Privacy Policy

Effective Date: 11 March 2024


At Human Operations Pty Ltd (“Human,” “us,” “we,” or “our”), our mission is to give everyone access to personalised healthcare. We understand that you are aware of and care about your own personal privacy interests, and we take that seriously. This Privacy Policy describes Human’s policies and practices regarding its collection and use of your Personal Data, and sets forth your privacy rights. We recognize that information privacy is an ongoing responsibility, and so we will from time to time update this Privacy Policy as we undertake new Personal Data practices or adopt new privacy policies.

This Privacy Policy applies to Personal Data we collect:

  • about people who use our services (each a “User”, “you” or “your”), and
  • about people on whose behalf certain Users provide information (“Dependant”, “you” or “your”).

Our services (“Services”) are available to Users who visit our website at (the “Website”) or use our mobile app (the “App”). We collect different types of data from you via the Website, compared to the App, as set out in section 4 below.

Some more terms that we use:

Personal Data” is any data that identifies or relates to you as a particular individual, including information referred to as “personally identifiable information” or “personal information” under applicable data privacy laws, rules, or regulations.

Anonymized Data” is data where personally identifiable information has been removed, rendering the data anonymous by stripping out information that would allow an individual’s identity to be determined from the remaining data. Data is “anonymized” to protect the privacy and identity of individuals associated with the data. Anonymized Data is no longer Personal Data.

Aggregated Data” is data that has undergone a process whereby raw data is gathered and expressed in a summary form for statistical analysis. Raw data can be aggregated over a given time period, across individuals, or both, to provide statistics such as average, minimum, maximum, sum, and count. After the data is aggregated, analysis can be performed to gain insights about particular data sets. When data is aggregated across a number of individuals, the resulting aggregation is considered anonymized such that it is no longer Personal Data.


Human has appointed an internal data protection officer for you to contact if you have any questions or concerns about Human’s personal data policies or practices. If you would like to exercise your privacy rights, please direct your query to Human’s data protection officer. Human’s data protection officer’s name and contact information are as follows:

Emma Bath

Human Operations Pty Ltd

3/91 Reservoir Street, Surry Hills, Sydney, NSW, 2010, Australia

Human Operations Pty Ltd, headquartered in Sydney, Australia, will be the controller of your Personal Data processed in connection with the Services.


We have different names for types of accounts, profiles and roles that you may adopt when using the App:

  • Accounts: A User who registers an account on our App by providing an email address and password, becomes an “Account holder”. There are two types of Accounts:
    • Practitioner Account: If an Account holder is a health practitioner, it can create a “Practitioner Account” for itself.
    • Personal Account: If an Account holder is an individual seeking information about its own health condition or that of another person, it can create a “Personal Account” for itself.
  • Profiles: Each Account holder, whether a health practitioner or other individual, creates a profile for itself containing its personal information. A Personal Account holder may also create a profile for any dependent person for whom that Personal Account holder is a legally authorised representative, and who is not already an Account holder (a “Dependent”). A Personal Account holder may include medical information, such as clinical history, treatment plans and medical records, in its own profile or that of a Dependent.
  • Roles:
    • Owner: A Personal Account holder is the “Owner” of its own profile and of any Dependent profile it has created. The Personal Account holder may transfer ownership of the Dependent’s profile to another Personal Account holder, such that it becomes the new Owner.
    • Carer: A Personal Account holder can grant another Personal Account holder (a “Carer”) access to its own profile or a Dependent’s profile.
    • Practitioner: A Personal Account holder can grant a Practitioner Account holder (a “Practitioner”) access to its own profile or a Dependent’s profile.
  • Any Personal Account holder who provides Personal Data to Human on behalf of a Dependent, or who grants any Carer or Practitioner access to the Dependent’s Personal Data, warrants that it has the authority to do so. Human is entitled to request proof of authority and/or identity, before providing any access to Personal Data.


We may collect Personal Data about you from:

  • Yourself, when you provide such information directly to us, such as when completing your profile on the App; and
  • Third parties, from time to time, including:
    • Owners, when the Owner of your profile (if you are not a Personal Account holder yourself) provides such information directly to us, such as when completing your profile on the App;
    • Practitioners, when you or the Owner of your profile gives consent for a Practitioner to provide your health information directly to us, such as providing your treatment plan to Human;
    • Carers, when you or the Owner of your profile gives consent for a Carer to provide your health information directly to us, such as logging symptoms on your profile;
  • Automatic data collection such as local storage objects, web beacons, and other similar technologies in connection with your use of the Services; and
  • Social media, other third-party platforms, and linked accounts, devices, or features, if you sign into the App through a third-party site or service, or otherwise link accounts, devices, or features to your Human account.

When we say “such as”, “including” or “for example” in this Privacy Policy, we are providing examples, not an exhaustive or closed list.


We may collect the following types of Personal Data:

  • Contact details, such as your first and last name, and email address;
  • Account data, such as username and password that you may establish to create a Human account;
  • Profile data, such as your date of birth, gender identity and ethnic group;
  • Health Data”, which is information about your health and treatment which you or the Owner of your profile provides, or which is provided with your consent by a Practitioner or Carer;
  • Biometric Data, such as your photograph. When Practitioners create an Account, we may request that they provide proof of identity.
  • Payment and transactional data, where needed to complete your subscription on the App (including name, email address, payment card information, bank account number, billing information) and your transaction history. However, Human does not have access to payment card numbers. Our payment processors will collect the financial information necessary to process your payments in accordance with the payment processor’s services agreement and privacy policy;
  • Communications that we exchange with you, including when you contact us via email or the Services with questions, feedback, or reviews;
  • Marketing data, such as your preferences for receiving our marketing communications, and details about your engagement with them (e.g., the marketing emails that you open and the links within them that you click);
  • Device and geolocation data, such as your computer or mobile device operating system type, IP Address, and general location information such as city, state, or geographic area. An “IP Address” is a unique address that identifies a device on the internet or a local network. It allows a system to be recognized by other systems connected via the internet protocol; and
  • Online activity data, such as pages or screens you view, how long you spent on a page or screen, the website you visited before visiting our website, navigation paths between pages or screens, information about your activity on a page or screen, access times, and duration of access.

We collect different types of data from you via the Website, compared to the App. As such, when you are using the App and are logged into your Account, we may collect Account data, Profile data, detailed Health data, and Payment and transactional data. When you are using the Website, we may only collect Contact details (with your consent).


We process Personal Data to operate, improve, understand, and personalize our Services. We use Personal Data for the following purposes:

Service delivery, including to:

  • Provide, operate, improve, develop, understand, and personalize the Services and our business, including testing, research, analysis and product development. In particular, we use device and geolocation data to help us design our site to better suit our Users’ needs. We may also use your IP address to help diagnose problems with our server and to administer our website, analyze trends, track visitor movements, and gather broad demographic information that assists us in identifying visitor preferences;
  • Satisfy the reason you provided the information to us, including responding to and fulfilling requests;
  • In the case of Practitioners, advise you via email when a Personal Account User wants to connect a profile with you on Human;
  • Communicate with you about the Services, including Service announcements, updates, or offers;
  • Provide support and assistance for the Services;
  • Create and manage your account or other user profiles; and
  • Customize content and communications based on your preferences.

General research and development. We may create and use Aggregated Data, Anonymized Data or other anonymous data from Personal Data we collect, including Health Data on the App, for our business purposes, including to analyze the effectiveness of the Services, to improve and add features to the Services, and to analyze the general behavior and characteristics of Users of the Services. We also use Anonymized Data or Aggregated Data from Health Data on the App for research purposes to help us and our research partners answer important questions about human health and create an even better experience for our Users by identifying cutting-edge insights and providing new content and product features.

Research studies. We may use your Personal Data on the App to do a preliminary assessment of your eligibility for our research studies. However, only where specific and informed consent has been given by you may we use your Personal Data including Health Data, in our research studies, for example to analyze your response to certain treatments.  The specific purpose for which we use your Personal Data in the context of our research studies will be set out in the informed consent form relating to a particular study.

Marketing and advertising. We do not use personally identifiable Health Data for marketing or advertising purposes. We may use other Personal Data to send you marketing messages as permitted by law or to measure and improve our advertising.

Compliance and protection, including to:

  • Protect against or deter fraudulent, illegal, or harmful actions and maintain the safety, security, and integrity of our Services;
  • Comply with our legal or contractual obligations, resolve disputes, and enforce our Terms of Use;
  • Audit our internal processes for compliance with legal and contractual requirements and internal policies;
  • Protect our, your, or others’ rights, privacy, safety, or property (including by making and defending legal claims); and
  • Respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.

Consequences of not collecting Personal Data: You are not obliged to provide any Personal Data. However, if we do not collect any of your Personal Data, we will not be able to perform the above functions, or provide you with the Services.


We may share your Personal Data on the App with the below third parties, but note that sometimes Health Data is treated differently to other Personal Data (as it is a special category of information):

  • where you are a Personal Account holder, we may share your Personal Data and/or the Personal Data of your Dependents, as applicable, on the App with:
    • Carers, subject to your consent,
    • Practitioners, subject to your consent. For example, when you ask us to connect one of your profiles to a Practitioner, you acknowledge that the Practitioner will receive an email containing the full name of the User associated with that profile. Once connected, the Practitioner will be able to view all of the Health data associated with that profile,
  • Payment and security providers, such as payment processors, security and fraud prevention consultants. We will never share your Health Data with payment and security providers;
  • Hosting and other technology and communications providers. The Personal Data that Human collects from you is stored in, processed in or transferred to one or more databases hosted by third parties located in the United States. These third parties do not use or have access to your Personal Data for any purpose other than cloud storage, retrieval and data processing. This is discussed in more detail in section 8 below;
  • Advertising services. We may share basic parameters relating to your usage of the App (for example whether or not you added a treatment) with ads platforms such as Google Ads, and with mobile measurement partners such as AppsFlyer. We will do so via an individual identifier, without sharing any other personal data, any health data or any underlying details of that usage (such as, which particular treatment you added). Further, we only share those parameters for the purpose of measuring and improving our own product advertising; not for subsequent personalized advertising.  You can find more information here about how Google uses personal information.
  • Government authorities, where the information is provided to comply with the law (for example, compelled by law enforcement to comply with a search warrant, subpoena, or court order), enforce an agreement we have with you, or to protect our rights, property or safety, or the rights, property or safety of our employees or others;
  • Third parties, only to address disputes, claims, or to persons demonstrating legal authority to act on your behalf; and
  • Business transferees in business transactions (or negotiations for such transactions) involving a sale of all or any portion of the business or assets of, or equity interests in, Human or our affiliates.

We use Google Cloud Platform (“GCP”) to host and process data. A list of GCP sub processors can be found here:

We will never sell your Personal Data to anyone. We may gather Aggregated Data or Anonymized Data about our Services or Users, and disclose the results of such aggregated or anonymized data to our partners, service providers, advertisers, and/or other third parties. Such information is no longer Personal Data and can no longer be used to identify you.

How you may share Personal Data through the App: Depending on your use of the App, you may share your Personal Data with any other Account holder, subject to your consent or the consent of the Owner of your profile (in the case of a Dependent). Where you have provided consent for Human to share your Personal Data with another User, Human is not responsible for what those Users do with your Personal Data.


Human has its headquarters in Sydney, Australia, but information we collect about you via the App will be hosted and processed in the United States. By using the App, you acknowledge that your Personal Data will be hosted and processed in the United States.

The United States has not sought nor received a finding of “adequacy” from the European Union under Article 45 of the European General Data Protection Regulation  (“GDPR”). Pursuant to Article 46 of the GDPR, Human is providing appropriate safeguards by ensuring that binding, standard data protection clauses are in place with its hosting and processing service providers, which are enforceable by data subjects in the EU and the UK. These clauses have been enhanced based on the guidance of the European Data Protection Board and will be updated when the new draft model clauses are approved.

Depending on the circumstance, Human also collects and transfers Personal Data to the U.S. with consent; to perform a contract with you; or to fulfill a compelling legitimate interest of Human, in a manner that does not outweigh your rights and freedoms. Human endeavors to apply suitable safeguards to protect the privacy and security of your Personal Data and to use it in a manner only consistent with your relationship with Human and the practices described in this Privacy Policy.

Where we employ data processors such as Google to process Personal Data on our behalf, we only do so on the basis that such data processors comply with the requirements under the GDPR and have adequate technical measures in place to protect personal information against unauthorised use, loss and theft. Human enters into data processing agreements and model clauses with such vendors whenever feasible and appropriate. Since it was founded, Human has received zero government requests for information.

For more information or if you have any questions about data processing in the U.S., please contact us at


You have certain rights with respect to your Personal Data, including:

  • Information: You have the right to certain information, such as information about Human, at the time that we collect Personal Data from you. We have aimed to include much of this information in this Privacy Policy.
  • Access: If you wish to confirm that Human is processing your Personal Data, or to have access to the Personal Data Human may have about you, please contact us. When technically feasible, Human will - at your request - provide a copy of your Personal Data to you. You can also access certain of your Personal Data by logging into your account on the App. Reasonable access to your Personal Data will be provided at no cost. If access cannot be provided within a reasonable time frame, Human will provide you with a date when the information will be provided. If for some reason access is denied, Human will provide an explanation as to why access has been denied. You may also request information about: the purpose of the processing; the categories of Personal Data concerned; who else outside Human might have received the data from Human; what the source of the information was (if you didn’t provide it directly to Human); and how long it will be stored.
  • Rectification:You have a right to correct (rectify) the record of your Personal Data maintained by Human if it is inaccurate. You can do so by logging into your account on the App. Where this is not possible, you can request that we correct your Personal Data. However, when you update information, we may maintain a copy of the unrevised information in our records.
  • Erasure: You can request that we erase some or all of your Personal Data from our systems. You may be asked to complete a verification form in connection with such deletion request in order to ensure that you have the authority to delete your account, and we may retain the relevant Personal Data for a period of up to 30 days, in case your request was submitted in error. Certain Personal Data is necessary to enable you to utilize some or all of our Services, so if you request us to erase such data, we may no longer be able to provide you with the Services. We may retain certain Aggregated Data or Anonymized Data derived from or incorporating your Personal Data that does not identify you, after you update or delete your Personal Data. Where you have provided consent for Human to share your Personal Data with another User, Human cannot ensure that such Users delete your Personal Data, if you later request its deletion.
  • Portability: You can ask for a copy of your Personal Data in a machine-readable format. You can also request that we transmit the data to another organization, or directly to you, under certain conditions.
  • Objection: You can contact us to let us know that you object to the further use or disclosure of your Personal Data for certain purposes. You may request that Human cease using your Personal Data for direct marketing purposes.
  • Restriction of processing: You can ask us to restrict further processing of your Personal Data in certain unique situations.
  • Auto Decision Making and Profiling: You have the right not to be subject to certain decisions based solely on automated processing, including profiling, which produces legal effects concerning you or which significantly affects you.
  • Withdrawal of consent: If we are processing your Personal Data based on your consent (as indicated at the time of collection of such data), you have the right to withdraw your consent at any time. Please note however, that if you exercise this right, you may be unable to utilize some or all of our Services.
  • Complaint: You have the right to lodge a complaint about our practices with respect to your Personal Data with the supervisory authority of your country or, in the case of residents of the EU, your European Economic Area Member State.
  • Appeal when a request is denied: You have the right to appeal our decision to not take action on a request. For example, if Human denies your request to delete or erase your information, you may appeal this decision by contacting the local government body that has jurisdiction where you live.
  • Not identify or use a pseudonym in certain circumstances: You have the right not to identify yourself (be anonymous) or to use a pseudonym, save where impracticable for Human to provide Services to you in this way.
  • Complaints: In many countries, you have a right to lodge a complaint with the appropriate data protection authority if you have concerns about how Human processes your Personal Data. Please see section 15 for more information about complaints.

Unless specified otherwise, you can exercise these rights by logging into your account on the App, or by emailing Please note that in some circumstances, we may not be able to fully comply with your request, such as if it is frivolous or extremely impractical, if it jeopardizes the rights of others, or if it is not required by law, but in those circumstances, we will still respond to notify you of such a decision. In some cases, we may also need you to provide us with additional information, which may include Personal Data, if necessary to verify your identity and the nature of your request. Human will not discriminate against you for exercising your rights.


Storage: In relation to the App, Human securely stores your data using cloud-based Google infrastructure on data servers in the United States. In relation to the Website, Human stores any Personal Data obtained from you on a Webflow database in the United States. We, Google and Webflow employ a number of physical, technical, organizational, and administrative security measures designed to protect your Personal Data.

Retention: We retain Personal Data for only as long as reasonably necessary for the purposes associated with such data as described in this Privacy Policy, where we have a business need to do so, or as required by law (e.g., for tax, legal, accounting, or other purposes), whichever is longer. Once this time period has expired, we will delete the data via an automatic deletion process.

To determine the appropriate retention period for your Personal Data, we consider the amount, nature, and sensitivity of the information, the potential risk of harm from unauthorized use or disclosure of your Personal Data, the purposes for which we process your Personal Data and whether we can achieve those purposes through other means, and the applicable legal requirements.

All Personal Data that Human controls may be deleted upon verified request from a User or its authorized agent. For more information on where and how long your Personal Data is stored, and for more information on your rights of erasure and portability, please contact us at


What is a cookie? Cookies are small pieces of data – usually text files – placed on your computer, tablet, phone, or similar device. They can take the form of pixel tags, web beacons, clear GIFs or JavaScript. Cookies are given to your browser by websites you visit, and browsers give these back to the website when you revisit, re-identifying you.  They are unique to your account or your browser. Session-based cookies last only while your browser is open and are automatically deleted when you close your browser. Persistent cookies last until you or your browser delete them or until they expire.

Does Human use cookies? We do not currently collect or use any cookies on the App; only on our Website.

Strictly Necessary Cookies: These cookies are necessary for the Website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences. You can set your browser to block or alert you about these cookies, but that may cause some parts of the Website to not work (for example, the functionality to opt out of performance cookies). Strictly necessary cookies do not store any personally identifiable information.

Performance Cookies: On the Website, we collect and use analytics tracking cookies from two third parties (namely PostHog and Google Analytics). This is to allows us to understand how users use our Website, by collecting information on how often a user visits certain pages or engages with a particular featureon the Website. We use these aggregated statistics internally to improve the Services.

We also collect and use marketing cookies on the Website. We use Google Analytics for measuring the effectiveness of marketing. This helps us to improve our campaigns and the Services’ content for those who engage with our marketing. To see an overview of the privacy of your Google Analytics cookies, please go here:

If you do not allow performance cookies, we will not know when you have visited our Website and will not be able to measure our advertising effectiveness for your visit.

How can you control or delete cookies on the Website? You have the option to disable and delete cookies that may not be necessary for the basic functionality of our website using our consent tool or your browser. Please note that blocking non-essential cookies via your browser (rather than opting out of non-essential cookies using our consent tool)  may impact your experience on our Website.

  1. Using our consent tool

When you first visit the Website, you can accept or reject non-essential cookies via the cookie banner. After this, you may adjust your settings by clicking the cookie manager icon in the bottom corner of the website. The cookie manager button looks like this:

Please note that if you first accept non-essential cookies, and then later reject them via the consent tool, you will need to reload the page for those cookies to be dropped.

  1. Using Your Browser

To disable cookies through your browser, follow the instructions usually located within the “Help,” “Tools” or “Edit” menus in your browser. Please note that disabling a cookie or category of cookies does not delete the cookie from your browser unless manually completed through your browser function.

You may install a Google Analytics opt-out browser add-on by going here:

  1. Cookies Set in the Past

Collection of your data from our analytics cookies can be deleted. If cookies are deleted, the information collected prior to the preference change may still be used.  However, we will stop using the disabled cookie to collect any further information from your user experience. For our marketing cookie, when a user opts out of tracking, a new cookie is placed to prevent users from being tracked.

Does Human respond to Do Not Track Signals? Our App does not use cookies, and therefore Do Not Track browser signals are not relevant. Our Website does not currently obey Do Not Track signals. however, you can manage your cookie preferences as detailed above.


We do not knowingly attempt to solicit or receive information from children.

If you are under 18 or such greater age of majority as may apply where you live (the “Age of Majority”), please do not attempt to register for the Services or send any Personal Data about yourself to us. If we learn that we have collected Personal Data from a child under the Age of Majority, we will delete that information as quickly as possible. If you believe that a child under the Age of Majority may have provided us with Personal Data, please contact us at


Section 5 above (How We Use Personal Data) explains how we use your Personal Data. We will only process your Personal Data if we have a lawful basis for doing so. Lawful bases for processing include consent, contractual necessity and our “legitimate interests” or the legitimate interest of others, but will depend on the type of Personal Data and the specific context in which we process it. However, the legal bases we typically rely on for each category of processing activity are set out below:

  • Service delivery: Processing is necessary to perform our contract, or to take steps that you request prior to engaging our Services. Where we cannot process your Personal Data as required to operate the Services on the grounds of contractual necessity, we process your personal information for this purpose based on our legitimate interest in providing you with the products or Services you access and request. Human also has a legitimate interest in understanding how Users and potential Users use its Services. This assists Human with providing more relevant services, with communicating value to our investors, and with providing appropriate staffing to meet User needs.
  • General research and development: These activities constitute our legitimate interests.
  • Research studies: Processing of your Personal Data is based on your consent.
  • Marketing and advertising: Processing is based on your consent where that consent is required by applicable law. Where such consent is not required by applicable law, we process your personal information for these purposes based on our legitimate interests in promoting our business.
  • Compliance and protection: From time to time we may also need to process Personal Data to comply with a legal obligation, if it is necessary to protect the vital interests of you or other data subjects, or if it is necessary for a task carried out in the public interest.
  • Consent: To the extent that Health Data that we collect is considered health data or another special category of Personal Data subject to the GDPR or other applicable data protection law, we ask for your explicit consent to process this data. When we process Personal Data based on your consent, you have the right to withdraw it any time in the manner set out in section 7 of this Privacy Policy.

We may use your Personal Data for reasons not described in this Privacy Policy where permitted by law and where the reason is compatible with the purpose for which we collected it. If we need to use your Personal Data for an unrelated purpose, we will notify you and explain the applicable legal basis.


This Privacy Policy does not cover the practices of third parties that we do not own or control, or people that we do not manage. We are not responsible for the policies and practices of any third parties (such as Practitioners), and we do not control, operate, or endorse any information, products, or services that may be offered by third parties or accessible on or through the Services.

The Services may contain links to websites and other online services operated by third parties, such as Facebook, LinkedIn and Twitter. In addition, our content may be integrated into web pages or other online services that are not associated with us. These links and integrations are not in themselves an endorsement of, nor a representation that we are affiliated with, any such third party.

We do not control websites or online services operated by third parties, and we are not responsible for their actions. You can learn about and control how these third parties use and share Personal Data about you, including with Human, by reviewing their privacy notices and exercising the privacy choices that the third party may offer.


We may review this policy from time to time. We recommend that you regularly check for changes and review this policy whenever you visit our website.

We will notify you of any minor changes by posting an updated version on our website or app, with an update to the “Effective Date” at the start of the policy. Where we intend to change our information handling practices (for example we intend to collect a new type of data or use data for a new purpose), we will also notify you via email of those changes.

If you do not agree with any aspect of the updated policy, you must immediately notify us and cease using our Services. If you use the Services after the effective date of any changes to the Privacy Policy, we will assume that you agree to all of the changes.


If you have questions, concerns, complaints, or would like to exercise any of your data protection rights, please contact us at:

Human Operations Pty Ltd

Attn: Legal Department

3/91 Reservoir Street

Surry Hills, NSW

Australia, 2010

If you have any questions about this Privacy Policy, the data we hold on you, or you would like to exercise one of your data protection rights, please do not hesitate to contact us.


If you have any complaints concerning the processing of your Personal Data, you can email us at

Alternatively, you may contact the relevant data protection body in your jurisdiction:

If you are in the UK, contact the Information Commissioner’s Office, via email at

If you are in the EU, you can contact the European Data Protection Supervisor online here or your nation’s data protection authority.

If you are in the US, contact your local state regulatory body.

If you are in Australia, contact the Office of the Australian Information Commissioner online here.

This site uses cookies to offer you a better browsing experience. Find out more on how we use cookies in our Privacy Policy.