Privacy Policy

Who We Are
Data We Collect
How We Use Your Data
Legal Basis for Processing
Data Storage and Security
Data Sharing
Your Rights
Cookies and Tracking
UK GDPR Compliance
NHS Data Security Alignment
Children's Privacy
International Data Transfers
Changes to This Policy
Contact Us

1. Who We Are

MARKABLE is a general wellness monitoring platform developed by MARKABLE Ltd., registered in Israel. We provide non-invasive hormonal wellness insights through facial analysis, cognitive testing, and symptom tracking. MARKABLE is not a medical device and does not diagnose, treat, cure, or prevent any disease or condition.

For the purposes of UK data protection law, MARKABLE Ltd. is the data controller responsible for your personal information.

2. Data We Collect

2.1 Facial Image Data

When you perform a wellness check, we capture a facial photograph using your device's camera. This image is processed in real-time by our computer vision algorithms to extract numerical wellness indicators. Original photographs are not stored on our servers unless you explicitly opt in to photo storage. The numerical data derived from your image is retained as part of your wellness profile.

2.2 Cognitive Performance Data

Our wellness check includes brief cognitive exercises (such as reaction time, digit span, word recall, and sustained attention tasks). We collect your performance results, response times, and accuracy scores.

2.3 Symptom and Self-Report Data

You may provide information about your symptoms across multiple wellness domains including sleep, mood, energy, urogenital health, musculoskeletal comfort, and others.

2.4 Account and Profile Data

When you create an account, we collect your name, email address, date of birth, and relevant demographic information necessary for accurate wellness assessment.

2.5 Device and Usage Data

We automatically collect technical information including device type, operating system, browser type, IP address, and interaction patterns within the application.

3. How We Use Your Data

Wellness Assessment: To generate your personal hormonal wellness insights and track changes over time.
Clinician Reports: When you choose to share your data with a GP or healthcare professional, we generate structured reports summarising your wellness trends.
Product Improvement: Aggregated, de-identified data may be used to improve our algorithms and service quality.
Research: With your explicit consent, de-identified data may contribute to wellness research. You can opt out at any time.
Communication: To send you wellness check reminders, results, product updates, and support messages.
Compliance: To comply with legal obligations and respond to lawful requests from authorities.

4. Legal Basis for Processing

We process your personal data based on one or more of the following legal grounds under UK GDPR:

Consent (Article 6(1)(a) and Article 9(2)(a)): You provide explicit consent when creating your account and performing wellness checks. For facial image processing and health-related data, we rely on your explicit, informed consent.
Contract Performance (Article 6(1)(b)): Processing necessary to deliver the wellness monitoring service you have requested.
Legitimate Interest (Article 6(1)(f)): For product improvement, security, and fraud prevention, where such interests do not override your rights.
Legal Obligation (Article 6(1)(c)): Where required by applicable UK law.

5. Data Storage and Security

Encryption: All data is encrypted in transit (TLS 1.2+) and at rest (AES-256).
Image Processing: Facial photographs are processed in real-time and converted to numerical feature data. Original images are not stored unless you opt in.
Access Controls: Strict role-based access controls limit who can access personal data within our organisation.
Data Retention: We retain your personal data for as long as your account is active or as needed to provide services. You may request deletion at any time (see Section 7).
Incident Response: We maintain procedures to detect, report, and respond to data breaches in accordance with UK GDPR (notification to the ICO within 72 hours where required).

We do not sell your personal data. We share data only in the following circumstances:

With Your GP or Healthcare Professional: Only when you explicitly choose to share a report with a specific clinician.
With Your Employer's Wellness Programme: Only in aggregated, de-identified form. Your employer never receives individual-level data.
Service Providers: We use carefully selected third-party service providers (cloud hosting, analytics) who are contractually bound to protect your data.
Legal Requirements: When required by UK law, regulation, or valid legal process.
Business Transfers: In connection with a merger, acquisition, or sale of assets, your data may be transferred. We will notify you before your data becomes subject to a different privacy policy.

Key commitment: MARKABLE will never share your individual facial images, cognitive scores, or symptom data with your employer, insurer, or any third party without your explicit, informed consent.

7. Your Rights

Under UK GDPR and the Data Protection Act 2018, you have the following rights:

Access (Article 15): Request a copy of the personal data we hold about you.
Correction (Article 16): Request correction of inaccurate or incomplete data.
Deletion (Article 17): Request that we delete your personal data. Upon request, we will delete your account and associated data within 30 days, except where retention is required by law.
Data Portability (Article 20): Receive your data in a structured, commonly used, machine-readable format (JSON or CSV).
Restriction (Article 18): Request that we restrict processing of your data under certain circumstances.
Objection (Article 21): Object to processing based on legitimate interests.
Withdraw Consent: Withdraw your consent at any time. This does not affect the lawfulness of processing before withdrawal.

To exercise any of these rights, contact us at revital@markable.life. We will respond within 30 days. If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

8. Cookies and Tracking

Essential Cookies: Required for the application to function (session management, authentication).
Analytics Cookies: We use Google Analytics to understand how visitors interact with our website. You can opt out using Google's browser opt-out plugin.
Preference Cookies: To remember your settings and preferences.

9. UK GDPR Compliance

For users in the United Kingdom, we comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This includes:

Processing health-related and biometric data only with your explicit consent
Maintaining records of processing activities
Conducting data protection impact assessments for high-risk processing
Providing clear mechanisms for exercising your data subject rights
Implementing appropriate safeguards for international data transfers

The UK supervisory authority is the Information Commissioner's Office (ICO). If you believe your data protection rights have been violated, you have the right to lodge a complaint with the ICO.

10. NHS Data Security Alignment

While MARKABLE is a general wellness tool and not a covered entity under NHS data security frameworks, we voluntarily align our data handling practices with the NHS Data Security and Protection Toolkit standards. This includes:

Encryption of all health-related data in transit and at rest
Strict access controls and audit logging
Data processing agreements with third-party service providers who handle health-related data
Regular security assessments
Breach notification procedures

11. Children's Privacy

MARKABLE is designed for adults aged 18 and older. We do not knowingly collect personal data from children under 18. If we become aware that we have collected data from a child under 18, we will take steps to delete that information promptly.

12. International Data Transfers

MARKABLE operates from Israel, which has been recognised by the European Commission as providing an adequate level of data protection. The UK has also recognised Israel as adequate for data transfers under the UK GDPR adequacy framework. When we transfer data to other jurisdictions, we ensure appropriate safeguards are in place, including standard contractual clauses where required.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or through a prominent notice in our application at least 30 days before the changes take effect.

14. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights, please contact us:

MARKABLE Ltd.
Email: revital@markable.life
Website: markable.life

UK Supervisory Authority: Information Commissioner's Office (ICO)

Contents