9LEMONZ

Last Updated: March 7, 2026 | Effective Date: March 7, 2026

1. Introduction

This Privacy Policy explains how HEALTHINNOVATEHERS LIMITED (trading as “9Lemonz”, “we”, “us”, or “our”), a company incorporated in Ireland, with its registered office at 2nd Floor The Mill, Greenmount Industrial Estate, Harolds Cross, Dublin 12, Ireland, collects, uses, discloses, and protects your personal information when you use the 9Lemonz mobile application and associated services (collectively, the “Service”).

By accessing or using the Service, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please do not use the Service.

We are committed to protecting the privacy of our users, particularly given the sensitive nature of health and wellness data. This policy complies with the EU General Data Protection Regulation (GDPR), the Irish Data Protection Act 2018, the UK GDPR, the California Consumer Privacy Act (CCPA), and applicable platform requirements, including Apple’s App Store Guidelines and health data access requirements for supported mobile platforms.

2. Data Controller

HEALTHINNOVATEHERS LIMITED is the data controller for the purposes of applicable data protection law.

Email: ger@9lemonz.com
Address: 2nd Floor The Mill, Greenmount Industrial Estate, Harolds Cross, Dublin 12, Ireland

3. Information We Collect

3.1 Information You Provide Directly

Account Information: Name, email address, password (stored as a cryptographic hash), date of birth, and menopause stage.
Profile Information: Profile photo, bio, and wellness preferences you choose to add.
Wellness Data: Symptoms, severity ratings, mood entries, nutrition logs, hydration tracking, activity records, sleep data, and wellness notes you manually enter into the app.
Community Content: Posts, comments, reactions, and any other content you submit to the community features, including anonymous posts.
Support Communications: Messages, emails, and feedback you send to our support team.
Subscription Information: Details related to your subscription plan and purchase history, processed through Apple In-App Purchase on iOS and Stripe on Android (we do not directly collect or store payment card details).

3.2 Information Collected Automatically

Device Information: Device model, operating system version, unique device identifiers, app version, language settings, and time zone.
Usage Data: App interactions, feature usage patterns, session duration, screens visited, and crash reports.
Log Data: IP address, access timestamps, and server logs for security and troubleshooting purposes.

3.3 Apple HealthKit and Android Health Connect Data

With your explicit permission, the 9Lemonz app may read and write health-related data from Apple HealthKit on iOS and Health Connect on Android, including the following data types where supported and authorised by you:

Step count and physical activity data
Active energy burned
Sleep analysis
Heart rate (resting and active)
Mindfulness minutes
Other health metrics you choose to sync

Important Health Data Commitments:

• Health data accessed through Apple HealthKit or Android Health Connect is used solely to provide personalised health insights and wellness tracking within the app.

• This health data is never shared with third parties under any circumstances.

• This health data is never used for advertising, marketing, or data brokering purposes.

• This health data is never sold to any party.

• This health data is stored securely on your device and is only transmitted to our servers if you explicitly enable cloud sync.

• On iOS, you may revoke HealthKit access at any time through your device Settings > Privacy & Security > Health > 9Lemonz.

• On Android, you may revoke Health Connect access at any time through Settings > Health Connect > App permissions > LEMONZ.

3.4 Information from Third-Party Sign-In

If you sign in using Apple Sign-In or Google Sign-In, we receive only the information you authorise: typically your name, email address (or a private relay email in the case of Apple), and a unique account identifier. We do not receive or store your password from these services.

4. How We Use Your Information

We use your information for the following purposes:

Provide the Service: Create and manage your account, deliver personalised wellness tracking, symptom analysis, and AI-powered health insights.
Improve the Service: Analyse usage patterns, diagnose technical issues, conduct research and development, and improve features and user experience.
Community Features: Display your posts and comments (or anonymous versions), enable interactions with other users, and moderate content.
Communication: Send transactional emails (account verification, password resets), respond to support requests, and deliver important service updates.
Safety and Security: Detect and prevent fraud, abuse, and security incidents; enforce our Terms of Use and Community Guidelines.
Legal Compliance: Comply with applicable laws, regulations, legal processes, and governmental requests.
Personalisation: Tailor content recommendations, learning paths, and wellness challenges based on your menopause stage and preferences.

We do not use your data for:

Cross-app or cross-site tracking for advertising purposes
Selling to third parties
Building advertising profiles
Any purpose incompatible with this Privacy Policy

5. Legal Bases for Processing (EEA/UK Users)

Where the GDPR or UK GDPR applies, we rely on the following legal bases:

Performance of a Contract: Processing necessary to provide the Service under our Terms of Use (account management, wellness tracking, subscription services).
Consent: For processing HealthKit data, Health Connect data, optional analytics, and community participation. You may withdraw consent at any time without affecting the lawfulness of prior processing.
Legitimate Interests: For security, fraud prevention, service improvement, and analytics, balanced against your rights and interests.
Legal Obligation: Where required to comply with applicable law, regulation, or legal process.

6. How We Share Your Information

We do not sell, rent, or trade your personal information. We may share information in the following limited circumstances:

6.1 Service Providers

We engage trusted third-party service providers who process data on our behalf under strict contractual obligations and appropriate security measures:

Cloud Hosting: Secure server infrastructure for data storage and processing.
Analytics: Aggregated, anonymised usage analytics to improve the Service.
Email Delivery: Transactional email services for account verification and notifications.
Payment Processing: Subscription payments are processed by Apple through In-App Purchase on iOS and by Stripe on Android. We do not receive or store your full payment card information.

6.2 Legal Requirements

We may disclose information if required by law, regulation, legal process, or governmental request, or if we believe in good faith that disclosure is necessary to protect the rights, property, or safety of 9Lemonz, our users, or the public.

6.3 Business Transfers

In the event of a merger, acquisition, reorganisation, or sale of assets, your information may be transferred as part of that transaction. We will notify you before your information becomes subject to a different privacy policy.

6.4 With Your Consent

We may share information with your explicit consent for purposes not described in this policy.

6.5 Community Content

Content you post to the community is visible to other users. Anonymous posts display without your name or profile information. Please exercise caution when sharing personal information in community posts.

7. Data Retention

We retain your personal information for as long as necessary to provide the Service and fulfil the purposes described in this policy, unless a longer retention period is required or permitted by law.

Account Data: Retained for the duration of your active account and for up to 30 days after account deletion to allow for recovery.
Wellness Data: Retained for the duration of your active account. Deleted upon account deletion.
Community Posts: Retained while your account is active. Deleted posts are removed within 24 hours.
Health Data: HealthKit and Health Connect data are processed in real time and cached locally on your device. Server-side copies (if sync is enabled) are deleted upon account deletion.
Log and Analytics Data: Retained for up to 12 months for security and operational purposes, then anonymised or deleted.
Support Communications: Retained for up to 24 months after resolution for quality assurance.

You may request earlier deletion at any time by contacting us (see Section 11).

8. Your Rights

8.1 All Users

Regardless of your location, you have the right to:

Access the personal information we hold about you.
Correct inaccurate or incomplete information.
Delete your account and associated data.
Withdraw consent for optional data processing at any time.

8.2 EEA/UK Users (GDPR Rights)

Under the GDPR and UK GDPR, you additionally have the right to:

Restrict processing of your personal data in certain circumstances.
Object to processing based on legitimate interests.
Data portability (receive your data in a structured, machine-readable format).
Not be subject to decisions based solely on automated processing, including profiling, that produce legal or similarly significant effects.
Lodge a complaint with the Irish Data Protection Commission (www.dataprotection.ie) or your local supervisory authority.

8.3 California Users (CCPA Rights)

Under the CCPA, California residents have the right to:

Know what personal information is collected, used, and shared.
Request deletion of personal information.
Opt out of the sale of personal information (we do not sell personal information).
Non-discrimination for exercising your privacy rights.

8.4 How to Exercise Your Rights

To exercise any of these rights, contact us at ger@9lemonz.com. We will respond to your request within 30 days (or sooner where required by law). We may need to verify your identity before processing your request.

9. Data Security

We implement appropriate technical and organisational measures to protect your personal information, including:

Encryption of data in transit (TLS/SSL) and at rest (AES-256).
Secure authentication with hashed passwords.
Regular security assessments and vulnerability testing.
Access controls limiting data access to authorised personnel on a need-to-know basis.
Secure cloud infrastructure with industry-standard certifications.
Incident response procedures for prompt detection and remediation of security events.

While we take extensive measures to protect your data, no method of electronic storage or transmission is 100% secure. If you become aware of a security vulnerability, please contact us immediately at ger@9lemonz.com.

10. International Data Transfers

Your information may be transferred to and processed in countries outside the European Economic Area (EEA) or the United Kingdom. When we transfer data internationally, we ensure appropriate safeguards are in place, including:

European Commission adequacy decisions.
Standard Contractual Clauses (SCCs) approved by the European Commission.
Binding Corporate Rules where applicable.

You may request information about the safeguards in place by contacting us.

11. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email: ger@9lemonz.com
Postal Address: HEALTHINNOVATEHERS LIMITED, 2nd Floor The Mill, Greenmount Industrial Estate, Harolds Cross, Dublin 12, Ireland

For complaints regarding data protection, you may also contact the Irish Data Protection Commission:

Website: www.dataprotection.ie
Email: info@dataprotection.ie
Phone: +353 (0)761 104 800

12. Children’s Privacy

The Service is intended for individuals aged 18 and older. We do not knowingly collect personal information from anyone under the age of 18. If you are a parent or guardian and believe that your child has provided us with personal information, please contact us at ger@9lemonz.com so we can take appropriate steps to delete such information.

13. Cookies and Tracking Technologies

The 9Lemonz mobile app does not use browser cookies. However, we may use the following technologies:

Local Storage: To save your preferences and session data on your device.
Analytics SDKs: To collect anonymised usage data for service improvement (you may opt out in Settings).

We do not use the Apple Identifier for Advertisers (IDFA) or the Android Advertising ID for advertising purposes, and we do not integrate any third-party advertising SDKs. We do not track users across apps and websites owned by other companies.

14. AI-Powered Features

9Lemonz includes AI-powered features such as personalised health insights, symptom pattern analysis, and content recommendations. Regarding these features:

AI processing is based on the wellness data you provide within the app.
AI-generated insights are for informational purposes only and are not a substitute for professional medical advice.
Your data used for AI features is not shared with third-party AI providers for their own training purposes.
You can disable AI-powered personalisation features in the app Settings.

15. Community and User-Generated Content

Our community features allow you to share posts and interact with other users. Please note:

All posts are subject to moderation and must comply with our Community Guidelines.
You may post anonymously. Anonymous posts do not display your name, profile photo, or identifying information to other users.
You may delete your own posts at any time, and they will be removed immediately.
You may report objectionable content or block abusive users through the in-app tools.
Community moderators review flagged content and take action within 24 hours.
Even with anonymous posting, we retain a private association between the post and your account for moderation purposes.

16. Subscriptions and Payments

Subscription payments for the iOS app are processed through Apple’s In-App Purchase system, while subscription payments for the Android app are managed by Stripe. We do not collect, process, or store full credit card numbers, bank account details, or other financial payment instruments on our own systems.

Apple and Stripe manage payment processing, billing, and related payment operations in accordance with their own terms and privacy policies.

We receive transaction confirmations and subscription status information, which we use to activate, maintain, and manage your premium features.

17. Third-Party Links and Services

The Service may contain links to third-party websites, apps, or services. We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party service before providing your information.

18. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will:

Update the “Last Updated” date at the top of this policy.
Notify you through the app or by email before the changes take effect.
Where required by law, seek your consent before applying material changes to how your data is processed.

We encourage you to review this policy periodically.

19. Governing Law

This Privacy Policy is governed by the laws of Ireland, without regard to conflict of law principles, and subject to the jurisdiction of the Irish courts. Nothing in this policy affects your statutory rights under applicable data protection law, including your right to lodge a complaint with your local supervisory authority.