Privacy Policy

Astra Castra Ltd trading as PARTICULAR (“PARTICULAR”, “we”, “us”) is the data controller for personal data collected through particular.health. Registered address: 128 City Road, London EC1V 2NX. We are committed to protecting your privacy in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Contact us with privacy questions at hello@particular.health.

We use your personal data to:

• Generate and deliver your personalised supplement formula
• Process payments and manage your subscription
• Send order confirmations and delivery updates (transactional email only)
• Maintain your account and formula history so you can re-order
• Comply with legal obligations (e.g. fraud prevention, financial records)

Marketing: We will only contact you about offers or new products if you have given explicit consent. You can withdraw consent at any time by emailing us.

Contract — processing your order and delivering your formula.
Legitimate interests — fraud prevention, service improvement, security.
Consent — marketing communications; cookies (where required).
Legal obligation — financial records, regulatory compliance.

We share data with the following processors only to the extent necessary to deliver our service:

We do not sell your personal data to any third party.

We retain your account and formula data for as long as your account is active, plus 6 years for financial records as required by HMRC. Questionnaire answers and formula snapshots are retained so you can re-order the same formula in the future.

You may request deletion of your account and associated data at any time (subject to legal retention obligations) by emailing hello@particular.health.

• Access — request a copy of the data we hold about you
• Rectification — correct inaccurate data
• Erasure — “right to be forgotten” in certain circumstances
• Restriction — limit how we use your data
• Portability — receive your data in a structured, machine-readable format
• Objection — object to processing based on legitimate interests or for direct marketing

To exercise any of these rights, email us at hello@particular.health. We will respond within 30 days.

You also have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO) at ico.org.uk.

We use essential cookies required for authentication (Clerk session token) and for Stripe’s secure checkout flow. We do not currently use analytics or tracking cookies. A full cookie notice will be published before any analytics cookies are introduced.

All data in transit is encrypted via TLS. Our database (Supabase) is hosted in the EU with encryption at rest. Authentication tokens are managed by Clerk and never stored in our database. Payment card data is handled entirely by Stripe and never passes through our servers.

We may update this Privacy Policy from time to time. Material changes will be communicated to registered users by email. Continued use of our service after the effective date constitutes acceptance of the updated policy.