Privacy Policy

Effective Date: December 15, 2025


1. Introduction: Our Commitment to Your Privacy

At Epic Life, we're committed to transparency and clarity, especially in how we handle your personal information. We understand that trusting a company with your data is a significant consideration - particularly when it comes to health and wellness. This policy explains, in plain English, exactly how we use any personal information you provide through our website, mobile application, and other services (collectively our “Service”).

Our promises to you:

• We will never sell your personal data to anyone

• We will always be clear about how we use your data

• We will only keep your data for as long as we need it

• We will use industry-standard security to protect your information

• We will make it easy for you to access your data

• We will respond quickly to any questions or concerns you have

• If we ever need to change how we use your data, we'll tell you first and ensure you're happy with the changes

We want you to feel confident about sharing your information with us, so we've made this policy as clear and straightforward as possible. If anything isn't clear, please do ask us - we're here to help.

Epic Life ("Epic Life," "we," "us," or "our") is a brand name of trading entity Ampk Labs Limited, a company registered in England under company number 15491223 with registered office at Preston Park House South Road Brighton East Sussex BN1 6SB.

2. Summary of Key Points

• What we collect: Account details, service usage, and your interactions with our AI Health Intelligence Companion. Additionally, we collect specific health metrics from the data sources applicable to your service (e.g., blood tests, connected devices, or other health inputs).

• How we use it: To power the AI Health Intelligence Companion, which analyses your available health data to provide personalised insights, and to improve our service and communicate with you.

• How we protect it: We use encryption, access controls, and industry-standard security practices to keep your data safe.

• Who we share with: Only trusted service providers who help us deliver our service, and never for third-party marketing purposes or training third party AI models.

• Your data, your control: You can access, correct, or delete your data at any time by contacting us at privacy@epiclife.com.

• Special category data: We process health data with your explicit consent to provide our core services.

• Your data rights: You have several rights under UK data protection law, including access, correction, deletion, and data portability.

3. What Information We Collect

We collect only what we need to provide and improve our Service. Depending on the specific plan you purchase or features you enable, this may include:

Account Information

• Name and contact details (email address, phone number, home address)

• Password and login information

• Age, gender, height, weight and other physiological data

• Health conditions, medications and medical history that you choose to share

• Health goals and preferences

Health and Wellness Data (As Applicable)

• Blood biomarker test results

• Data from connected devices or integrations (including activity levels, sleep patterns, heart rate, and other metrics from wearables, where applicable to your subscription)

• Calculated health scores and metrics

• Any additional health data you choose to manually log or upload

AI Health Intelligence Companion Interactions

• Conversations between you and our AI Health Intelligence Companion

• Questions you ask the AI Health Intelligence Companion

• Recommendations and insights generated for you

• Your feedback on recommendations and insights

• Frequency and patterns of your AI Health Intelligence Companion

Service Usage Information

• How you interact with our application

• Features you use and content you access

• Time spent using the Service

• Technical information about your device and internet connection

Communications

• Customer service interactions

• Feedback and survey responses

• Messages sent through our platform

4. How We Use Your Information

We use your personal information to:

Provide Our Core Services

• Create and manage your account (Member Account Management)

• Process and analyse health data inputs applicable to your service (including blood biomarkers and connected device data) (Health Data Integration and Processing)

• Calculate health scores and metrics based on your active data integrations (Health Score Calculation)

• Generate personalised health insights and visualisations (Data visualisation and Insights)

• Power our AI Health Intelligence Companion to provide context-aware responses and coaching (AI Health Agent Operation)

Improve Our Service

• Fix bugs and improve performance

• Understand how members use our Service to develop new features (Analytics and Service Improvement)

• Train and refine our machine learning models (Machine Learning Model Development)

Research and Development

• If you consent, use anonymised data for health and wellness research

Communication and Support

• Respond to your questions and concerns

• Send updates about Epic Life

• Send marketing communications (which you can opt out of at any time)

Legal and Regulatory Compliance

• Meet our legal obligations

5. Third-Party AI Models

No Training of Third-Party Models

We want to be absolutely clear: your personal health and wellness data will not be used to train third-party AI models. When we use third-party AI infrastructure (such as enterprise-grade foundation models), we ensure that our agreements with these providers explicitly prohibit the use of your data for training their general models.

This means your sensitive health information, conversations with our AI Health Intelligence Companion, and data from any connected sources remain protected. They are used solely to generate insights for you and are never ingested into a provider’s public knowledge base or model training sets.

6. Legal Basis for Processing

We process your personal data on the following legal bases:

Performance of Contract

The primary basis for our processing of your personal data is that it's necessary for the performance of our contract with you - to provide the Epic Life Service you've signed up for. This includes:

• Core account management and security;

• Processing and analysing the health data inputs included in your service (e.g., blood biomarkers or data from connected devices, where applicable);

• Delivering personalised insights and visualisations;

• Operating the AI Health Intelligence Companion to support your health goals.

Explicit Consent for Health Data

As health data is considered special category data under UK data protection laws, we rely on your explicit consent to process this information. This applies to all health metrics you provide or allow us to access via integrations.This consent is freely given and can be withdrawn at any time by contacting privacy@epiclife.com.

Important note: The processing of your health data is essential to our Service. Without this data, we cannot provide our personalised health insights or recommendations. If you withdraw consent, we will no longer be able to provide the Service to you, and this will likely result in termination of your Plan.

Legitimate Interests

We process some data based on our legitimate interests, such as improving and securing our Service, developing new features, training our internal models, and marketing our services to existing members.

7. Our Commitment to Data Protection

Epic Life (Ampk Labs Limited) is registered with the Information Commissioner's Office (ICO) with registration number ZB790117. Epic Life operates under UK data protection law and processes your data in accordance with the UK GDPR and Data Protection Act 2018.

As the data controller, we are responsible for ensuring that all personal data processing activities comply with these regulations. Given the sensitive nature of the health data we process, we take data protection extremely seriously. We have implemented comprehensive risk assessment processes that:

• Identify and minimise data protection risks across all potential data sources

• Ensure we only collect data that is necessary to deliver the specific services and features included in your service

• Establish appropriate safeguards for special category health data, regardless of how it is ingested (e.g., via lab processing or digital integrations);

• Document our compliance with data protection principles

We regularly review and update our data protection measures to reflect changes in our processing activities or regulatory requirements.

8. How We Keep Your Information Secure

We take appropriate technical and organisational measures to secure your information:

• Encryption of data in transit (including data received from external integrations) and at rest

• Robust access controls and authentication requirements

• Security vetting of third-party integrations and data partners

• Regular security assessments and monitoring

• Staff training on data protection and security

• Industry-standard hosting infrastructure with advanced security features

• Strict data access policies within our organisation

• Incident response procedures and data breach notification protocols

However, no method of electronic transmission or storage is 100% secure. While we strive to protect your personal information using commercially acceptable means, we cannot guarantee its absolute security.

9. How Long We Keep Your Information

We retain your information only as long as necessary for the purposes for which it was collected, or as required by law::

• Account information: For the duration of your Plan plus up to 18 months after termination (to facilitate account reactivation if requested)

• Health and wellness data (including blood test results and fitness tracker data, where applicable): For a rolling 36-month period to enable long-term trend analysis and provide meaningful insights about your health progress

• Service usage information, AI messaging data and analytics data: For a rolling 36-month period to support service improvements, troubleshooting and model refinement

• Communications: For up to 6 years from the date of communication to support customer service inquiries and comply with legal requirements related to contractual claims (statutes of limitation).

10.   Who Has Access to Your Data

We restrict access to your data based on role and necessity:

• Customer support team: Can access your account information and relevant health data only to provide assistance and resolve technical issues with your active services

• Development team: Has limited access to technical logs and de-identified health information for system maintenance, integration stability, and feature improvement.

• AI and Data science team: Can access aggregated or de-identified data for model training and service improvement

11.   Who We Share Your Information With

We do not sell your personal data. We may share your information with:

Service Providers and Third Parties

• Cloud hosting and infrastructure providers: (e.g., enterprise-grade platforms such as Google Cloud) to securely store and process your data.

• Laboratory and diagnostic partners: (For processing samples and test results, where included in your service).

• Data integration partners: (To facilitate connections with third-party devices, wearables, or apps, only if you choose to enable these integrations).

• Analytics and machine learning infrastructure: (To power our AI and service improvements).

• Communication service providers: (For email, SMS, and in-app messaging).

• Payment processors: (To securely handle your payments).

• Professional advisors: (Such as lawyers, auditors, or insurers, when necessary).

All our service providers are bound by strict data processing agreements and will only process your data according to our instructions. While we carefully select these partners and require appropriate security measures through our agreements, these third parties use their own systems and security protocols to process your data. 

Note on Diagnostic Services: For laboratory or diagnostic testing specifically, we necessarily share personal details such as your name, date of birth, address, and test requests to facilitate sample collection and processing.

12.   Your Rights

Under UK data protection law, you have several rights regarding your personal data:

• Access: Request copies of your personal data we hold

• Rectification: Ask us to correct inaccurate information

• Erasure: Request deletion of your data in certain circumstances

• Restriction: Ask us to limit how we use your data temporarily

• Portability: Request your data in a machine-readable format

• Objection: Object to processing based on legitimate interests or for direct marketing

• Withdraw Consent: You have the right to withdraw your consent for health data processing at any time. Please note: Because this data is required to provide our core services, withdrawing consent will prevent us from delivering the service and will result in the termination of your service.

• Automated decisions: Contest decisions made solely by automated means

To exercise any of these rights, email privacy@epiclife.com. We'll respond within one month. If you're unhappy with our response, you can complain to the Information Commissioner's Office at ico.org.uk.

13.   International Transfers

Our operations are based in the UK. However, some of our service providers may process personal information outside of the UK/EEA. When this occurs, we ensure appropriate safeguards are in place, including:

• Using Standard Contractual Clauses approved by the UK Information Commissioner's Office

• Ensuring service providers are located in countries with adequate data protection as determined by the UK

• Implementing additional technical and organisational measures as required

14.   Cookies and Similar Technologies

We use cookies and similar technologies to enhance your experience, improve our Service, and understand how it is used. For detailed information about the specific cookies we use, their purposes, and how to control them, please see our Cookie Policy.

15.   Children's Privacy

Our Service is not directed to children under the age of 18, and we do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a child, please contact us immediately.

16.   Changes to This Privacy Policy

We may update this privacy policy from time to time to reflect changes in our practices or for legal, operational, or regulatory reasons. The latest version will always be available on our website and within our application. Substantial changes will be notified to you via email.

17.   Getting in Touch

For any questions about this privacy policy or our privacy practices:

Email: privacy@epiclife.com Post: Epic Life, Salisbury House, 29 Finsbury Circus, London, EC2M 5SQ

If you have any concerns about how we handle your personal data, you have the right to make a complaint to the Information Commissioner's Office (ICO).

We are committed to working with you to obtain a fair resolution of any complaint or concern about privacy.