Primen logoPrimen logo

Last updated: 21 April 2026

Privacy Policy

This policy explains how Primen collects, uses, stores, and protects your personal data. We follow the UK General Data Protection Regulation (UK GDPR), the EU GDPR, and the Data Protection Act 2018.

Important: once launched, the Primen mobile application will process special category health data under Article 9 of the GDPR, including data about mental health, hormonal vitality, intimate health, fertility, and physical rehabilitation. We are committed to treating this data with a high standard of care.

Waitlist stage: the mobile application is not yet live. At the moment, we only process the limited data you submit through this website (see Section 2). Sections that describe app data, processors, transfers, and security measures describe the service as it will operate at launch — not what is in place today.

1. Who we are

Primen is currently operated by Indiginess, which acts as the data controller for your personal data. Primen Ltd is in the process of being incorporated and will assume the role of data controller once registered. We will notify waitlist members of this change before it takes effect.

2. Scope of this policy

This policy covers this website (primen.app), the Primen mobile application, and our backend services. At the current waitlist stage, the only personal data we collect through this website is the information you submit to the waitlist form (such as your email address and optional profile details). The sections below describe the full scope of data processed once you start using the Primen app.

3. Data we collect

Account and profile data

Email address, hashed password, name, date of birth, optional location, subscription tier, and app preferences.

Special category health data (Article 9) — at launch

Once the app launches, we expect to process the following categories of special category health data. We do not collect any of this through the current waitlist website.

  • Mental wellbeing: mood scores, journal entries, mindfulness session data.
  • Hormonal vitality: qADAM assessment responses, symptom scores, and related trend data.
  • Hormone habit tracking: sleep, exercise, nutrition, stress, and alcohol indicators.
  • Intimate health: libido, morning erection quality, IIEF-5 scores, and private notes.
  • Physical fitness: movement, strength, mobility, pelvic floor, and recovery metrics.
  • Fertility and nutrition: structured programme inputs and related foundation data.

Technical and analytics data

Device type, operating system, app version, IP-derived region, crash logs, and interaction events used for aggregated analytics. See our Cookie Policy for web analytics details.

4. Lawful bases

  • Contract (Art. 6(1)(b)): account, profile, subscription, and service delivery data.
  • Explicit consent (Art. 9(2)(a)): all special category health data. You can withdraw consent at any time.
  • Legitimate interests (Art. 6(1)(f)): product analytics, fraud prevention, and service security.
  • Legal obligation (Art. 6(1)(c)): tax, records, and regulatory requirements.

5. How we use your data

  • To operate your account and deliver the services you have requested.
  • To personalise programmes, insights, and recommendations across the six health pillars.
  • To track your progress and show you trend analysis over time.
  • To improve and secure our products, including debugging and abuse prevention.
  • To communicate with you about updates, launch timing, and service changes.

We do not sell your data. We do not use your health data for advertising.

6. Sharing and processors

We share data with third-party processors that help us operate the Service, such as cloud hosting, email delivery, waitlist management, and website analytics. We put data processing agreements in place with our processors where required by GDPR, and we only share what is needed for the stated purpose. We are happy to provide a current list of processors on request.

Typical categories of processor include:

  • Cloud hosting and database providers.
  • Authentication, email delivery, and customer support tooling.
  • Product analytics and crash reporting.
  • Payment processors, if and when paid plans launch.

7. International transfers

Some of our processors are based outside the UK and EEA (for example, in the United States). Where personal data is transferred outside the UK or EEA, we aim to rely on an appropriate transfer mechanism under GDPR — such as adequacy regulations, the UK International Data Transfer Agreement, or EU Standard Contractual Clauses — and to apply additional safeguards where appropriate. If you would like details of the mechanism used for a specific transfer, contact us.

8. Retention

We keep personal data only for as long as we need it for the purposes set out in this policy, or for as long as required by law. Waitlist data is kept until you ask us to remove it, you unsubscribe, or the waitlist closes. When you ask us to delete your data, we delete or irreversibly anonymise it from our active systems, and we delete it from backups within the normal backup-rotation period.

9. Security

We use encryption in transit (HTTPS/TLS) between your device and our services, and we rely on our cloud providers' standard encryption at rest for data stored on their infrastructure. We apply access controls so that only people who need access to personal data have it.

At launch, we intend to apply additional, field-level encryption (for example AES-256) to the most sensitive free-text fields, such as journal entries and intimate health notes. No system is ever perfectly secure, and we cannot guarantee the security of data transmitted over the internet; we do commit to notifying you and the relevant regulator of any personal data breach in line with our legal obligations.

10. Your rights

Under UK and EU GDPR you have the right to:

  • Access a copy of the personal data we hold about you.
  • Rectify inaccurate or incomplete data.
  • Erase your data ("right to be forgotten").
  • Restrict or object to specific processing.
  • Receive your data in a portable format.
  • Withdraw consent at any time for consent-based processing.
  • Lodge a complaint with the UK Information Commissioner's Office (ICO) or your local EU supervisory authority.

To exercise any of these rights, email hello@indiginess.io. We aim to respond within one month of receiving your request. Where a request is complex or we receive a large number of requests, GDPR allows us to extend this by up to two further months; we will tell you within the first month if that applies, and explain why.

11. Cookies

See our Cookie Policy for details of the cookies used on this website and how to manage your preferences.

12. Children

Primen is intended for adults aged 18 and over. We do not knowingly collect personal data from anyone under 18. If you believe a minor has provided us with data, contact us and we will delete it.

13. Changes to this policy

We may update this policy to reflect changes to our services or legal obligations. Material changes will be communicated by email or in-app notice before they take effect.

14. Contact

For any privacy question or request, email hello@indiginess.io.