Privacy policy

Last updated: 29 April 2026

This Privacy Policy explains how pCOMP Ltd, trading as Nature’s Code Nutrition ("Nature’s Code", "we", "us" or "our"), collects, uses, stores and shares personal information when you visit our website, buy products, create an account, register a DNA kit, use our customer portal, receive personalised nutrition recommendations, contact us, or otherwise use our services.

pCOMP Ltd is a company registered in England and Wales under company number 15460621. Our registered office is 124 City Road, London, Greater London, United Kingdom, EC1V 2NX.

For the purposes of applicable data protection law, including UK data protection law and, where applicable, the EU General Data Protection Regulation, pCOMP Ltd is the data controller of the personal information described in this Privacy Policy, except where we explain otherwise.

You can contact us about privacy matters at privacy@naturescode.uk.

This Privacy Policy should be read together with our Terms of Service, Cookie Policy, DNA Testing and Personalised Nutrition Consent, Refund and Cancellation Policy, Shipping Policy, and any product or service-specific notices shown to you when you use our services.

1. Our privacy commitment

Nature’s Code provides personalised nutrition support for people preparing for pregnancy, during pregnancy and after birth. Some of our services may involve DNA testing, pregnancy-stage information, fertility-related information, supplement preferences, personalised report outputs and customer portal data.

We treat this information carefully. In particular:

  • We do not sell your genetic data.

  • We do not use your genetic data for insurance, employment or credit decisions.

  • We do not provide medical diagnoses.

  • We do not share your identifiable DNA results with your partner, employer, clinic or other third party unless you ask us to, consent to it, or we are legally required to do so.

  • We do not voluntarily share your genetic data with law enforcement, government agencies, insurers or employers.

  • We do not use identifiable genetic or health-related information for research unless you have opted in, we have another lawful basis, or the information has been anonymised so that it no longer identifies you.

  • We aim to collect only the information needed to provide, protect and improve our services.

2. Your DNA privacy choices

If you use a Nature’s Code DNA testing or personalised nutrition service, you have choices over how your DNA-related information is used.

You can:

  • choose whether to activate a DNA kit

  • review the DNA Testing and Personalised Nutrition Consent before your sample is processed

  • choose whether to opt in to optional research or outcomes analysis using identifiable information

  • ask us to delete or anonymise DNA-related records, subject to legal, safety, audit and operational limits

  • choose whether to share your results with a partner or another person

  • unsubscribe from marketing without affecting your core service

  • manage non-essential cookie choices through our cookie banner or cookie preferences tool

  • contact us with questions about your data at privacy@naturescode.uk

Some choices may affect whether we can provide a service. For example, if you do not provide the information and consent needed for DNA processing, we may not be able to generate a DNA-personalised report.

3. Who this Privacy Policy applies to

This Privacy Policy applies to people who interact with Nature’s Code, including:

  • website visitors

  • customers

  • account holders

  • people who purchase or receive our products

  • people who register or use DNA kits

  • people who use our portal or receive reports

  • people who contact us for support

  • people who receive marketing communications from us

  • prospective partners, clinics, practitioners, suppliers and business contacts

This Privacy Policy applies to customers and visitors in the United Kingdom, the European Union, the European Economic Area and other locations where our website or services are made available, subject to applicable local law.

4. Personal information we collect

The information we collect depends on how you interact with us.

4.1 Contact and account information

We may collect:

  • name

  • email address

  • phone number

  • billing address

  • shipping address

  • account login details

  • communication preferences

  • customer support messages

4.2 Order, payment and transaction information

We may collect:

  • products purchased or viewed

  • subscription details

  • order history

  • delivery details

  • returns, refunds or cancellation information

  • payment status and payment confirmation details

Payments are processed by payment providers such as Stripe, American Express, Worldpay, Shopify Payments or other payment processors. We do not intentionally store full payment card numbers on our own systems.

4.3 Website, device and usage information

When you use our website or online services, we may collect:

  • IP address

  • browser type

  • device information

  • operating system

  • pages viewed

  • links clicked

  • time spent on pages

  • referral source

  • basket, checkout and purchase activity

  • cookie and similar tracking information

Further information is provided in our Cookie Policy and cookie preference tools.

4.4 Product, nutrition and preference information

Depending on the services you use, we may collect:

  • life stage, such as trying to conceive, pregnancy trimester or postnatal stage

  • biological sex where relevant to recommendations

  • dietary preferences, such as vegan, vegetarian or food-grown preferences

  • supplement preferences

  • product suitability information

  • responses to quizzes, forms or onboarding questions

  • safety-relevant information you choose to provide

  • communication and content preferences

4.5 Genetic, health and pregnancy-related information

If you use a DNA testing or personalised nutrition service, we may collect and process information such as:

  • kit ID

  • batch ID

  • sample processing status

  • lab result data

  • genetic variant information, such as rsIDs and genotypes

  • gene-level interpretation outputs

  • nutrient-related genetic interpretation outputs

  • nutrient score or tier outputs

  • personalised recommendation outputs

  • dosage recommendation outputs

  • safety notes or report explanations

  • portal records showing your personalised results

  • consent records linked to DNA testing, report generation and optional uses

Genetic data and health-related data may be treated as special category personal data under UK and EU data protection law. We therefore apply additional safeguards and rely on an appropriate lawful basis and special category condition before processing it.

5. How we collect information

We collect information:

  • directly from you, for example when you create an account, place an order, register a kit, complete a quiz or contact us

  • automatically through our website, apps, cookies and similar technologies

  • from our service providers, such as Shopify, payment processors, fulfilment providers, CRM platforms, analytics providers, portal providers and technical infrastructure providers

  • from our lab partner, where you use a DNA testing service

  • from clinics, employers, partners or referral sources, where you have interacted with them and the sharing is lawful and transparent

  • from public or professional sources where relevant to business communications, partnerships or legal compliance

6. How we use your personal information

We use personal information for the purposes described below.

6.1 To provide our website, store and customer account services

We use information to:

  • operate our website and online store

  • create and manage your account

  • process orders and subscriptions

  • take payment

  • arrange fulfilment and delivery

  • process returns, refunds and cancellations

  • provide customer support

  • send service messages about your account, orders or subscriptions

6.2 To provide DNA testing and personalised nutrition services

Where you have registered a kit and provided the required consent, we use information to:

  • register your kit

  • link your kit to your customer account

  • manage sample collection and lab processing

  • receive relevant lab output from our lab partner

  • process genetic result data through our rules engine

  • generate personalised nutrient-related insights

  • select relevant nutrition recommendations

  • display your report or outputs in your customer portal

  • provide support if there is a kit, sample, lab or report issue

  • maintain appropriate audit, quality and safety records

Before we process your DNA sample, you must complete the kit registration and consent steps. These explain what the test does, what it does not do, what data is created, how results are used, and which optional uses you can accept or decline.

Our personalised nutrition outputs are generated using a controlled rules engine that links specific genetic results to nutrient-related interpretation rules and recommendation tiers. These outputs are designed to support nutrition education and supplement personalisation. They are not a medical diagnosis and should not replace advice from a GP, midwife, dietitian, fertility specialist or other qualified healthcare professional.

6.3 To provide health, safety and product support

We may use information to:

  • respond to product questions

  • investigate quality or safety concerns

  • record and respond to complaints

  • maintain safety and adverse event records where relevant

  • review recommendation content and safety notes

  • support insurance, regulatory, legal or professional advice processes

6.4 To personalise your experience

We may use information to:

  • show relevant products, content or plans

  • tailor information to your stage, such as trying to conceive, pregnancy trimester or postnatal stage

  • remember preferences

  • improve website and portal usability

  • provide educational content that is more relevant to your needs

We do not use your identifiable genetic data or report outputs for third-party advertising targeting.

6.5 To send marketing communications

Where permitted by law, we may use your contact details, purchase history, preferences and interactions with Nature’s Code to send marketing communications about Nature’s Code products, services, education, offers and updates.

We may send marketing where:

  • you have consented to receive it

  • you have bought from us or discussed buying similar products or services and we are permitted to rely on a soft opt-in

  • another lawful basis applies

You can unsubscribe from marketing emails at any time using the unsubscribe link in our emails or by contacting us. We may still send non-marketing service messages, such as order confirmations, account messages, subscription updates, kit processing updates, safety notices or important changes to our terms.

We do not use genetic data, report outputs, fertility status, pregnancy stage or health-related information to create third-party advertising audiences unless we have a lawful basis, appropriate consent where required, and have assessed the privacy risks.

6.6 To improve and protect our services

We use information to:

  • monitor website and service performance

  • debug technical issues

  • prevent fraud and misuse

  • secure accounts and systems

  • improve product design and customer experience

  • test and improve our recommendation methodology

  • maintain internal records and audit logs

  • train staff and improve customer support

Where possible, we use aggregated, de-identified or anonymised information for improvement and analytics.

6.7 Research, outcomes analysis and anonymised insights

Nature’s Code aims to improve understanding of nutrition needs across life stages. We may use anonymised or aggregated information to improve our products, methodology, evidence base and educational content.

If information has been anonymised so that it can no longer reasonably identify you, it is no longer personal data.

We will not use identifiable genetic or health-related information for research or outcomes analysis unless you have given separate opt-in consent, another lawful basis applies, or the information has first been anonymised.

Choosing not to participate in optional research or outcomes analysis will not prevent you from buying products or receiving your report.

6.8 Legal, regulatory and business purposes

We may use information to:

  • comply with law

  • respond to lawful requests from regulators, courts or authorities

  • enforce our terms and policies

  • protect our rights, users, systems and business

  • manage disputes, claims or investigations

  • obtain legal, accounting, insurance, security or professional advice

  • support a merger, sale, restructuring, financing or business transfer

7. Lawful bases for processing

We rely on different lawful bases depending on the purpose.

7.1 Contract

We process personal information where necessary to provide products and services you have requested, including orders, subscriptions, account services, kit registration, DNA testing services and personalised reports.

7.2 Consent

We rely on consent where required, including for certain marketing, non-essential cookies, certain DNA testing activities, certain special category data processing, and optional research or outcomes analysis.

Where we rely on consent, you can withdraw consent at any time. Withdrawal of consent does not affect processing that happened before withdrawal.

7.3 Legitimate interests

We may process information where necessary for our legitimate interests, provided your rights and interests do not override those interests. Examples include improving our services, securing our systems, preventing fraud, managing business operations, handling customer queries and understanding how customers use our website.

7.4 Legal obligation

We may process information where necessary to comply with legal, tax, accounting, regulatory, consumer protection, product safety or other obligations.

7.5 Special category data

Where we process genetic data, health-related data or pregnancy-related information that is special category data, we also rely on a special category condition. This may include explicit consent or another condition permitted by law.

8. DNA testing, samples and lab processing

If you use a DNA testing service, our lab partner, currently AttoDiagnostics, may process your sample and return the relevant genetic result data required to generate your Nature’s Code report.

We aim to minimise the information shared with the lab, for example by using kit IDs and operational identifiers where practical.

The lab may process information such as:

  • kit ID

  • batch ID

  • sample information

  • genotype or variant results required for the report

  • processing status and quality information

AttoDiagnostics’ published terms state that samples are destroyed one month after reporting results. They also state that raw test-result data or genetic material for genetic testing services may be stored in accordance with applicable laboratory retention guidance, and that additional data-analysis enquiries may be accepted up to two years after results are issued.

We will reflect the applicable sample and data retention arrangements in our DNA Testing and Personalised Nutrition Consent and any service-specific notices. If we change lab partner, or if the applicable lab retention arrangements change, we may update the relevant notices.

Where we use a lab partner, we require appropriate contractual, confidentiality, security and data protection commitments. The lab must process samples and related data only for agreed purposes and in line with applicable law and our instructions, except where the lab has its own legal obligations.

9. Genetic information and family implications

Nature’s Code reports focus on nutrition-related insights. We do not provide ancestry testing, paternity testing, disease diagnosis, carrier screening, family relationship testing or genetic counselling.

Genetic information can sometimes have implications beyond you, because some genetic variants may be shared with biological relatives. You should think carefully before sharing your results with others.

If you have questions about medical, inherited or family implications of genetic information, you should speak to a qualified healthcare professional or genetic counsellor.

10. Scientific evidence, methodology and report changes

Scientific evidence, nutrition guidance, genetic interpretation and Nature’s Code methodology may evolve over time.

Your report reflects the report version, rules engine, product formulation and evidence base available at the time it was generated. We may update future reports, recommendations, methodology, content or product guidance as evidence, UK or EU guidance, safety considerations, product formulation or our rules engine changes.

Updates to future reports or methodology do not necessarily mean that an earlier report was incorrect. They may reflect new evidence, improved methodology, changed guidance, changed product formulation or different report scope.

11. Raw data and third-party interpretation

Nature’s Code may not provide raw genotype files as part of the standard customer report.

If we do provide raw data, or if you use your genetic information with another provider, their interpretation may differ from ours. We are not responsible for third-party interpretation tools, reports, products, recommendations or decisions.

You should not use raw genetic data or third-party interpretation tools to make medical decisions without advice from a qualified healthcare professional.

12. Couples plans and shared access

If you use a couples plan, each person’s account, sample and report remain separate unless sharing is clearly enabled and consented to.

We will not show one partner’s identifiable DNA results, genetic interpretations or personalised report outputs to the other partner unless the relevant person has chosen to share that information or another lawful basis applies.

You are responsible for keeping your own account login details secure and for deciding whether to share information outside the Nature’s Code service.

If you share screenshots, downloads, portal access, emails or report content with someone else, we may not be able to control how that person uses the information.

13. Identity checks and access to results

Before discussing account, kit, DNA or report information, we may ask you to verify your identity.

We may refuse to disclose information if we cannot verify that the request comes from the relevant customer or an authorised person.

Reports and personalised outputs may be made available through your Nature’s Code account, customer portal, email or another secure method we make available. You are responsible for keeping login details secure and for telling us promptly if you suspect unauthorised access.

14. Who we share personal information with

We may share personal information with trusted third parties where necessary for the purposes described in this Privacy Policy.

These may include:

  • eCommerce and website providers, including Shopify

  • payment providers, including Stripe, American Express, Worldpay and other payment processors

  • fulfilment, delivery and logistics partners

  • lab partners, including AttoDiagnostics

  • customer portal and database providers, including Airtable and Softr

  • CRM, email and SMS providers, including Klaviyo

  • analytics, cookie consent and website performance providers

  • customer support and communications providers

  • fraud prevention, security and IT service providers

  • professional advisers, including lawyers, accountants, insurers and consultants

  • regulators, courts, law enforcement or public authorities where required or permitted by law

  • business buyers, investors, lenders or advisers in connection with a merger, acquisition, financing, restructuring, insolvency process or sale of all or part of our business

We do not require every service provider to be named in this Privacy Policy. However, where a provider processes important categories of data on our behalf, we aim to assess the provider, use appropriate contracts, and limit the information shared to what is necessary.

Where a third party acts as our processor, they must process personal information only on our instructions and protect it appropriately. Where a third party acts as an independent controller, their own privacy policy will apply.

15. Law enforcement, government, insurers and employers

We do not voluntarily share genetic data with law enforcement, government agencies, insurers or employers.

We may disclose information where legally required, such as in response to a valid court order, warrant, subpoena, regulatory requirement or other binding legal process.

Where lawful and appropriate, we will seek to notify you before disclosure. We may not be able to notify you if we are legally prohibited from doing so, if notice would prejudice an investigation, or if there is an urgent safety, legal or security reason.

16. Business transfers and change of ownership

If Nature’s Code or pCOMP Ltd is involved in a merger, acquisition, restructuring, financing, insolvency process or sale of assets, personal information may be transferred as part of that transaction.

Where genetic or health-related information is involved, we will take steps designed to ensure that the recipient remains bound by privacy protections materially consistent with this Privacy Policy, unless you are given notice and any legally required consent or choice.

17. Shopify and store services

Our website and store may be powered by Shopify. Shopify may collect and process personal information in order to provide the store, checkout, fraud prevention, analytics, hosting and related services.

Information submitted through the store may be shared with Shopify and with other service providers involved in operating the store and completing transactions.

Shopify may also process certain information for its own purposes as described in its own privacy notices. You should review Shopify’s privacy information where relevant.

18. Cookies, analytics and advertising technologies

We use cookies and similar technologies to operate our website, remember preferences, understand performance, support analytics and, where permitted, support marketing and advertising.

Some cookies are strictly necessary for the website to work. Others, such as analytics, personalisation or advertising cookies, will be used only where permitted by law and where you have given consent if consent is required.

For visitors in the United Kingdom, European Union and European Economic Area, we will only use non-essential cookies where required consent has been obtained.

You can manage cookie preferences through our cookie banner or cookie settings. You can also control cookies through your browser settings.

We do not intentionally send identifiable genetic data or DNA report outputs to advertising platforms.

19. International transfers

Some of our service providers may process personal information outside the United Kingdom or the European Economic Area.

Where personal information is transferred from the European Economic Area to the United Kingdom, we may rely on the European Commission’s adequacy decision for the United Kingdom while it remains in force.

Where personal information is transferred from the United Kingdom to the European Economic Area, we may rely on the UK’s adequacy recognition of relevant European jurisdictions while it remains in force.

Where we transfer personal information to countries without an applicable adequacy decision or adequacy regulation, we will take steps required by applicable law. This may include relying on the UK International Data Transfer Agreement, the UK Addendum to the EU Standard Contractual Clauses, the EU Standard Contractual Clauses, adequacy decisions, adequacy regulations, or other lawful transfer mechanisms.

20. How we protect information

We use organisational and technical measures designed to protect personal information. These may include:

  • access controls

  • password and account security measures

  • role-based permissions

  • limiting access to people who need it

  • supplier due diligence

  • contractual confidentiality obligations

  • audit logs where available

  • encryption in transit and at rest where available

  • separating identifiers from genetic or lab data where practical

  • security reviews and privacy risk assessments for higher-risk processing

  • staff training and internal policies where appropriate

Where available, we recommend that you use strong passwords and multi-factor authentication. You should keep your account login details confidential and tell us promptly if you believe your account has been compromised.

No method of transmission or storage is completely secure. You should avoid sending sensitive information through insecure channels.

21. How long we keep information

We keep personal information only for as long as reasonably necessary for the purposes described in this Privacy Policy, including to provide services, maintain records, comply with legal obligations, resolve disputes, enforce agreements, protect our business, support product safety and maintain audit trails.

Unless a shorter or longer period is required, we currently expect to use the following maximum retention periods as a working policy:

Type of information Indicative maximum retention period
Website analytics and cookie data Up to 26 months, unless earlier deletion is possible or required
Marketing records and preferences For as long as you remain subscribed, plus up to 6 years to evidence consent or suppression choices
Customer account information For the life of the account, plus up to 6 years after closure or last activity
Order, payment, subscription and transaction records Up to 7 years for accounting, tax and audit purposes
Customer support records Up to 6 years after resolution
Kit registration records Up to 10 years after report generation, unless deleted or anonymised earlier where appropriate
Raw lab result or genotype data held by Nature’s Code Up to 10 years after report generation, unless deleted or anonymised earlier where appropriate
Personalised report outputs and recommendation records Up to 10 years after report generation, unless deleted or anonymised earlier where appropriate
Consent records Up to 10 years after the relevant processing ends, or longer if required for legal defence
Safety, complaint, adverse event or product quality records Up to 10 years, or longer where required for legal, safety, insurance or regulatory reasons
Research consent records For the duration of the research use, plus up to 10 years unless withdrawn or superseded
Anonymised or aggregated data Indefinitely, provided it no longer identifies you
Security logs and audit logs Usually up to 24 months, unless needed longer for security, legal or audit purposes
Backups Deleted on normal backup rotation, unless restoration is required for legal, security or operational reasons

These periods are intentionally conservative and may be shortened once our operational, legal and regulatory requirements are finalised.

Where you ask us to delete information, we will delete or anonymise information where required, subject to limited exceptions where we need to retain information for legal, regulatory, accounting, safety, security, dispute resolution, insurance, audit or legitimate business record purposes.

22. Your rights

Depending on your location and the circumstances, you may have rights to:

  • access personal information we hold about you

  • correct inaccurate information

  • request deletion of information

  • restrict processing

  • object to processing

  • receive a copy of your information in a portable format

  • withdraw consent where processing is based on consent

  • object to direct marketing

  • complain to a supervisory authority

If you are located in the United Kingdom, European Union or European Economic Area, these rights may include rights of access, rectification, erasure, restriction, objection, portability, withdrawal of consent, and complaint to a data protection supervisory authority.

These rights are not absolute and may be subject to legal limits or exemptions.

To exercise your rights, contact privacy@naturescode.uk.

We may need to verify your identity before responding to a request. If someone makes a request on your behalf, we may ask for evidence that they are authorised to act for you.

23. Deleting DNA and report information

You can contact us to request deletion of DNA-related information or report information.

Depending on your request and our legal obligations, we may be able to delete or anonymise:

  • account-linked genetic result data

  • report outputs

  • portal report records

  • kit-linked processing records

  • optional research participation records

If you ask us to delete your account, DNA results or personalised report outputs, the process may be irreversible. Once deleted, we may not be able to restore your report or regenerate it unless you purchase or complete a new test.

We may need to retain limited records where necessary for legal, regulatory, accounting, product safety, dispute resolution, insurance, audit, fraud prevention or security reasons.

Where information is held in backups, it may not be immediately removed from all backup copies, but it will be deleted or overwritten through normal backup rotation unless we are required to preserve it.

Where data has been anonymised so that it no longer reasonably identifies you, it may not be possible to link it back to you for deletion.

24. Marketing choices

You can unsubscribe from marketing emails using the unsubscribe link in any marketing email. You can also contact us at privacy@naturescode.uk.

You may still receive service messages, such as order confirmations, subscription updates, kit processing updates, account alerts, safety messages or important legal notices.

For SMS or other electronic marketing, we will follow applicable consent and unsubscribe requirements in the regions where we operate.

25. Children

Our services are intended for adults. We do not knowingly collect personal information from children for DNA testing, purchasing or account services.

If you believe a child has provided personal information to us, contact privacy@naturescode.uk and we will take appropriate steps.

26. Third-party websites and links

Our website may link to third-party websites, apps or services. We are not responsible for their privacy practices, content or security. You should review their privacy policies before providing information to them.

27. Complaints

If you have concerns about how we handle personal information, please contact us first at privacy@naturescode.uk so we can try to resolve the issue.

You also have the right to complain to a data protection supervisory authority.

If you are in the United Kingdom, you can complain to the UK Information Commissioner’s Office.

UK Information Commissioner’s Office
Website: https://ico.org.uk
Phone: 0303 123 1113

If you are located in the European Union or European Economic Area, you may have the right to complain to the data protection supervisory authority in your country or region.

28. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our services, technology, suppliers, legal requirements or business operations.

When we update the policy, we will change the “Last updated” date. Where required by law, we will provide additional notice or ask for consent.

29. Contact us

For privacy questions, requests or complaints, contact:

pCOMP Ltd trading as Nature’s Code Nutrition
Company number: 15460621
Registered office: 124 City Road, London, Greater London, United Kingdom, EC1V 2NX
Email: privacy@naturescode.uk

For general customer support, please use the contact details provided on our website.