. 6(1)(b)) | Explicit consent (Art. 9(2)(a)) |
| Powering AI coaching and context-aware responses | Health data, AI interactions, usage data | Contract performance (Art. 6(1)(b)) | Explicit consent (Art. 9(2)(a)) |
| Clinical review and sign-off of recommendations | Health and wellness data | Contract performance (Art. 6(1)(b)) | Explicit consent (Art. 9(2)(a)) |
| Service improvement, bug fixes, and feature development | Usage data, de-identified health data, technical data | Legitimate interests (Art. 6(1)(f)) | N/A (data is de-identified) |
| Training and refining internal AI models | De-identified and aggregated data | Legitimate interests (Art. 6(1)(f)) | N/A (data is de-identified) |
| Health and wellness research | De-identified data | Consent (Art. 6(1)(a)) | Research consent (separate) |
| Customer support and communications | Account information, communications, usage data | Contract performance (Art. 6(1)(b)) | N/A |
| Marketing communications | Account information (name, email) | Consent (Art. 6(1)(a)) or Legitimate interests (Art. 6(1)(f)) for existing customers (soft opt-in) | N/A |
| Payment processing | Payment data, account information | Contract performance (Art. 6(1)(b)) | N/A |
| Legal and regulatory compliance | As required | Legal obligation (Art. 6(1)(c)) | As applicable |
| Fraud prevention and security | Account information, usage data, technical data | Legitimate interests (Art. 6(1)(f)) | N/A |
-
Account creation and management
- Data: Account information
- Legal basis: Contract performance (Art. 6(1)(b))
- Special category condition: N/A
-
Processing and analysing health data to deliver personalised insights
- Data: Health and wellness data, AI interactions, questionnaire data
- Legal basis: Contract performance (Art. 6(1)(b))
- Special category condition: Explicit consent (Art. 9(2)(a))
-
Powering AI coaching and context-aware responses
- Data: Health data, AI interactions, usage data
- Legal basis: Contract performance (Art. 6(1)(b))
- Special category condition: Explicit consent (Art. 9(2)(a))
-
Clinical review and sign-off of recommendations
- Data: Health and wellness data
- Legal basis: Contract performance (Art. 6(1)(b))
- Special category condition: Explicit consent (Art. 9(2)(a))
-
Service improvement, bug fixes, and feature development
- Data: Usage data, de-identified health data, technical data
- Legal basis: Legitimate interests (Art. 6(1)(f))
- Special category condition: N/A (data is de-identified)
-
Training and refining internal AI models
- Data: De-identified and aggregated data
- Legal basis: Legitimate interests (Art. 6(1)(f))
- Special category condition: N/A (data is de-identified)
-
Health and wellness research
- Data: De-identified data
- Legal basis: Consent (Art. 6(1)(a))
- Special category condition: Research consent (separate)
-
Customer support and communications
- Data: Account information, communications, usage data
- Legal basis: Contract performance (Art. 6(1)(b))
- Special category condition: N/A
-
Marketing communications
- Data: Account information (name, email)
- Legal basis: Consent (Art. 6(1)(a)) or Legitimate interests (Art. 6(1)(f)) for existing customers (soft opt-in)
- Special category condition: N/A
-
Payment processing
- Data: Payment data, account information
- Legal basis: Contract performance (Art. 6(1)(b))
- Special category condition: N/A
-
Legal and regulatory compliance
- Data: As required
- Legal basis: Legal obligation (Art. 6(1)(c))
- Special category condition: As applicable
-
Fraud prevention and security
- Data: Account information, usage data, technical data
- Legal basis: Legitimate interests (Art. 6(1)(f))
- Special category condition: N/A
Legitimate Interests Assessment
Where we rely on legitimate interests as a legal basis, we have carried out a balancing test to ensure our interests do not override your rights and freedoms. Our legitimate interests include: maintaining and improving the security of our Service, understanding how members use the Service to develop new features, training our internal AI models using de-identified data, and marketing our services to existing members. You have the right to object to processing based on legitimate interests at any time (see Section 13).
5. Explicit Consent for Health Data
Health data (including blood biomarker results, wearable data, questionnaire responses, and any health records you upload) is classified as "special category data" under Article 9 of the UK GDPR. This type of data requires additional protection.
We process your health data on the basis of your explicit consent, which we request separately and clearly during the account creation process. Your consent is:
- Freely given: You are not required to consent to research use of your data in order to use the Service. Consent for research is entirely separate and optional.
- Specific: We explain exactly what health data we collect and how it will be used before asking for your consent.
- Informed: We provide you with clear information about the processing before you consent.
- Unambiguous: Consent is collected through a clear affirmative action (opt-in checkbox), not through pre-ticked boxes or inactivity.
Withdrawing Consent
You may withdraw your consent to health data processing at any time by contacting info@cato.health. Withdrawal of consent does not affect the lawfulness of any processing carried out before the withdrawal.
Important: Because processing your health data is essential to the core functionality of our Service, withdrawing consent will prevent us from delivering the Service and will result in the termination of your Plan. In these circumstances, we will provide a pro-rata refund for any unused portion of your Plan Period, as set out in our Terms of Service.
6. Third-Party AI Models
No Training of Third-Party Models
We want to be clear: your personal health and wellness data will not be used to train third-party AI models. When we use third-party AI infrastructure (such as enterprise-grade foundation models), our agreements with these providers explicitly prohibit the use of your data for training their general models.
This means your health information, conversations with our AI, and data from any connected sources remain protected. They are used solely to generate insights for you and are never incorporated into a provider's public knowledge base or model training sets.
We regularly audit our AI provider agreements to ensure these protections remain in place.
7. Data Protection Impact Assessments
Given the sensitive nature of the health data we process, we have conducted Data Protection Impact Assessments (DPIAs) in accordance with Article 35 of the UK GDPR. Our DPIAs cover:
- The collection and processing of health data from blood tests, wearables, and user uploads.
- The use of AI and automated decision-making to generate personalised health insights.
- International transfers of personal data to third-party service providers.
- The integration of third-party devices and data sources.
We review and update our DPIAs whenever there is a significant change to our processing activities, and make them available to the ICO upon request.
8. How We Keep Your Information Secure
We implement appropriate technical and organisational measures to protect your personal data, including:
Technical Measures
- Encryption of data in transit (TLS 1.2 or higher) and at rest (AES-256 or equivalent).
- Robust access controls and multi-factor authentication for staff access to personal data.
- Regular penetration testing and vulnerability assessments.
- Secure, industry-standard cloud hosting infrastructure.
- Automated monitoring and alerting for suspicious activity.
Organisational Measures
- Role-based access controls limiting data access to authorised personnel only.
- Mandatory data protection and security training for all staff.
- Security vetting of all third-party integrations and data partners prior to engagement.
- Strict data access and confidentiality policies within our organisation.
- Documented incident response procedures and data breach notification protocols.
- Regular internal audits of data protection compliance.
No method of electronic transmission or storage is completely secure. While we strive to protect your personal information using commercially appropriate means, we cannot guarantee its absolute security. In the event of a data breach that is likely to result in a high risk to your rights and freedoms, we will notify you without undue delay, in accordance with Article 34 of the UK GDPR.
9. Who Has Access to Your Data
We restrict access to your personal data based on role and necessity. The following teams may access your data:
| Team | Data They Can Access | Purpose |
|---|---|---|
| Clinical team | Health and wellness data, AI-generated recommendations | To review and sign off on lifestyle recommendations before they are delivered to you |
| Customer support | Account information, relevant health data, communications | To provide assistance and resolve technical issues with your active services |
| Development team | Technical logs, de-identified health information | System maintenance, integration stability, and feature improvement |
| AI and Data Science team | Aggregated or de-identified data only | Model training, service improvement, and research (where consented) |
| Management / Compliance | Aggregated reports, compliance records | Regulatory compliance, reporting, and governance |
All staff with access to personal data are subject to confidentiality obligations and have received data protection training.
10. How Long We Keep Your Information
We retain your information only for as long as necessary for the purposes for which it was collected, or as required by law. The specific retention periods are:
| Data Category | Retention Period | Justification |
|---|---|---|
| Account information | Duration of Plan + 30 days | To enable data export after Plan ends. After 30 days, data is deleted or anonymised unless you request reactivation. |
| Health and wellness data (blood results, wearable data, uploads) | Duration of Plan + 30 days | To provide long-term trend analysis during your Plan and allow data export after it ends. |
| AI interaction data | Duration of Plan + 30 days | To maintain context for personalised coaching. De-identified data may be retained longer for model improvement. |
| Service usage and analytics data | Rolling 24-month period | To support service improvements, troubleshooting, and feature development. |
| Communications (support, complaints) | Up to 6 years from date of communication | To comply with the Limitation Act 1980 (6-year period for contractual claims) and to support ongoing customer service. |
| Payment records | 7 years from transaction date | To comply with HMRC record-keeping requirements. |
| De-identified / aggregated research data | Indefinite | Cannot be linked back to you. Used for ongoing service and research improvement. |
When personal data is no longer required, it is securely deleted or irreversibly anonymised. We conduct regular reviews of retained data to ensure compliance with these retention periods.
11. Who We Share Your Information With
We do not sell your personal data. We may share your information with the following categories of recipients:
Service Providers (Data Processors)
These organisations process data on our behalf, under our instructions and subject to written data processing agreements:
- Cloud hosting and infrastructure: for secure data storage and processing.
- Laboratory and diagnostic partners: for processing blood samples and generating test results (where included in your Plan).
- Data integration partners: To facilitate connections with third-party wearables and health apps (only if you choose to enable these integrations).
- AI infrastructure providers: to power our AI insights engine (subject to strict no-training agreements — see Section 6).
- Payment processor: Stripe, for secure payment processing. We do not store your full card details.
- Communication service providers: For email, SMS, and in-app messaging.
- Analytics providers: For understanding how our Service is used (using aggregated or de-identified data where possible).
Independent Controllers
These organisations receive data from us and determine their own purposes and means of processing:
- Clinicians and medical reviewers: Registered medical professionals who review and sign off on health and lifestyle recommendations. These clinicians process your data under their own professional obligations and are bound by medical confidentiality.
- Professional advisors: Such as lawyers, auditors, or insurers, when necessary for legal, compliance, or insurance purposes.
Diagnostic Services
For laboratory or diagnostic testing specifically, we share personal details such as your name, date of birth, address, and test requests with our laboratory partners to facilitate sample collection and processing. This sharing is necessary to perform our contract with you.
Legal and Regulatory Disclosures
We may disclose your personal data where required to do so by law, regulation, or court order, or where disclosure is necessary to protect our legal rights, enforce our Terms of Service, or protect the safety of our users or others.
Business Transfers
In the event of a merger, acquisition, or sale of all or a portion of our assets, your personal data may be transferred to the acquiring entity. We will provide you with notice before your personal data is transferred and becomes subject to a different privacy policy.
12. Automated Decision-Making and Profiling
Our Service uses AI and automated processing to generate personalised health insights and recommendations based on your data. This constitutes profiling under the UK GDPR.
How it works
Our AI analyses data from your blood biomarkers, wearable devices, lifestyle questionnaire, and interactions with the platform to generate health scores, identify trends, and provide personalised recommendations. These recommendations are reviewed by qualified clinicians before being delivered to you.
Your rights
Under Article 22 of the UK GDPR, you have the right not to be subject to decisions based solely on automated processing that produce legal or similarly significant effects. Because our AI-generated recommendations are reviewed by a qualified clinician before delivery, they do not constitute solely automated decision-making. However, you always have the right to:
- Request an explanation of how a particular recommendation was generated.
- Request human review of any insight or recommendation.
- Express your point of view and contest the outcome.
To exercise these rights, contact info@cato.health.
13. Your Rights
Under UK data protection law (the UK GDPR and Data Protection Act 2018), you have the following rights regarding your personal data:
| Right | What This Means |
|---|---|
| Access | Request a copy of the personal data we hold about you. We will provide this within one month of your request. |
| Rectification | Ask us to correct any inaccurate or incomplete personal data. |
| Erasure | Request deletion of your personal data in certain circumstances (e.g., when data is no longer needed for the purpose it was collected, or you withdraw consent). |
| Restriction | Ask us to temporarily limit how we process your data (e.g., while we verify accuracy or assess an objection). |
| Data Portability | Request your data in a structured, commonly used, machine-readable format (e.g., JSON or CSV) so you can transfer it to another provider. |
| Objection | Object to processing based on legitimate interests or for direct marketing purposes. We will stop processing unless we have compelling legitimate grounds. |
| Withdraw Consent | Withdraw your consent for health data processing at any time. Note: this will prevent us from delivering the Service (see Section 5). |
| Automated Decisions | Request human review of decisions made through automated processing (see Section 12). |
| Complain | Lodge a complaint with the ICO if you believe your data protection rights have been violated. |
How to Exercise Your Rights
To exercise any of these rights, email info@cato.health. We will respond within one calendar month. If your request is complex or we receive a high volume of requests, we may extend this by a further two months, but we will inform you within the first month.
We will not charge a fee for most requests. However, if your request is manifestly unfounded or excessive (for example, if you make repetitive requests), we may charge a reasonable fee or refuse the request, in accordance with the UK GDPR.
We may need to verify your identity before processing your request, to protect the security of your personal data.
Right to Complain
If you are unhappy with how we have handled your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):
Website: ico.org.uk
Telephone: 0303 123 1113
Post: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
We would appreciate the opportunity to address your concerns before you contact the ICO, so please reach out to us first at info@cato.health.
14. International Data Transfers
Our operations are primarily based in the United Kingdom. However, some of our service providers may process personal data outside of the UK. Where this occurs, we ensure appropriate safeguards are in place, including:
- Transfers to countries that have received an adequacy decision from the UK Secretary of State, meaning they provide an equivalent level of data protection.
- Standard Contractual Clauses (SCCs) or the UK International Data Transfer Agreement (IDTA) approved by the ICO.
- Additional technical and organisational measures, such as encryption and pseudonymisation, where appropriate.
The following categories of service providers may process data outside the UK:
- Cloud infrastructure providers (data may be processed in the United States, the European Economic Area, or other regions).
- AI infrastructure providers (data may be processed in various countries).
You can request further details about the specific safeguards we have in place by contacting info@cato.health.
15. Cookies and Similar Technologies
We use cookies and similar technologies to enhance your experience, improve our Service, and understand how it is used. For detailed information about the specific cookies we use, their purposes, and how to control them, please see our Cookie Policy, available on our website.
16. Children's Privacy
Our Service is not directed to, and is not intended for use by, anyone under the age of 18. We do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a child, please contact us immediately at info@cato.health, and we will take steps to delete it promptly.
17. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our processing activities, legal requirements, or best practices.
- Minor changes: We will update the "Last Updated" date at the top of this policy and make the latest version available on our website and within our application.
- Significant changes: We will notify you via email and/or an in-app notification at least 30 days before the changes take effect. Where a change materially affects the processing of your health data, we will seek your renewed consent before implementing the change.
We encourage you to review this Privacy Policy periodically to stay informed about how we protect your data.
18. Contact Information
For any questions about this Privacy Policy or our data practices:
Data Protection Officer: info@cato.health
Post: Data Protection Officer, Cato Longevity Limited, 11A Fulham Park Road, London SW6 4LH
Information Commissioner's Office (ICO):
Website: ico.org.uk
Telephone: 0303 123 1113
We are committed to working with you to obtain a fair resolution of any complaint or concern about your privacy.