We believe transparency is the key to any healthy relationship. At GastonAi, we are all about healthy living and longevity. We appreciate that you are trusting us with information that is important to you and we want to be transparent about how we use it.
Here we describe the privacy practices for our software, websites and services. We’ve tried to write this Privacy Notice in a clear language to easily understand what data we collect, why and how we use and protect it.
This Privacy Notice (the “Privacy”) is applies to business partners, suppliers, customers and visitors of GastonAi – a subsidiary company and brand of NILA TECHNOLOGY LIMITED (“GastonAi”, “we”, “us”, “our”, “Group”) and how GastonAi processes your personal data. This Privacy Notice applies for instance, when you visit GastonAi websites, signup and login to our platform, buy our products, solutions, applications or services or subscribe to our newsletters or contact us.
This Privacy Notice may be modified from time to time to keep up with local and international laws and regulations. In case of conflict between Privacy Notice and local legislation and/or regulations, the latter will prevail.
GastonAi websites do not target and are not intended to be used by persons under the age of sixteen (16). We do not store credit card details nor sell your personal information to any third parties.
“Personal Data” is information that relates to, describes, is capable of being associated with, or could reasonably be linked (directly or indirectly) with you or your household, and may include Usage Information (as defined below). “Usage Information” refers to device, Internet and network activity information that GastonAi, our business partners, and our service providers collect, including information about how you interact with our services, emails, advertising, and content. We may combine Usage Information with other Personal Information we have about you. We collect information directly from you and Usage Information. We may also receive information from other parties, as further described below.
We may collect Personal Data directly from you when you use our services, contact us, sign up to receive communications from us, make a purchase, enter a sweepstakes or contest, or provide us feedback or survey responses. Once you sign up on GastonAi and become a Registered User, you will be able to create a profile page by submitting certain Personal Data. The profile page may be viewable by other GastonAi users and will display your profile name as well as your profile picture, if you choose to upload one or agree to allow a third party service (e.g. Facebook) to provide one for you. You can choose what other Personal data you provide as part of your profile. Providing such information is voluntary and should correlate with the degree of interaction you want to have with GastonAi as its users.
We may collect the following categories of Personal Data:
Some of this information may be considered “sensitive” under the laws of certain jurisdictions. Whether this information is considered “sensitive” will depend on the laws of jurisdiction you reside in.
Your Personal Data is processed only to the extent necessary to pursue the purposes for which it was collected and for the purposes set out in this Privacy Notice. To learn about how long GastonAi keeps your Personal Data, see section on Data Retention below.
Many of our services and features require some Personal Data. If you choose not to provide the necessary Personal Data, you may not be able to use certain services or features. If you choose not to share your Personal Data, features that require personalization will not work for you.
This is information such as height, weight, what you eat, or any pre-existing health conditions that you contribute to us by inputting the information into our website or our partner business website or apps or sending us your bioprofile test reports. We use this data to determine your eligibility for our services or scientific research studies; facilitate testing of samples (see below) by third party laboratories we partner with; input relevant information into our analysis, for example what you eat; allow us to carry out general scientific research.
These are biological test results that you have sent to either directly or via third party labs after testing. These are the results we receive back from the laboratories that have analysed your samples, or – if applicable – from devices that measure your physiological data (such as ECG monitors, blood sugar sensor, etc), possibly via intermediate data management systems managed by the manufacturer/distributors of the devices, and which facilitate the transfer of the data from the devices to GastonAi. An example of a Test Result is the concentration of glucose in your blood.
We do not receive the samples ourselves, only the Test Results. We collaborate with laboratories who specialise in carrying out biomarker and/or epigenetic analysis. The laboratories operate independently but with collaboration or partnership agreements with us. We only take your data directly from them if you have provided explicit consent to share information about you with us. Amongst many other type of data you provide to us, your Test Results are essential to carry out our analysis and to offer our services to you.
We keep this data for as long as you have an account with GastonAi, but we will delete it if you specifically request it. The laboratories will keep samples for different lengths of time depending on the requirements of the locally applicable law (for example, of your country or state). How long a sample is kept may depend on factors such as whether a test is successful or not. If you want further information about this, please contact your individual laboratories.
Some laboratories only receive anonymised/de-identified samples, others require some personal details to conduct the tests. Device manufacturers/distributors hold anonymised/de-identified Test Result data in their data management systems which are used to transfer the data from the sensors to GastonAi.
We may make use of information from a wearable device, such as an Apple Watch or other fitness tracker. Your device collects biometric data to estimate a variety of metrics like number of steps you take, distance traveled, calories burned, weight, heart rate, sleep stage, active minutes and location. We may collect these data when your device syncs with third-party applications or software and when your device data is transferred from your device to servers. We will only collect this information if you consent to us doing so – and your device should not permit us to do so without your agreement anyway.
Once collected, we will treat the information in exactly the same way as for self-reported health information – including why we process it, what we do with it and how long we will keep it.
We may, from time to time, invite you to participate in one or more of our scientific research studies. Participation is entirely voluntary and subject to an additional sign up process, which is managed by an ethics review board. This privacy policy may not accurately describe the data processing carried out during such a research study but if that is the case, the information you receive before participating in the study will explain any differences.
Other parties may provide us your Personal Data. For example, if you create a GastonAi account using your login from another party’s service (including our partnering businesses, social media networks such as Facebook), we will access and collect the information about you that your privacy settings on that service permit so that we can create an account for you. Social media platforms and advertising partners may also give us other information about you. We may combine this information with other Personal Data that we have collected. We may offer device or operating system-based authentication such as fingerprint or face unlock as a log-in method of accessing certain Services. We are notified as to whether the authentication was successful, but we do not have access to the fingerprint or facial data.
When you visit or use the services or use a GastonAi website or partnering business mobile applications that has GastonAi features (features described as Powered by GastonAi), we may automatically record Usage Information. Usage Information we collect may include information about your online sessions, such as your Internet Protocol (IP) address, browser type or the webpage you were visiting before you came to our Site, pages of our Site or the App that you visit (or of the site you visited that had the GastonAi feature), the time spent on those pages, information you search for, contact information or data you enter, products or content you view, links you click, access times and dates, mouse movements, screen captures, the model and device ID number of your mobile device, user settings, location (if you enable this feature), and statistics and information about your use of the Site and App.
We may also track and collect App usage data, such as the date and time the App accesses our servers, your interactions with the App, what information has been downloaded to the App, information about where you downloaded the App, and how often you use it.
We use your Personal Data to improve and develop our products and services, personalise our products, better understand consumers’ interests related to our products and services and make recommendations to you and send you relevant offers. We also use Usage Information to monitor and analyse use of the Services, for technical administration, to secure the Site and App and protect those who visit the Site or App, to improve functionality and user-friendliness, and to better tailor our Services to our visitors’ needs. For example, some Usage Information is collected so that when you revisit the Services, we will recognise you and can serve advertisements and other information appropriate to your interests. Some of the Usage Information (like your IP address) is treated as Personal Data.
Our Services use tracking technologies to collect Personal Information, including Usage Information. These tracking technologies include, by way of example, cookies, pixels, APIs and tags. While these technologies operate in different ways, in general, they allow us, our service providers, and other third parties to collect and combine information about your online activities over time and across different websites and apps. For example, they help us understand how you interact with the Site and use our Services and save information like your search preferences, your account settings and login information, so that we can remember you and your settings when you return to the Site or App, and personalise your experience.
These tools allow us to determine how many people are visiting our Services and other analytics, whether visitors are new or repeat visitors, which pages visitors are viewing and for how long, how well certain online advertising campaigns are converting, and other similar usage data. When used in our e-mail communications, they can tell us information such as how you interact with the e-mail, when and whether an e-mail was opened, if and how many times it was forwarded, and what links users click within the e-mail. They support the way we serve our ads, measure the effectiveness of our ads, and to determine the content and advertising to offer you based on your interests. Based on tracking information, we, our service providers, and other third parties can adjust the content, products, services, advertisements, and promotions we provide to better meet your interests, and make you aware of GastonAi products, services, and offers in which you may be interested.
To support these activities, we and our partners may use information about your visits, how you use our Services, how you engage with our emails or offers, your other interactions with us, and your interactions with other third parties and other websites.
In addition to the above-mentioned functions, cookies and other tracking technologies can also perform functions that are necessary to the operation of a website or important to the performance and functionality of the site. For example, we use cookies to improve your experience on our Services, such as to allow you to return to the Site more easily, hold your shopping cart, or save your language preferences.
The length of time that information about you is tracked depends on the type of cookie: we use both session cookies (which generally expire when you close your browser) and persistent cookies (which remain on your device for an extended period of time).
Most Internet browsers automatically accept cookies but you can instruct your browser, by changing its options, to block or delete cookies. If you limit or reject cookies, however, you may not be able to use all portions of or all functionality of our Services.
We may de-identify or aggregate Personal Data (including Usage Information). We keep and use such de-identified information in de-identified form, except as permitted by applicable law. We may use de-identified or aggregated data for any purpose unless prohibited by law, including to understand our customers and improve our products and services.
Our headquarters, at GastonAi, are in the United Kingdom. As a result, you are protected by the United Kingdom’s Data Protection Act 2028 (and UK Data Protection Addendum 2023) as well as EU General Data Protection Regulation (“GDPR”), regardless of your citizenship or where you live in the world. You may have additional rights under the GDPR with respect to your Personal Data, as outlined below.
For this section, we use the terms “Personal Data” and “processing” as they are defined in the GDPR, but “Personal Data” generally means information about a person, and “processing” generally covers actions that can be performed in connection with data such as collection, use, storage, amendment, deletion and disclosure. GastonAi will be the processor and controller of your Personal Data processed in connection with the Service.
If there are any conflicts between this section and any other provision of this Privacy Policy, the policy or portion that is more protective of Personal Data shall control to the extent of such conflict. If you have any questions about this section or whether any of the following applies to you, please contact us at dpo@gogaston.io.
We will only process your Personal Data if we have a lawful basis under the European GDPR and UK Data Protection Act 2018 (including UK Data Protection Act (Addendum) 2023) for doing so. Lawful bases for processing include:
Consent: Except for the specific situations explained below, we process your customer information, self-reported health information; Test Results by consent. You may withdraw your consent at any time and we will stop processing your Personal Data in this way.
Contractual Necessity: In order to be able to perform our contract, we need to collect customer information we have marked as required and all payment information.
Compliance with a legal obligation: As explained above, we will sometimes have to process personal data in order to comply with a legal obligation imposed on us. Where those obligations are imposed by UK law, that law will provide us with a lawful ground for processing.
Legitimate Interest: We process the following categories of Personal Data when we believe it is in our legitimate interest to do so and we do not believe that your rights of freedoms will be unduly interfered with by our processing:
All information about your health, which we would normally be forbidden from processing by the GDPR, is processed by us because you have consented to us doing so.
We use the information we collect to improve and personalise the Services and to develop new ones. For example, we use the information to troubleshoot and protect against errors; perform data analysis and testing; conduct research and surveys; and develop new features and Services.
When you allow us to collect precise location information, we use that information to provide and improve features of the Services such as recording where a workout took place or mapping an activity.
We also use your information to make inferences and show you more relevant content. Here are some examples:
If you are a customer of our services, we share information about you only with the followings:
We do not sell your Personal Data, as “sale” is understood under the CCPA as well as UK DPA and EU GDPR. We will update this Notice if this changes.
All of your Personal Data that we collect may be transferred to a third party if we undergo a merger, acquisition, bankruptcy or other transaction in which that third party assumes control of our business (in whole or in part). Should one of these events occur, we will make reasonable efforts to notify you before your information becomes subject to different privacy and security policies and practices.
We may convert Personal Data into anonymous data, that is data which can no longer be linked with identifiable individuals, for example by aggregation of data about multiple individuals. We may create aggregated, de-identified or anonymised data from the Personal Data we collect, including by removing information that makes the data personally identifiable to a particular user.
For example, we use your self-reported health information, Test Results and some of your customer information to improve our models of the interaction of diet and health. The models we create have no individual information about you, being the aggregation of data from many individuals.
We may use such anonymous data and share it with third parties for our lawful business purposes, including to analyse, build and improve the Service and other future products and services, and promote our business, provided that the data remains anonymous. We do not delete anonymous data on any particular timetable. You may assume that we could keep it indefinitely.
We retain your Personal Data for as long as you maintain your account with us or as otherwise necessary to provide you the Services. We may also retain your Personal Data as required to comply with our legal obligations. We will delete your Personal Data on receiving a request by you to delete your account so long as we are no longer required to process your Personal Data for the purposes set out in this Privacy Policy (i.e. you delete your account and there is no other purpose that requires us to retain your Personal Data) or to keep it by law. Your Personal Data may remain on our backup/disaster recovery systems. However, this Personal Data will be completely and irredeemably destroyed or de-identified within 6 months after you delete your account.
You have certain rights with respect to your Personal Data, including those set forth below. For more information about these rights, please see the UK Information Commissioner Guide. To submit a request to exercise any of these rights, or to ask for more information, please email us at dpo@gogaston.io. You may also authorise an agent (an “Authorised Agent”) to exercise your rights on your behalf. To do this, you must provide your Authorised Agent with written permission to exercise your rights on your behalf, and we may request a copy of this written permission from your Authorised Agent when they make a request on your behalf.
We will work to respond to your valid request within 45 working days of receipt. We will not charge you a fee for making a valid request unless your valid request(s) is excessive, repetitive or manifestly unfounded. If we determine that your valid request warrants a fee, we will notify you the fee and explain that decision before
Some of the rights below apply only in specific circumstances. In other situations, we may not be able to fully comply with your request, for example if it would be impossible or would involve a disproportionate effort; or if it jeopardises the rights of others; but in those circumstances, we will still respond to notify you of such a decision. In some cases, we may also need you to provide us with additional information, which may include Personal Data, if necessary to verify your identity and the nature of your request.
Access: You can request more information about the Personal Data we hold about you and request a copy of such Personal Data.
Rectification: If you believe that any Personal Data we are holding about you is incorrect or incomplete, you can request that we correct or supplement such data.
Erasure: In some situations you may have a right to request that we erase some or all of your Personal Data from our systems.
Withdrawal of Consent: If we are processing your Personal Data based on your consent (as indicated at the time of collection of such data), you have the right to withdraw your consent at any time. Please note, however, that if you exercise this right, you may have to then provide express consent on a case-by-case basis for the use or disclosure of certain of your Personal Data, if such use or disclosure is necessary to enable you to utilize some or all of our Service.
Portability: You can ask for a copy of your Personal Data in a machine-readable format. You can also request that we transmit the data to another controller where technically feasible.
Objection: You can contact us to let us know that you object to the further use or disclosure of your Personal Data for certain purposes, such as for direct marketing purposes.
Restriction of Processing: You can ask us to restrict further processing of your Personal Data.
Right to File Complaint: You have the right to lodge a complaint about GastonAi’s practices with the UK’s Information Commissioner.
Our Data Protection Officer is contactable at dpo@gogaston.io.
If you are a California resident, please review the following additional privacy disclosures under the California Consumer Privacy Act (“CCPA”). You have the right to understand how we collect, use, and disclose your personal information, to access your information, to request that we delete certain information, and to not be discriminated against for exercising your privacy rights. You may exercise these rights using your account settings and tools as described in the Your Rights To Access and Control Your Personal Data section, for example:
If you need further assistance regarding your rights, please contact our Data Protection Officer at dpo@gogaston.io, and we will consider your request in accordance with applicable laws.
You have right to request certain information about our collection and use of your Personal Data over the past 12 months. In response, we will provide you with the following information:
If we have disclosed your Personal Data to any third parties for a business purpose over the past 12 months, we will identify the categories of Personal Data shared with each category of third party recipient. If we have sold your Personal Data over the past 12 months, we will identify the categories of Personal Data sold to each category of third party recipient.
You have the right to request that we delete the Personal Data that we have collected about you. Under the California Consumer Privacy Act (CCPA), this right is subject to certain exceptions: for example, we may need to retain your Personal Data to provide you with the Service or complete a transaction or other action you have requested. If your deletion request is subject to one of these exceptions, we may deny your deletion request.
We will not discriminate against you for exercising your rights under the CCPA. We will not deny you our goods or services, charge you different prices or rates, or provide you a lower quality of goods and services if you exercise your rights under the CCPA. However, we may offer different tiers of our Service as allowed by applicable data privacy laws (including the CCPA) with varying prices, rates or levels of quality of the goods or services you receive related to the value of Personal Data that we receive from you.
Under California Civil Code Sections 1798.83-1798.84, California residents are entitled to contact us to prevent disclosure of Personal Data to third parties for such third parties’ direct marketing purposes; in order to submit such a request, please contact us at dpo@gogaston.io.
Your browser may offer you a “Do Not Track” option, which allows you to signal to operators of websites and web applications and services that you do not wish such operators to track certain of your online activities over time and across different websites. Our Service does not support Do Not Track requests at this time. To find out more about “Do Not Track,” you can visit www.allaboutdnt.com.
We work hard to keep your data safe. We use a combination of technical, administrative, and physical controls to maintain the security of your data. No method of transmitting or storing data is completely secure, however. If you have any security-related questions or concerns, please contact our Data Protection Officer at dpo@gogaston.io.
If you have any questions, comments or concerns about this Privacy Notice, the ways in which we collect and use your Personal Data or your choices and rights regarding such collection and use, please contact us at dpo@gogaston.io.
We’re constantly trying to improve our products and services, which includes collecting new kinds of data or carrying out new analyses on that data, so the information on this page may need to change from time to time.
Last modified on 11 May 2025.
You will receive exclusive access to personalised nutrition insights, expert guidelines, ongoing science and nutrition emails, news and updates.
Gaston Ai was born out from a simple yet ambitious vision – to simplify health and enhance longevity. Millions of people around the world struggle with chronic conditions, food intolerances and metabolic imbalances.
We make precision nutrition scalable and accessible, no matter what your dietary, lifestyle and medical background is.
© 2025 Gaston Ai Limited. All Rights Reserved.
