Privacy Policy
1. Who We Are
We are Circular Health Ltd, an Irish company committed to helping individuals navigate complex chronic illnesses such as Long COVID, ME/CFS, POTS, and MCAS. This Privacy Policy outlines how we collect, use, and protect your personal data when you visit our website, join our waitlist, or use our app — in accordance with the General Data Protection Regulation (GDPR) and other applicable privacy laws.
2. What Data We Collect
📝 When You Join the Waitlist
When you sign up for early access via our waitlist (hosted on Typeform), we collect:
- Email address
- Self-reported experience managing your illness
- Your biggest current challenge (optional)
- Whether you'd like to join as an early beta tester
Some of this information may be considered health-related data under GDPR. We treat it with enhanced care and process it only with your explicit consent.
🌐 When You Visit Our Website
We collect basic analytics and performance data, including:
- IP address
- Browser and device type
- Pages visited and time spent
This information is collected through PostHog and Vercel Analytics to help us understand user behavior and improve our website. No invasive cookies or marketing trackers are used.
👤 When You Use the App (In the Future)
When our app is live and you create an account, we may collect:
- Name
- email
- password
- Information you choose to share about your health journey
- App usage and engagement data
We will ask for clear consent before collecting any sensitive health information and will provide additional details at that time.
3. How We Use Your Data
We process your data to:
Contract – when you sign up for the app, we use your data to deliver the service
Communicate product updates and send early access invitations
Analyze anonymous insights to guide product development
Improve website experience and platform functionality
Provide personalized support within the app (once launched)
We do not: Sell or rent your personal data Use your information for third-party marketing Share your identifiable health data without your consent
4. Legal Basis for Processing
We rely on the following legal bases under GDPR:
Explicit consent – for collecting and processing your waitlist and health-related responses
Legitimate interest – to improve our product and understand user needs
Contract – when you sign up for the app, we use your data to deliver the service
You may withdraw consent at any time by contacting us at paddy@joincircular.com.
5. How and Where Data Is Stored
We take strong steps to protect your data and store it using secure, privacy-focused tools:
TypeformFor waitlist submissions
PostHog and Vercel Analytics
Google Workspace for internal communications
NotionFor anonymized research notes only
Folk.app for storing emails for direct communication about product updates
We do not store identifiable health-related data in Notion or Google Workspace.
We take the protection of your personal information seriously. Our infrastructure is designed to meet modern industry standards for data security. While no system can guarantee complete security, we implement safeguards intended to reduce risk and support the confidentiality, integrity and availability of your data.
6. Who Can Access Your Data
Your data is accessible only to authorized members of the Circular Health team. Where third-party services are used (e.g., analytics or form tools), we ensure they meet strong privacy and security standards, and we sign Data Processing Agreements (DPAs) or Business Associate Agreements (BAAs) where appropriate.
7. Your Rights Under GDPR.
Access your personal dataRequest a copy of all data we hold about youCorrect inaccurate or incomplete dataUpdate your information at any timeWithdraw consent at any timeOpt out of data processing based on consentRequest deletion of your personal dataExercise your "right to be forgotten"Object to or restrict data processingLimit how we use your dataLodge a complaintContact your local Data Protection Authority
To exercise your rights, contact us at: paddy@joincircular.com
8. Data Retention
Waitlist dataStored for up to 12 months or until product invitations are sent
Analytics dataRetained for up to 12 months in anonymized or aggregated form
App account dataWill be stored as long as your account is active (subject to app-specific data retention policy at launch)
9. Future Updates
We may update this Privacy Policy as our services evolve. If we make significant changes, we will notify users via email or on our website, and seek renewed consent if required.
Children's Privacy (COPPA Compliance)
Our services are not directed to children under the age of 13, and we do not knowingly collect personal information from anyone under 13 years old. If you are a parent or guardian and believe that your child has provided us with personal information, please contact us at dpo@joincircular.com. If we become aware that we have collected data from a child under 13 without verified parental consent, we will take steps to delete that information promptly.
10. Contact Us
For questions or concerns about this Privacy Policy:
Circular Health Ltd dpo@joincircular.com
📍Registered in Ireland
(Full company details available upon request)
