Contact Us

Privacy Policy

Effective: 2nd May 2025

1. Introduction

At Mitra Bio, we are committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, share, and protect personal information when providing our services, including epigenetic analysis of skin samples and related research activities.

We work with academic research institutions, medical professionals, skincare companies, and pharmaceutical companies (“our partners”) to support clinical trials and research studies. In many cases, we act as a data processor, processing personal data on behalf of our partners in accordance with their instructions. In these situations, our partners are responsible for informing individuals about how their personal data will be used, and for managing consent and rights requests.

Separately, Mitra Bio also acts as a data controller in specific cases:

  • When we collect personal data directly, such as through lifestyle questionnaires, when you sign up for communications, or when you participate in a clinical study organized by Mitra Bio;
  • When we receive pseudonymized personal data from our partners for research purposes;
  • When we create de-identified or pseudonymized datasets from personal data for internal research and scientific development.

This Privacy Policy describes how we process personal data in these situations where we act as a data controller.

“Personal Data” means any information that identifies or relates to an individual, including pseudonymized data where individuals remain identifiable through additional information, under applicable data protection laws such as the UK GDPR and EU GDPR.

We encourage you to read this Privacy Policy carefully to understand how Mitra Bio processes personal data, and the choices and rights available to you.

2. What personal data we collect

We collect and process personal data depending on the nature of your interaction with Mitra Bio.

2.1 Personal Data Collected Directly by Mitra Bio

If you are a research participant, we collect your personal data to:

  • Assess changes in skin health and biological markers in response to treatments;
  • Conduct scientific research into skin aging, skin diseases, inflammation, and epigenetic changes;
  • Develop and validate new skin health biomarkers;
  • Manage communications and research participation;
  • Comply with legal and ethical obligations in research.

The data we collect may include:

  • Identity and Contact Data: name, email, phone number, address (city, country), date of birth, sex assigned at birth
  • Lifestyle and Skin Health Data: responses to health questionnaires, symptoms, lifestyle habits, health conditions, photos of skin lesions, skin health metrics
  • Biological Sample Data: tape strip skin samples, genomic sequencing data, methylation and epigenetic analysis results

If you are a partner, customer, or subscriber, we collect your personal data to:

  • Provide contracted services;
  • Communicate about scientific and service updates;
  • Manage customer relationships;
  • Improve our services;
  • Comply with legal obligations.

The data we collect may include:

  • Name, email, phone number, company affiliation, professional designation
  • Communication preferences
  • Any additional information voluntarily provided

2.2 Pseudonymized Personal Data Received from Our Partners

When supporting clinical trials or research sponsored by our partners (such as academic institutions and skincare companies), we may receive pseudonymized personal data. We act as an independent data controller for this data for research purposes.

We process this data to:

  • Conduct research into skin aging, skin diseases, inflammation, and epigenetic signatures;
  • Develop and validate predictive biomarkers;
  • Create aggregated, de-identified datasets;
  • Train and improve machine learning models.

The pseudonymized data we may receive includes:

  • Age and sex
  • City, state or province, and country
  • Skin health questionnaire responses
  • Skin measurements (e.g., metrics, photos)
  • genomic sequencing files (e.g., FASTQ files)
  • Lifestyle metadata

2.3 Data Collected from Website Visitors

When you visit our website, we automatically collect:

  • IP address
  • Browser and device type
  • Referral source
  • Pages viewed and browsing actions
  • Access times and dates

We collect this information to:

  • Improve website performance and functionality;
  • Detect and prevent fraud or abuse;
  • Analyze aggregated usage trends.

We may also use cookies and similar technologies. For more details, please refer to our Cookie Policy.

3. How we collect personal data

We collect personal data:

  • Directly from individuals (e.g., when you complete a questionnaire, participate in research, or contact us);
  • From partners (e.g., pseudonymized clinical trial data shared with us);
  • Automatically through website technologies like cookies.

4. How we share your personal data

We only share personal data where necessary and in accordance with applicable laws. We may share personal data with:

  • Our partners and sponsors, where required by research projects or clinical trial agreements;
  • Hosting and IT service providers supporting our operations;
  • Sequencing providers, such as Novogene, who process DNA samples under our instruction;
  • Legal, regulatory, or governmental authorities when required to comply with legal obligations.

We ensure that all third parties respect the security of your personal data and process it lawfully.

We do not sell personal data.

5. International transfers of personal data

Some of our partners and service providers are located outside the United Kingdom and European Economic Area (EEA). When transferring personal data internationally, we implement safeguards such as:

  • Using countries deemed to provide an adequate level of protection by the UK or EU;
  • Implementing Standard Contractual Clauses approved by the European Commission or the UK ICO.

You may contact us for more information about international data transfers and the safeguards we apply.

6. Pseudonymization and aggregation in scientific research

Where appropriate, Mitra Bio may transform personal data into pseudonymized or aggregated data for the purpose of scientific research.

  • Pseudonymization is a security technique where personal data is processed in such a way that it can no longer be attributed to a specific individual without the use of additional information. For example, we replace direct identifiers (such as names or contact details) with codes or internal reference numbers and we destroy the key linking the code to the individual’s identity. This helps protect your privacy while still allowing us to carry out meaningful scientific research.
  • Aggregation involves combining information from multiple individuals in a way that prevents identification of any single individual. For example, we may aggregate methylation patterns across participant groups to develop generalized models of skin aging.

Wherever possible, we implement technical and organizational measures to ensure that data used for research purposes cannot be linked back to identifiable individuals without disproportionate effort.

7. How long we keep your personal data

We retain personal data only for as long as necessary for the purposes for which we collected it, including to satisfy legal, regulatory, or scientific research obligations.

Retention periods vary depending on the type of data:

  • Research participation data is typically retained for up to 60 days after study completion, subject to ethical requirements;
  • Mailing list information is retained until you unsubscribe;
  • Website analytics data is typically retained for up to 90 days unless needed for security investigations.

Where data is anonymized or pseudonymized, it may be retained for up to 25 years for scientific research purposes.

8. Your legal rights

You have the right to:

8.1 Request access to your personal data. This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.

8.2 Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.

8.3 Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us to continue to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.

8.4 Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.

8.5 Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios:
Where our use of the data is unlawful, but you do not want us to erase it.
Where you need us to hold the data even if we no longer require it as you need it to establish, exercise, or defend legal claims.
You have objected to our use of your data, but we need to verify whether we have overriding legitimate grounds to use it.

8.6 Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.

8.7 Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.

8.8 Make a complaint you have the right to make a complaint at any time to the relevant regulator

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive. Alternatively, we could refuse to comply with your request in these circumstances.

Certain rights, such as the right of access and the right to erasure, may be limited where exercising them would seriously impair the achievement of the scientific research objectives. This is in accordance with Article 89(1) of the UK General Data Protection Regulation (UK GDPR).

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information concerning your request to speed up our response.

We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made several requests. In this case, we will notify you and keep you updated.

If you want to make a request click the button below, go to the link provided or get in touch with us at [email protected]

9. Data security

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorised way, altered, or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors, and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

Where you have chosen a password that enables you to access certain parts of our applications, you are responsible for keeping this password confidential. We ask you not to share the password with anyone.

10. Personal data of children

As noted in our Terms of Service, we do not knowingly collect or solicit Personal Data about children under 18 years of age. If you are a child under the age of 18, please do not attempt to register for or otherwise use the Service or send us any Personal Data.

If we learn we have collected Personal Data from a child under 18 years of age, we will delete that information as quickly as possible. If you believe that a child under 18 years of age may have provided Personal Data to us, please contact us at [email protected]

11. Cookies and website data

We use cookies and similar technologies to collect information about website usage and to improve your browsing experience. For more detailed information about the cookies we use and how you can manage your cookie preferences, please refer to our Cookie Policy.

12. Contact us

If you have any questions about this Privacy Policy or wish to exercise your data protection rights, please contact us at:

Privacy Team
Mitra Bio Ltd
Translation and Innovation Hub
White City Campus, London, W12 0BZ
Email: [email protected]

Join the skin longevity revolution

Subscribe to our free monthly newsletter reviewing the latest age-reversal technologies that we love!