Research Peptides UK Domestic Stock Fast Dispatch Discreet Packaging Research Use Only Orders Shipped from the UK Research Peptides UK Domestic Stock Fast Dispatch Discreet Packaging Research Use Only Orders Shipped from the UK
Legal & Compliance

Privacy Policy

Last updated: June 2026  ·  Covers novabiolabs.co.uk and the Nova Tracker app

UK GDPR Compliant
Your privacy matters to us.

This policy explains what personal data we collect through the Nova Biolabs website (novabiolabs.co.uk) and the Nova Tracker mobile application, why we collect it, and how we handle it. Nova Biolabs is committed to transparency and to meeting its obligations under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Who We Are

Nova Biolabs ("we", "us", "our") is the data controller for personal data collected through www.novabiolabs.co.uk and the Nova Tracker mobile application (available on the Apple App Store and Google Play Store).

Nova Biolabs is a UK-based company. Nova Tracker is a health and wellness tracking application operated by Nova Biolabs.

If you have any questions about how we handle your data, please contact us:

General
info@novabiolabs.co.uk
App Support
support@novabiolabs.co.uk
Website
www.novabiolabs.co.uk

2. Age Restriction

The Nova Biolabs website and the Nova Tracker app are intended for users who are 18 years of age or older. We do not knowingly collect personal data from individuals under the age of 18.

If you believe we have inadvertently collected data from a person under 18, please contact us at support@novabiolabs.co.uk and we will delete it promptly.

3. What Data We Collect

Website (novabiolabs.co.uk)

  • Order data — full name, email address, phone number, shipping address, and country. Collected when you place an order.
  • Communication data — messages sent to us via WhatsApp or email.
  • Marketing data — your email address, if you sign up for restock notifications.
  • Technical data — IP address, browser type, and pages visited, collected via cookies when you browse our site.

Nova Tracker App

  • Account data — email address and password (stored securely via Firebase Authentication). An optional display name if you choose to set one.
  • Health and wellness data — data you choose to log in the app, which may include: body weight, calorie intake, protein intake, water intake, step count, sleep duration and quality, progress photos, and general fitness goals and progress notes.
  • Device data — device type, operating system version, and app version, used to diagnose technical issues.
  • Usage data — which features you use within the app, used to improve the product.

All health and wellness data entered into Nova Tracker is data you actively choose to input. We do not infer or derive health data beyond what you explicitly log.

4. Health & Wellness Tracking Data

Data you log in Nova Tracker — such as weight, calories, protein, water, steps, sleep, progress photos, and fitness notes — is considered personal data, and in some cases may constitute special category data under UK GDPR (health data).

We process this data solely to provide you with the features of the Nova Tracker app. We do not sell this data, share it with advertisers, or use it to make automated decisions about you.

Progress photos you upload are stored securely in your personal Firebase account and are not shared with any third party.

Apple Health / Google Health Connect: If you grant Nova Tracker permission to read from or write to Apple Health (HealthKit) or Google Health Connect, data from those platforms is used only to populate your in-app tracking and is never uploaded to any server without your explicit action. You can revoke this permission at any time through your device's settings.

5. Third-Party Services

We do not sell your personal data. We use the following trusted third-party services to operate our website and app:

Nova Tracker App

  • Google Firebase — We use Firebase for user authentication (Firebase Auth), data storage (Firestore), and file storage (Firebase Storage). Your account credentials and in-app data are stored on Firebase infrastructure hosted within Google's cloud. Firebase processes data in accordance with Google's privacy and security standards. Data may be processed in the United States under Google's Standard Contractual Clauses. See firebase.google.com/support/privacy.
  • Apple HealthKit — If you grant permission, the app can read and write health data to and from Apple Health on your device. This data is not sent to our servers unless you explicitly log it within the app.
  • Google Health Connect — If you grant permission on Android, the app can read and write health data to and from Health Connect. This data is not sent to our servers unless you explicitly log it within the app.
  • Analytics — We may use Firebase Analytics or similar analytics tools to understand how the app is used. This data is aggregated and anonymised where possible and is used solely to improve the app.

Nova Biolabs Website

  • EmailJS — to send order confirmation emails. Your order details are passed to their servers for this purpose.
  • Formspree — to handle restock notification signups. Your email address is transmitted to their servers.
  • Google Fonts — fonts are loaded from Google's servers. Your IP address may be logged by Google.

All third-party providers are required to handle your data securely and in accordance with applicable data protection law.

6. Notifications

Nova Tracker may send you push notifications on your device — for example, reminders to log your meals, water intake, or daily progress. These notifications are delivered using your device's operating system notification service (Apple Push Notification Service or Google Firebase Cloud Messaging).

You can enable or disable push notifications at any time through your device's notification settings. Disabling notifications will not affect your ability to use the app.

We will not send unsolicited marketing push notifications without your consent.

7. Why We Process Your Data (Legal Basis)

Under UK GDPR, we must have a lawful basis for processing your personal data:

  • Contract Account & app features — we process your account data and in-app logs to provide the Nova Tracker service you have signed up for.
  • Contract Order processing — we process website order data to fulfil and dispatch purchases.
  • Explicit Consent Health data — where the data you log constitutes health data under UK GDPR, we process it on the basis of your explicit consent, given when you actively input it into the app.
  • Consent Notifications — push notifications are sent on the basis of your consent via device permission.
  • Consent Marketing emails / restock alerts — based on your consent when you submit your email address.
  • Legitimate Interests Analytics & improvement — we have a legitimate interest in understanding how our site and app are used so we can improve them.

8. How Data Is Stored & Secured

Nova Tracker data (your account and health logs) is stored in Google Firebase. Firebase uses encryption in transit (TLS) and encryption at rest for Firestore and Firebase Storage. Access to your data is restricted by Firebase Security Rules so that only your authenticated account can read or write your own data.

Passwords are never stored in plain text. Firebase Authentication handles credential management using industry-standard hashing.

Progress photos you upload are stored in your private Firebase Storage folder and are not publicly accessible.

Website order data is held securely by us and by the third-party services listed in Section 5.

We regularly review our security practices but no system is completely immune to risk. If you become aware of any security issue, please contact us at support@novabiolabs.co.uk.

9. How Long We Keep Your Data

  • Nova Tracker account & health logs — retained for as long as your account is active. If you delete your account, your data is deleted within 30 days.
  • Progress photos — retained until you delete them in-app or delete your account.
  • Website order data — retained for 7 years, as required by UK HMRC accounting rules.
  • Marketing emails — retained until you unsubscribe or withdraw consent.
  • Communication data — retained for a reasonable period to resolve queries, then deleted.

10. Requesting Account & Data Deletion

You can delete your Nova Tracker account and all associated data at any time. To do so:

  • Use the account deletion option within the Nova Tracker app settings, if available; or
  • Email us at support@novabiolabs.co.uk with the subject line "Delete My Account" and the email address associated with your account.

We will confirm deletion within 14 days. All personal data including account details, health logs, and progress photos will be permanently deleted within 30 days of your request. Note that some minimal data may be retained where required by law (e.g. financial records).

11. Your Rights Under UK GDPR

As a data subject, you have the following rights in relation to your personal data:

Right of access — request a copy of your data
Right to rectification — correct inaccurate data
Right to erasure — request deletion of your data
Right to object — object to how we use your data
Right to portability — receive your data in a usable format
Right to restrict processing — limit how we use your data
Right to withdraw consent — at any time, for consent-based processing

To exercise any of these rights, please email us at support@novabiolabs.co.uk. We will respond within one calendar month.

You also have the right to lodge a complaint with the UK's supervisory authority, the Information Commissioner's Office (ICO), at ico.org.uk or by calling 0303 123 1113.

12. Cookies (Website Only)

The Nova Biolabs website uses a small number of strictly functional cookies. No advertising or third-party tracking cookies are used. The Nova Tracker app does not use browser cookies.

Cookie Name Purpose Type Retention
cart Stores the contents of your shopping cart so items persist across pages. Functional Session
cookie_consent Remembers whether you have accepted or declined our cookie notice. Functional 1 year
nova_verified Remembers that you have completed age and compliance verification on entry. Functional Session

You can manage or delete cookies through your browser settings at any time.

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for legal, regulatory, or operational reasons. The date at the top of this page will always reflect when the policy was last revised.

For material changes affecting Nova Tracker users, we will provide notice within the app or by email where possible. We encourage you to review this page periodically.

14. Contact Us

If you have any questions, concerns, or requests relating to this Privacy Policy or your personal data, please get in touch:

Nova Tracker App
support@novabiolabs.co.uk
Website / Orders
info@novabiolabs.co.uk
← Back to Home