Privacy Notice
Last updated June 15, 2026
Introduction and scope
Your privacy matters to us at Zen+ Health. This Privacy Notice ("Notice") applies to the personal data collected by Zen+ Health when you interact with our website and services that link to this Notice ("Personal Data").
When we use the terms "Zen+ Health", "we", "us", or "our" in this Notice, we are referring to Zenplus Health Limited.
In the Notice, "you" means:
- a visitor to the https://zenplus.health/ and https://business.zenplus.health/ websites;
- user of our services through web or mobile applications including at https://app.zenplus.health/ ("Services"),
- sub-domains of the above, or any of our other websites or applications that link to this Notice or (collectively "Site(s)"), and
- individuals who interact with us through our social media channels or at events.
This Notice explains how we collect, receive, use and share your Personal Data. This Notice also describes your choices and rights concerning your Personal Data. Please read this Notice carefully to understand what we do with your Personal Data and what your rights are.
If you have entered into a separate agreement with us, such as a data processing agreement, that agreement shall control, and only those terms within this Notice that do not conflict with such separate agreement shall apply.
1. Information we collect
We collect Personal Data from you when you visit our Sites, download or use our Services, submit Personal Data to us through our Sites, request information or book a demo via our Sites, or otherwise interact with our social media channels or communicate with us (including by phone, email, video communication, or otherwise).
The types of your Personal Data we collect depends on the choices you make and the products and features you use, and may include the following categories:
- Contact information: First name, last name, email address, postal address and telephone number.
- Account information: Timezone, locale, language, working hours, employer and employment details such as title, and calendar information through the calendar you have connected to the Services.
- Health information: You may connect certain devices with our Services and submit certain health related information to the Services, such as: Heart Rate (BPM), Heart Rate Variability (HRV), Stress Score, Respiratory Rate, Step Count, Sleep. You may also provide us with the following health related information through the Sites: Mental Health Screening questionnaires, Wellness check-ins and Exercise feedback (ratings, duration, completion percentage).
- Marketing information: Details regarding informational and promotional materials you may have requested or received from us, the services in which you are interested, your receipt of promotional communications, and information on your marketing or communication preferences.
- Payment information: If you subscribe to our Services, details regarding your payment method. All payment data is handled and stored by Stripe, Google (Play) and Apple (App Store). You can find more information about their processing here: https://stripe.com/gb/privacy, https://policies.google.com/privacy?hl=en-US and https://www.apple.com/uk/legal/privacy/data/en/app-store/.
2. Information we collect automatically
As with most websites, when you visit our Sites, we automatically receive and collect information from your device. This information includes the following:
- Device Information: information about your device, such as the operating system, hardware, system version, the Internet Protocol (IP) address, device ID, and device language.
- Website Actions: specific actions that you take when you use our Sites, including but not limited to the pages and screens that you view or visit, search terms that you enter, how you interact with our Sites. Including, the time, frequency, connection, type, and duration of your use of our Sites.
- Communications: information regarding your interactions with email messages, for example whether you opened clicked on or forwarded the email.
- Cookies, Pixel and Web Beacons: please see Cookies, Pixels and Web Beacons section below.
3. How we use personal data
In general, we collect Personal Data from you so that we can operate our business, our Sites and Services, as well as provide information that you request from us. This includes the following uses and purposes:
- Provide, operate and maintain our Sites and Services.
- Provide you with technical and other support related to our Sites and Services.
- Communicate with you.
- Send you updates, marketing communication and information about Zen+ Health and our Services.
- Conduct research and analysis, monitor and analyse trends and usage of our Sites and Services.
- Enhance or improve user experience, our business, and our Sites and Services, including the safety and security thereof.
- Personalise our Sites to you by, for example, customising content that you see.
- Operate our business and perform any other function that we believe in good faith is necessary to protect the security or proper functioning of our Sites and our Services.
- Take action as necessary to comply with any applicable law, regulation, court order, legal process, or governmental request.
- Enforce our contracts and applicable terms, including investigation of potential violations thereof.
- Detect, prevent, or otherwise address fraud, security or technical issues.
- Protect against harm to the rights, property or safety Zen+ Health, our users, or the public as required or permitted by law.
4. Aggregate information
We may use anonymised or aggregated Personal Data which cannot be used to identify as an individual for our internal business purposes and development of the Sites and Services.
5. How we share personal data
- Service Providers: We use third parties to assist us with operating our business and providing our Sites and Services, such as our third-party technology vendors that help us maintain our Sites and Services, and partners that assist us with our marketing and communication.
- As Directed by You and With Your Consent: Except as otherwise provided in this Notice, we share information with companies, organisations or individuals outside of Zen+ Health only at your direction or when we have your consent to do so.
- Regulatory Disclosures and Legal Proceedings: We may share information with third-party companies, organisations, governmental authorities, or individuals if we have a good-faith belief that access, use, preservation or disclosure of the information is reasonably necessary.
- Sale or Merger: We may share information about you as part of a merger or acquisition. If Zen+ Health is involved in a merger, asset sale, financing, liquidation or bankruptcy, or acquisition of all or some portion of our business by another company, we may share your Personal Data with that company before and after the transaction closes. In such a case, unless permitted or otherwise directed by applicable law, your Personal Data would remain subject to the terms of the applicable privacy notice in effect at the time of such transfer.
6. Cookies, pixels and web beacons
Cookies are small text files that are placed on your hard drive by a web server when you access our Sites or Services. Cookies may either be first party cookies (placed by us) or third-party cookies (placed by third party vendors). You can learn more about cookies and how they work at www.allaboutcookies.org. Pixels and Web beacons are small pieces of code that are placed by third party vendors, on Sites or email for several purposes.
Zen+ Health uses cookies, pixels, web beacons and similar tools (collectively "Cookies"), to collect information about how people use our Sites and improve visitors' experience. Cookies are used for more than advertising and analytics, they also provide our Sites with necessary, functional, and performance duties.
You can manage your Cookie preferences through the cookie manager on our Site. If you do not accept certain Cookies your website or browsing experience may be affected. At the present time our Sites do not respond to "Do Not Track" signals or similar mechanisms.
7. Lawful bases
We will only collect and process Personal Data about you where we have a lawful basis to do so. Our lawful bases include consent (where you have given consent), contract (where processing is necessary for the performance of a contract with you) and our legitimate interests, including improving our Sites. Where we rely on your consent to process Personal Data, you have the right to withdraw or decline your consent at any time and, where we rely on legitimate interests, you have the right to object.
For processing of your health information which constitutes special categories of personal data, we seek your explicit consent. You provide us with your consent when you connect your device to our Services or upload your health information to the Sites. You have the ability to withdraw your consent by disconnecting the device and deleting your health information on your Services account at any time.
If you have any questions about the lawful bases we use to collect and process your Personal Data, please contact our Data Protection Officer as listed at the end of this Notice.
8. Your rights and privacy choices
Depending on your jurisdiction you may have the right to:
- To know if we are collecting, using or sharing your information and to request access to this information.
- To request that we correct your information if it is inaccurate or incomplete.
- To ask us to erase your information if
- Your information is no longer necessary for the purposes for which it was collected, used or shared.
- You withdraw the consent on which the collection, use or sharing is based.
- You object to the collection, use or sharing and there is no overriding legitimate interest for continuing the collection, use or sharing.
- You object to the collection, use or sharing of your information for direct marketing purposes.
- Your information was unlawfully collected, used or shared.
- Your information has to be erased in order to comply with a legal obligation.
- Your information was collected in order to offer online services to children.
- To obtain from us a restriction on the collection, use or sharing of your information if
- You contest the accuracy of your information.
- You have objected to the collection, use or sharing based on legitimate interest and we are considering whether our or a third party's legitimate interest ground overrides your interest.
- The collection, use or sharing is unlawful, and you oppose erasure and request the use be restricted instead.
- We no longer need your information, but you require your information to establish, exercise or defend a legal claim.
- To be able to take with you the information you provided to us and to transmit that information to another organisation where our collection, use or sharing of that information is carried out by automated means and is based on your consent or the performance of a contract.
- To object to collection, use or sharing based on the purposes of legitimate interest or performance of a legal task, direct marketing and scientific/historical research and statistics.
- Not to be subject to a decision based solely on automated processing (including profiling) which produces legal effects concerning you or similarly significantly affects you.
- To lodge a complaint with the UK Information Commissioner or your relevant supervisory authority.
You exercise your rights by emailing us at dpo@zenplus.health. Please note that in some cases we may retain certain information about you as required by law or for legitimate business purposes to the extent permitted by law.
You can opt out of our marketing communications at any time, and you have the right to be removed from our email list at any time, using the opt-out link provided in our outreach. If you opt-out, we may still send you non-promotional communications, such as those about your account or about our ongoing business relations. Zen+ Health does not endorse or take responsibility for content on other websites accessed from links on our Sites.
9. International transfer
If you decide to use our Sites or Services, or share your Personal Data with us, please note that your Personal Data may be transferred across international borders to third countries outside of the country in which you are located. To ensure adequate protection for your information, we enter into data processing agreements with our suppliers, including the ones who process your Personal Data outside of the country in which you are located, including but not limited to the UK or an EU member state. When necessary, we also utilize approved transfer mechanism (such as adequacy decisions, UK International Data Transfer Addendum or standard contractual clauses) for the transfer of Personal Data and will make details of the transfer mechanisms available upon request.
10. Children
Our Sites and Services are not directed at children under age 18, and we do not knowingly collect information from children under age 18. If you are under age 18, please do not attempt to use our Sites or Services or send any information about yourself to us. If you are the parent of a child under the age of 18, and you believe he or she has shared information with us, please contact us at dpo@zenplus.health so that we can remove such information from our systems.
11. Security of your information
We use reasonable security measures, including measures designed to protect against unauthorized or unlawful processing and against accidental loss, destruction or damage to your Personal Data. We also take certain measures to enhance the security of our Sites and Services. However, since the Internet is not a 100% secure environment, we cannot guarantee, ensure, or warrant the security of any information you transmit to us. There is no guarantee that information may not be accessed, disclosed, altered, or destroyed by breach of any of our physical, technical, or managerial safeguards. It is your responsibility to protect the security of your account login information.
12. Retention of personal data
We retain your Personal Data for as long as necessary to fulfil the purposes for which it was collected, as described in this Notice, and to operate our business, or until you withdraw your consent. Where Personal Data is no longer required or you have withdrawn your consent, we will delete, anonymise, or aggregate the Personal Data.
Upon deletion of your Services account, or upon expiry or termination of your subscription, we will delete your account and related Personal Data within ninety (90) days of the date of termination or expiration, except to the extent that retention is required by law or necessary for the exercise or defence of legal claims.
13. Third party websites and services
Our Sites may contain links to other websites and services operated by third parties. These third-party websites and services may collect information about you if you click on a link or visit those websites or services, and may automatically record information about your browsing behaviour. Your interactions with these features and third parties are governed by the privacy notice of the third party, not by this Notice.
14. Changes to this notice
We may make changes to this Notice from time to time. When we do, we will post the updated version on this page. We encourage you to read this page each time that you use our Sites or Services so that you will be aware of any changes, and your continued use shall constitute your acceptance of any such changes. Changes to this Notice take effect from the date of publication, unless stated otherwise.
15. Contact us
For the purposes of this Notice, the Data Controller is Zenplus Health Limited. If you have any comments, questions, concerns, or suggestions about Notice, or about our privacy practices in general, please contact us at dpo@zenplus.health.
We can be reached at dpo@zenplus.health or by mail at:
Zenplus Health Limited
Attn: Data Protection Officer
Trees, Bowden Green
Reading, Berkshire RG8 8JL
England