Privacy policy

Last updated: July 2025

MYOFORM

Privacy Policy

Legal entity: Wiley Nutrition Limited (trading as Myoform)

Wiley Nutrition Limited ("Myoform", "we", "us", "our") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, share, and protect your information when you visit or use Myoform.io and the Myoform app.

This policy applies alongside any other privacy or fair processing notices we may provide on specific occasions. Our services are not intended for children, and we do not knowingly collect data relating to children except where a parent or legal guardian provides it.


1. Who We Are

Wiley Nutrition Limited is the data controller responsible for your personal data. We are registered in England and Wales (Companies House: 12595005).


Data Privacy Contact: Sacha Attiach

Email: support@myoform.io

Address: 16C Juno Enterprise Centre, Surrey Canal Road, London SE14 5RW, United Kingdom


You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues (ico.org.uk). EU residents may contact their local Data Protection Authority. US residents may have rights under applicable state privacy laws and, where relevant, HIPAA. We would, however, appreciate the opportunity to address your concerns before you contact a regulator — please reach out to us first.


2. Changes to This Policy

We may update this policy from time to time. Material changes will be communicated where required by applicable law. The current version will always be available at myoform.io/privacy-policy. Continued use of our services following an update constitutes acceptance of the revised policy.

If your personal information changes at any time, please notify us so we can keep your records accurate.


3. Data We Collect

We collect personal data directly from you (via forms, questionnaires, and account creation) and automatically (via cookies and analytics tools).


Identity Data

Name, date of birth, place of residence, gender, and username.

Contact Data

Email address, telephone number, and delivery address.

Profile Data

Login credentials, survey responses, health quiz answers, preferences, and feedback.

Transaction Data

Details of products purchased, payment records, and order history.

Marketing & Communications Data

Your preferences regarding receiving marketing from us and your communication settings.

Technical Data

IP address, browser type and version, device identifiers, time zone, operating system, and other technology identifiers from devices you use to access our services.

Usage Data

Information about how you use our website and app, including pages visited and features accessed.

Special Category Data

We may collect health data, genetic testing data, ethnicity, and related insights only with your explicit consent. This category of data is afforded the highest level of protection under applicable law. Please refer to Section 4 for full details on how we handle genetic and health data.

Aggregated Data

We may use aggregated and anonymised data derived from our users’ inputs — including genetic, health, and lifestyle data — for internal research purposes and to enhance the quality, accuracy, and personalisation of the insights and recommendations we provide. This data is processed in a form that cannot identify any individual and does not constitute personal data for the purposes of data protection law. It is not sold to third parties, shared for commercial purposes, or used in any way that would allow a user to be re-identified. This research use is separate from and does not affect your individual data rights set out in Section 12.


4. Genetic & Health Data

Genetic and health data is central to the Myoform service and is treated with the highest level of care. This section sets out specifically how we collect, use, and protect this data.


What we collect

Depending on the services you use, we may collect:

  • Results from genetic tests conducted via our partnered laboratory network

  • Genetic data you choose to upload from third-party testing services

  • Health information you voluntarily provide through our questionnaire and app

  • Nutrition and fitness insights generated from your genetic and health data


Legal basis

We process genetic and health data only on the basis of your explicit consent (UK GDPR Article 9(2)(a); EU GDPR Article 9(2)(a)). You may withdraw your consent at any time by contacting support@myoform.io. Withdrawal of consent does not affect the lawfulness of processing carried out before withdrawal.


How we use it

Your genetic and health data is used solely to:

  • Generate your personalised supplement formulation

  • Provide health and performance insights via the Myoform app

  • Improve the accuracy and relevance of our recommendations over time (with your consent)


Sharing

Your genetic data is shared only with the certified laboratory network required to process your sample. It is not shared with research partners, advertisers, or any other third party without your explicit consent.


Retention

Your genetic data is retained only for as long as you maintain an active Myoform account and have provided consent for its retention. Upon account closure or withdrawal of consent, we will delete or anonymise your genetic data within a reasonable period, subject to any legal retention obligations.


HIPAA compliance (US users)

For US users whose data may qualify as Protected Health Information (PHI) under the Health Insurance Portability and Accountability Act (HIPAA), we apply the following safeguards:

  • Administrative, technical, and physical security measures

  • Encryption of data in transit and at rest

  • Access restricted to authorised personnel only

  • Policies and procedures to prevent unauthorised use or disclosure


Where HIPAA applies, you have the right to access your PHI, request corrections, request limits on disclosure, obtain an accounting of disclosures, and receive a copy of our HIPAA notice. To exercise these rights, contact support@myoform.io.


5. How We Use Your Data

We use your personal data to:

  • Provide personalised nutrition and supplement recommendations

  • Fulfil and deliver your product orders

  • Manage your account and provide customer support

  • Operate, maintain, and improve our website and app

  • Communicate with you about your orders, account, and (where consented) marketing

  • Conduct analytics and product research

  • Comply with legal and regulatory obligations


We only process your data where we have a lawful basis to do so, including: your consent, performance of a contract with you, compliance with a legal obligation, or our legitimate interests (where these are not overridden by your rights).


6. Marketing

We may send you marketing communications about our products and services where you have opted in or where we have a legitimate interest in doing so.

You can opt out of marketing at any time by clicking the unsubscribe link in any email, or by contacting support@myoform.io. Opting out of marketing does not affect transactional communications related to your orders or account.


7. Data Sharing

We may share your personal data with the following categories of third parties:

  • Service providers: including certified laboratories, payment processors, cloud infrastructure providers, courier services, and analytics platforms — all of whom are contractually required to protect your data

  • Shopify: which powers our e-commerce platform and processes transaction and account data on our behalf

  • Regulatory and legal authorities: where required by law, court order, or to protect our legal rights

  • Research partners: only with your explicit prior consent


We do not sell your personal data to third parties.


8. International Data Transfers

Your data may be transferred to and processed in countries outside the UK, EU, or USA where our service providers operate. When this occurs, we ensure appropriate safeguards are in place, including:

  • UK International Data Transfer Agreements (IDTAs) or EU Standard Contractual Clauses (SCCs)

  • Binding Corporate Rules (BCRs)

  • Transfers to countries with an adequacy decision

  • Your explicit consent where required


For more information about international transfers, contact support@myoform.io.


9. Cookies & Tracking

We use cookies and similar tracking technologies to improve website functionality, understand usage, and (where consented) deliver relevant advertising.


Types of cookies we use

Essential cookies

Required for the website and app to function correctly. These cannot be disabled.

Analytics cookies

Help us understand how visitors interact with our services (e.g., pages visited, time on site). Used to improve performance.

Marketing cookies

Used for personalised advertising. Only deployed with your explicit consent.

Functional cookies

Improve your experience by remembering preferences such as language settings.


Managing cookies

You can adjust cookie preferences via our cookie banner, disable cookies in your browser settings, or delete stored cookies at any time. Note that disabling certain cookies may affect website functionality.


10. Data Security

We implement industry-standard security measures including encryption in transit and at rest, access controls, and regular security assessments to protect your personal data.

Genetic and health data is subject to additional technical and organisational safeguards given its sensitive nature.

Despite these measures, no system is entirely secure and we cannot guarantee absolute protection. In the event of a data breach affecting your rights, we will notify you and relevant authorities as required by law.


11. Data Retention

We retain your personal data only for as long as necessary for the purposes set out in this policy, including:

  • Providing our services to you

  • Complying with legal, tax, and regulatory obligations

  • Resolving disputes and enforcing agreements


Genetic data is retained only with your ongoing explicit consent and deleted upon account closure or consent withdrawal, subject to any legal retention requirements.

Different retention periods apply to different categories of data. To request information about specific retention periods, contact support@myoform.io.


12. Your Rights

UK and EU (GDPR) rights

You have the right to:

  • Access — request a copy of your personal data

  • Rectification — request correction of inaccurate or incomplete data

  • Erasure — request deletion of your data in certain circumstances

  • Restriction — request we limit processing in certain circumstances

  • Portability — receive your data in a structured, machine-readable format

  • Object — object to processing based on legitimate interests

  • Withdraw consent — at any time where processing is based on consent


US state law rights (e.g. CCPA/CPRA)

California and other US state residents may have the right to:

  • Know what personal data we collect and how it is used

  • Delete your personal data

  • Correct inaccurate personal data

  • Opt out of the sale or sharing of your data (we do not sell personal data)

  • Non-discrimination for exercising your privacy rights


To exercise any of the above rights, contact us at support@myoform.io. We will respond within the timeframe required by applicable law (typically 30 days under GDPR; 45 days under CCPA).


13. Third-Party Links

Our website and app may contain links to third-party websites and services. We do not control these services and are not responsible for their privacy practices. We encourage you to read the privacy notices of any third-party services you access.


14. Contact & Complaints

For any questions about this policy, your personal data, or to exercise your rights, contact:


Myoform (Wiley Nutrition Limited)

Email: support@myoform.io

Phone: +44 7822 032370

Address: 16C Juno Enterprise Centre, Surrey Canal Road, London SE14 5RW, United Kingdom


If you are unsatisfied with our response, you have the right to lodge a complaint with:

  • The Information Commissioner's Office (ICO): ico.org.uk — for UK residents

  • Your local Data Protection Authority — for EU residents

  • Your state Attorney General or relevant authority — for US residents