Privacy Policy

Curange is committed to protecting your privacy and ensuring the security of your personal data. This Privacy Policy outlines the collection, usage, storage, and protection of your information when you interact with our services. It also explains your rights under UK data protection laws, including the UK GDPR.

By using Curange, you acknowledge and agree to the data practices described in this document. You are encouraged to read this Privacy Policy carefully to know how your information is handled. Please contact us using the details in the Contact section to get more details or support.

Scope and Applicability

This Privacy Policy applies to all individuals who interact with Curange — registered users, prospective customers, and website visitors. It governs the collection, processing, storage, and protection of personal data in accordance with UK data protection laws, including the UK GDPR and the Data Protection Act 2018.

Curange’s commitment to privacy extends across all digital touchpoints, including the website, mobile applications, customer support channels, and any other means through which users engage with our services. Whether you access Curange via a desktop computer, smartphone, tablet, or other internet-enabled device, this Privacy Policy will remain applicable.

This policy outlines:

• What personal data we collect – This includes personally identifiable information (PII) such as name, email address, and health-related inputs, as well as technical data like IP addresses, device information, and browsing activity.
• For what purposes we process your data – Our data practices are governed by law, including user consent, contractual necessity, and legitimate business interests.
• Your rights – Users have the right to access, rectify, delete, or restrict the processing of their data, in accordance with UK data protection laws.

By continuing to use Curange, you acknowledge and agree to the terms set forth in this Privacy Policy. If you do not agree, however, with any aspect of this policy, you should discontinue the use of our services immediately. For further clarification on how your data is managed, please refer to the following sections of this policy document.

Categories of Data Collected

To provide personalised supplement recommendations and ensure an optimal user experience, Curange collects various types of personal data. The data we collect is categorised into three main groups: Personally Identifiable Information (PII), Technical and Usage Data, and Cookies and Tracking Technologies.

1. Personally Identifiable Information (PII)

When you create an account or interact with our platform, we collect specific personal details to tailor our services to your individual needs. The information collected may include:

• Full Name – It is used to personalise your account and communications.
• Email Address – It is required for account verification, password recovery, service updates, and customer support inquiries.
• Date of Birth – It helps customise supplement recommendations based on age-related health considerations.
• Health and Lifestyle Information – The user provides this information voluntarily, including dietary habits, fitness routines, wellness goals, medical conditions, and supplement preferences. This data enables us to generate scientifically informed supplement recommendations.

We do not collect or store sensitive medical records, diagnoses, or prescription details. The information provided by users is entirely voluntary and should not replace professional medical advice.

2. Technical and Usage Data

To improve the functionality, security, and performance of Curange, we collect certain technical and usage-related data. This includes:

• IP Address – Logged for security monitoring, fraud prevention, and ensuring compliance with regional data regulations.
• Device Information – Includes browser type, operating system, and device model to optimise user experience across various devices.
• Website Activity – We track interactions such as pages visited, time spent on each section, referral sources, and click patterns. This helps us analyse user behaviour and refine our platform.

All technical data is anonymised where possible, in accordance with the Data Protection Act 2018, and is used strictly to enhance security, troubleshoot issues, and improve site functionality.

3. Cookies and Tracking Technologies

Curange uses cookies and tracking technologies to enhance user experience, analyse traffic, and improve marketing efforts. These include:

• Sessions Cookies – Temporary cookies that help maintain your login session and expire when you close your browser.
• Persistent Cookies – Stored on your device to remember your preferences for future visits.
• Analytics and Performance Tracking – Tools such as Google Analytics may be used to assess platform engagement and identify areas for improvement.

For more information on how Curange uses cookies and how you can manage them, refer to the Cookies and Tracking Technologies section of this Privacy Policy.

Data Processing

Curange abides by the UK General Data Protection Regulation to ensure transparency, accountability, and data protection. Our Data processing practices are based on clear legal justifications, and we only collect and process data necessary for providing and enhancing our services.

Legal Bases for Data Processing

Under the UK GDPR, we rely on the following legal grounds for processing your personal information:

1. User Consent

• We require your explicit consent before collecting or using your personal data for specific purposes, such as generating personalised supplement recommendations and sending marketing emails.
• You have full control over your consent preferences, and you can withdraw consent at any time through your account settings or by contacting us.

2. Contractual Necessaity

• Some data processing activities are essential to deliver our services. For example, we require certain health-related information, including dietary habits and wellness goals, to generate personalised supplement plans.
• Without this data, we would be unable to provide customised recommendations tailored to your individual needs.

3. Legitimate Business Interests

• In certain cases, we process personal data to improve service quality, prevent fraud, and enhance platform security.
• We balance our legitimate business interests against your privacy rights to ensure fair and ethical processing.
• Examples of legitimate interests include:
  
  • Analysing user behaviour to optimise our website and recommendations.
  • Detecting fraudulent activities or unauthorised access.
  • Maintaining system security and troubleshooting technical issues.

How We Use Your Data

Your data is only processed for specific and necessary purposes that align with our commitment to protecting your privacy. These include:

• Personalised Supplement Recommendations – We analyse your health-related inputs to generate evidence-based supplement suggestions tailored to your wellness needs.
• User Support and Communication – Your contact details (such as email) are used to respond to inquiries, manage account requests, and send important service-related updates.
• Analytics and Service Improvement – We use aggregated and anonymised data to monitor our platform’s performance, identify areas for improvement, and enhance the overall user experience.
• Security and Fraud Prevention – We implement security measures to protect your account, delete suspicious activity, and prevent unauthorised access.

Data Processing Limitations

Curange never processes your data beyond the stated purposes without obtaining additional consent. Any changes in data usage policies will be communicated in advance, and you will have the option to opt out of any new processing activities.

Data Retention and Storage Policy

At Curange, we retain personal data only for as long as necessary to fulfil its intended purpose while ensuring compliance with legal and regulatory requirements. The retention period depends on the type of data collected, the purposes for which it is processed, and any applicable UK laws governing data retention.

Retention Periods for Different Types of Data

• User Profiles and Health Data
  
  • Personal data provided during account registration, including health-relation information, is retained for as long as your account remains active.
  • If you decide to delete your account, we take immediate steps to erase your personal data unless there are legal or regulatory requirements that necessitate its retention.
  • Some anonymised or aggregated data may be retained for analytical purposes, but this information cannot be linked back to you.
• Transaction Records
  
  • Any data related to financial transactions, billing, and purchases made through our platform is stored for a period of six years to comply with UK tax and financial regulations.
  • This ensures that we meet our accounting obligations and can resolve any potential disputes or audits.

• Website Activity Logs and Technical Data
  
  • Logs related to website usage, login activity, and interactions with our services are retained for up to 12 months.
  • This helps us enhance security, detect fraud, and improve service performance through analytics.

Data Deletion

Once personal data is no longer needed, we take the following measures:

• Secure Deletion – Personal data is permanently removed from our systems using industry-standard deletion techniques.
• Anonymisation – In cases where data retention is required for research, analytics, or reporting, we anonymise it to ensure that it cannot be traced back to an individual user.

We periodically review our data retention practices to follow evolving data protection regulations and industry best practices.

Data Security Measures

Curange takes data security seriously and has implemented robust safeguards to protect your personal information from unauthorised access, misuse, or accidental loss. Our multi-layered security approach ensures that your data remains confidential and protected at all times.

Key Security Measures Implemented

• End-to-End Data Encryption
  
  • We use end-to-end encryption to protect your personal data during transmission and storage.
  • Sensitive data, including health-related information, is encrypted using AES-256 encryption protocols, ensuring that even if intercepted, it remains unreadable.
• Access Controls and Authentication
  
  • Only authorised personnel with verified credentials can access personal data.
  • We enforce multi-factor authentication (MFA) to prevent unauthorised access to internal systems.
• Regular Security Audits and Compliance Checks
  
  • Our security infrastructure undergoes frequent audits to identify and address vulnerabilities.
  • We stay up-to-date with the UK GDPR regulations and industry standards to maintain compliance.
• Firewall and Intrusion Detection Systems (IDS)
  
  • Our network is protected by firewalls and real-time intrusion detection systems that monitor for potential cyber threats.
  • Suspicious activity is flagged and investigated immediately to mitigate risks.

Incident Response and Breach Notifications

While we implement stringent security measures, no online platform is entirely risk-free. In the unlikely event of a data breach, we will:

• Assess the impact and take immediate action to contain the breach.
• Notify affected users without delay, as required by UK data protection laws.
• Report the breach to relevant authorities (e.g., the UK Information Commissioner's Office) if required.
• Provide guidance to affected users on any necessary steps to protect their information.

Our commitment to security and privacy ensures that your data remains safe, and we continually enhance our systems to adapt to emerging threats and risks.

User Rights and Data Control

Under the UK GDPR, you have the following rights relating to your data:

1. Right to Access – As a user, you are allowed to request a copy of the personal data you have shared and stored with us.
2. Right to Erasure – As a user, you can also request the deletion of said data under specific conditions (such as when deactivating or deleting your account).
3. Right to Rectification – You can and/or request to correct any inaccuracies in your information.
4. Right to Restrict Processing – As a user, you can also limit how we can use your data in certain conditions.
5. Right to Data Portability – You can request data from the platform and reuse it across different services.
6. Right to Object – You can opt out of data processing activities based on legitimate interests or direct marketing.

You can exercise these rights by contacting us. We have provided the necessary details to reach us and our team in the Contact section (click here to skip to Contact Us).

Cookies and Tracking Technologies

Curange uses cookies and tracking technologies to enhance user experience. Moreover, our platform uses shared cookies to optimise website functionality and personalise content for our users. With the help of said technologies, we also analyse traffic, track user interactions, and improve service delivery.

1. What Are Cookies?

Cookies are small text files stored on your device when you visit a website. They help us recognise returning users, remember preferences, and analyse website performance. Some cookies are essential for the proper functioning of our platform, while others enhance usability and personalisation.

2. Types of Cookies We Use

Curange platform shares and uses different types of cookies for different purposes:

• Essential Cookies – These are required for the website to function properly. They enable core features such as secure logins, navigation, and account authentication.
• Analytics Cookies – These cookies help us monitor website traffic, track user interactions, and gather insights to improve our services.
• Marketing Cookies – We use these to deliver targeted ads, promotions, and personalised recommendations based on user interests.

3. Managing Cookie Preferences

You have control over your cookie settings and can adjust them at any time:

• Modify your preferences through our Cookie Settings panel
• Disable or block cookies via your browser settings
• Opt out of certain tracking technologies by adjusting your privacy settings

Disabling cookies may affect some website features and overall functionality, but Curange ensures users have full transparency and control over their data preferences.

Privacy Policy Updates and Modifications

Curange reserves the right to update this Privacy Policy periodically to reflect changes in:

• Legal and regulatory requirements
• Our service offerings and features
• User feedback and operational improvements

We will notify users of significant changes via email or platform announcements. If you continue to use our services after an update, then your use declares acceptance of the revised policy.

Contact Information

If you have any questions or concerns regarding this Privacy Policy or wish to exercise your rights, you can contact us at:

Curange Data Protection Team:

[Email Address]

+447450995232

[Physical Address]

We take your privacy seriously and remain committed to addressing any concerns promptly and transparently.