Privacy Policy

1. Introduction

This privacy notice explains how the Eucalyptus group of companies (“Eucalyptus”, “we”, “us”) collects, uses, shares and protects personal data when you use our websites, apps, and offerings, including our telehealth and healthcare-related services and communities.

2. Who we are and how this notice works

Eucalyptus provides consumer services through brands such as Juniper, Pilot, Kin, and Software (and related websites/apps). Responsibility for your personal data within the Eucalyptus group may vary based on your location and the specific service you use. 

Annex A contains regional requirements that modify or add to this notice for Australia, United Kingdom, EEA, Japan and Canada. Annex B lists the responsible entities (i.e. data controllers) and the services they manage (see Annex C for contact information).

This notice applies to a broad range of individuals, including our customers and users (including those who begin but do not complete our online questionnaires or onboarding processes), anyone who contacts us and/or anyone with an established business relationship with us.

It applies when you:

  • Visit our websites or use our apps
  • Create an account or complete forms/questionnaires
  • Use telehealth or other healthcare services (including pharmacy fulfilment where applicable)
  • Interact with clinicians, healthcare professionals, health coaches, companions and other partners
  • Join and participate in our online health communities (e.g. WhatsApp groups)
  • Connect wearables or other devices that integrate with our services
  • Contact us online or by phone

Some healthcare professionals or service providers you interact with through our services may operate as separate and independent controllers of your personal data. They will have their own privacy processes and practices when handling your personal data.

3. Personal data we collect

The personal data we collect depends on your relationship with us and the services you use. It can include:

Identity and contact 

  • Name, date of birth, gender, username/account identifiers
  • Postal address, email address, telephone number
  • Details of your nominated general practitioner or external health care provider
  • Identity verification information (including a photo of your face and/or ID where required)
  • In some cases, government-issued identifiers needed for eligibility, dispensing or verification

Health and care

  • Health history and questionnaire responses, symptoms, diagnoses, allergies, medications, side effects and outcomes
  • Measurements and progress data you provide (e.g. weight and other body measurements where relevant)
  • Messages, notes, files and images you share with clinicians, pharmacies, coaches or support teams (including clinical photos where relevant)
  • Prescription and dispensing-related information
  • Racial or ethnic origin information that may be relevant to your care

Community and content

  • Information you provide in community spaces we operate or facilitate (e.g. posts, comments, profile details and interactions) including any health data you choose to share

Transaction, billing and fulfilment

  • Subscription status, orders, deliveries, returns, cancellations and refunds
  • Billing address and delivery address
  • Payment-related data

Device, website and app 

  • Device identifiers, IP address, browser/app settings, operating system
  • Website/app usage and event data (pages viewed, clicks, referral URLs, session data)
  • App diagnostics, crash logs and performance data
  • Approximate location (derived from IP address or device settings where available)

Connected devices and integrations

  • Data from devices or third-party services you choose to connect (e.g. fitness trackers, smartwatches)
  • Device/product identifiers needed to support integrations (e.g. serial number, Bluetooth address, similar identifiers)

Business and recruitment

  • Business contact details (name, job title, employer, work contact details, correspondence)
  • Application and employment-related information if you apply for roles with us

4. How we collect personal data

We collect personal data from:

  • You (e.g. questionnaires, account set-up, support requests)
  • Automatic technical sources (e.g. device/app/web data, cookies and similar technologies)
  • Our group companies to provide goods and services 
  • Partners assisting with services (e.g. partner practitioners/companions/providers; labs/tests; partner communications) 
  • Connected devices/services you choose to link 
  • Publicly available sources and third parties (e.g. suppliers, recruitment agencies, contractors, business partners) 
  • Government/official sources where relevant to providing a service (e.g. NHS services, Medicare, My Health Record, electronic prescription transfer services)

If we collect personal data about you from a third party, we may ask the third party (where appropriate) to inform you that we hold the information and how it will be used and disclosed.

5. How we use personal data

We use personal data for various purposes, including those summarised below:

Provide services and support

  • Create and manage your account and preferences
  • Run questionnaires, onboarding and eligibility checks, and assess suitability for services
  • Facilitate telehealth consultations and related care support, including messaging, follow-ups and care coordination
  • Provide coaching and service features (including any in-app support tools), and respond to enquiries
  • Send service communications such as confirmations, reminders, safety notifications, changes to services, and support messages
  • Monitor service quality, provide training, and investigate complaints or incidents (including recording or transcribing certain calls/consultations where relevant)

Fulfil orders and prescriptions

  • Process orders, subscriptions, payments, refunds and chargebacks
  • Arrange prescribing, dispensing and pharmacy fulfilment where applicable (including sharing necessary data with pharmacies and healthcare partners)
  • Arrange delivery (e.g. courier/post), returns, replacements and customer support for orders
  • Maintain dispensing and fulfilment records as required by applicable healthcare and pharmacy rules

Operate communities and improve products

  • Operate and moderate online communities and related content spaces
  • Support community activities (e.g. coaching, programmes, events, prompts and engagement)
  • Conduct analytics, reporting and internal research and development to improve services, develop new products, debug issues, and understand how services are used
  • Measure outcomes and performance, including service evaluation and quality improvement

Marketing and personalisation

  • Send marketing communications (e.g. email, SMS, push notifications, telephone calls where permitted) about our brands, services, products and offers
  • Personalise communications, recommendations and website/app experiences, including based on your interactions with our services and (where permitted) information you provide
  • Run promotions, competitions and referral programmes (where offered)
  • Measure marketing performance and improve targeting, including creating audience segments (such as “lookalike” audiences) and retargeting based on interactions with our websites/apps, subject to your choices and regional requirements
  • In some regions, we may send you marketing communications about similar products or services if you have previously made a purchase or used our services, unless you have opted out (sometimes referred to as a “soft opt-in”)

Safety and welfare 

  • Identify and address safety risks, including detecting content or patterns that suggest potential harm
  • Where necessary and appropriate, share relevant information with emergency services or other appropriate parties to request a welfare check or urgent assistance (for example, where there is a professional opinion of imminent risk of harm)

Legal, compliance and business operations

  • Comply with legal and regulatory requirements (including healthcare, pharmacy, identity verification, reporting, tax and accounting obligations)
  • Prevent, detect and investigate fraud, misuse, security incidents and other unlawful activity.
  • Establish, exercise or defend legal claims, manage disputes, and enforce terms
    Manage corporate transactions (such as mergers, acquisitions, restructuring, financing or insolvency), including due diligence and transition planning
  • Maintain internal governance, risk management, audits, and insurance-related processes

6. Lawful basis

When required by law, we rely on appropriate lawful bases to process your information, such as:

  • Contract: To provide services you request or to take steps at your request before entering a contract.
  • Legal obligation: To meet legal and regulatory requirements (including healthcare and pharmacy obligations)
  • Legitimate interests: To operate, improve and protect our business and services
  • Consent: Where we ask for your permission to process your personal data for a specific purpose

If necessary, we may also rely on an appropriate additional condition to process sensitive or special category data. For example, to provide health or social care services, or where necessary for employment, social security or social protection law purposes.

7. Sharing personal data

Who we share personal data with

We may share personal data with:

  • Eucalyptus Group companies for internal administration and service delivery
  • Clinicians, healthcare professionals and clinical partners to provide consultations, treatment support and related services
  • Pharmacies, dispensing partners and delivery providers to fulfil prescriptions and deliver products
  • Technology and operational service providers (e.g. hosting, communications, customer support tools, analytics, security, identity verification, payment processors)
  • Advertising partners for purposes of measuring or improving our marketing
  • Professional advisers (e.g. legal, audit, insurance)
  • Regulators, courts and law enforcement where required by law
  • Successors to our business in connection with a merger, acquisition, restructuring or asset sale

International transfers

We and our service providers may store or process personal data in countries other than where you live. This includes access by our international operational support and service delivery staff in South Africa and Philippines.

Where applicable law requires additional safeguards, we use appropriate technical and organisational measures to provide an adequate level of protection to the processing of your personal data.

Further region-specific information is in Annex A.

8. Recording of calls and consultations

Some calls, chats or consultations may be recorded or transcribed for purposes such as:

  • Quality assurance and training
  • Safety and incident management
  • Maintaining records where required
  • Investigating complaints or disputes

Where recording is optional and you do not want a recording to be kept, tell us (or the clinician) at the start of the call/consultation and we will handle this in line with the service and legal requirements.

If we request identity verification using a photo ID, you may be able to obscure non-essential details (for example, covering your licence number) unless we need the full image for a specific legal or safety reason.

9. Cookies, analytics and online advertising

We use cookies, SDKs, pixels and similar technologies (collectively “cookies”) to:

  • Operate and secure our websites and apps
  • Remember preferences
  • Understand usage and performance (analytics)
  • Measure the effectiveness of campaigns
  • Show you relevant adverts on third-party platforms

Online advertising may involve:

  • Using cookies/pixels to understand what content is useful and which ads lead to sign-ups or purchases
  • Creating and using audiences (including “lookalike” audiences) using limited identifiers, typically in hashed or pseudonymised form
  • Retargeting based on interactions with our websites/apps

Where required by law, we will obtain consent before placing non-essential cookies and you can manage preferences using our cookie banners/settings or your device or browser.

10. AI features and machine learning

We may use AI-enabled tools (including large language models) to support and improve our services, for example to:

  • Help triage and respond to support queries
  • Retrieve relevant account or service information to assist with responses
  • Generate or draft content and materials (including patient-facing materials where appropriate)
  • Support certain in-app features such as chat-based assistance

These tools may process the content you provide (such as messages you send us). We use access controls and contractual measures intended to protect personal data, and we limit use to the purposes described in this notice and applicable law.

We may also use a limited amount of de-identified personal data to train internal AI tools so we can:

  • Improve the accuracy, safety, consistency and clinical relevance of outputs
  • Detect and correct failure patterns (e.g. hallucinations, unsafe suggestions, missed escalation cues)
  • Improve routing, moderation, and quality checks
  • Support auditing, incident investigation, and service improvement

Where we use personal data for AI training and evaluation we:

  • Aim to use the minimum personal data needed for these purposes, and use pseudonymisation or de-identification where feasible
  • Apply access controls, security measures, and other controls designed to protect personal data
  • Only use personal data in a way that is compatible with the purposes set out in this notice
  • Keep training/evaluation datasets only as long as needed for the relevant diagnostic, debugging, safety and improvement purposes, then delete or de-identify them in line with our retention approach

AI features are designed to support services and are not a substitute for professional medical advice. 

Where an AI feature is used in a way that may materially affect you, we include appropriate human oversight and routes to contact us.

11. Keeping your personal data safe

We use appropriate technical and organisational measures designed to protect personal data against unauthorised access, loss, misuse, alteration or disclosure. This includes access controls, security monitoring and controls over suppliers.

If you suspect unauthorised activity on your account, contact us using the details in Annex C.

12. How long we keep personal data

We keep personal data for as long as needed to:

  • Provide services and maintain accounts
  • Comply with legal and regulatory requirements (including healthcare and pharmacy record-keeping rules)
  • Resolve disputes and enforce agreements
  • Protect and improve our services

Retention periods vary based on the type of data, the service you use and applicable legal requirements. 

Where we no longer need personal data, we delete or de-identify it in accordance with applicable law and operational constraints.

13. Your choices and rights

Depending on where you live, you may have rights to:

  • Access personal data we hold about you
  • Correct inaccurate or incomplete data
  • Delete data or restrict processing in certain circumstances
  • Object to certain processing (including direct marketing)
  • Receive a copy of your data in a portable format (where applicable)
  • Withdraw consent (where we rely on it)
  • Complain, either directly to us or to the appropriate regulator

We may need to verify your identity before processing a rights request. We may also refuse requests or apply exemptions where permitted by law, and we will explain why where required.

Region-specific rights and processes are set out in Annex A.

14. How to contact us

For privacy enquiries, complaints, or to exercise your rights, contact the privacy team using the details in Annex B.

For customer service queries (such as cancellations or subscription support), use the customer support contact for your brand and country (also listed in Annex B where available).

15.Updates to this notice

We may update this notice from time to time. If changes are material, we will take reasonable steps to notify you (for example via the website, app or email). We also encourage you to check periodically for the latest version.

Annex A: Regional Requirements

This annex contains regional requirements that modify or add to the above notice. 

Where there is any conflict between the above notice and these regional requirements, the regional requirements prevail.

Australia

Terminology and legal framework

In Australia, “personal data” in this notice corresponds to “personal information” under the Privacy Act 1988 (Cth). “Special category data” generally corresponds to “sensitive information” (including health information).

Direct marketing by telephone

Where permitted, our direct marketing may include telephone calls to numbers you provide, generally between 9am and 8pm AEST on business days.

Overseas disclosures

When we disclose personal data to overseas recipients, we take reasonable steps to ensure the recipient handles the personal data in a manner consistent with the Australian Privacy Principles (APP).

In exceptional cases, we may ask you to consent to an overseas disclosure where APP 8.1 does not apply. If you do, you acknowledge that the overseas recipient may not be bound by the APPs and you may not be able to seek redress under the Privacy Act.

Access, correction and fees

We may ask you to verify your identity before providing access or making corrections.

We may recover reasonable costs of providing access.

If we refuse a correction request because we do not agree a change is required, we will explain why.

Complaints

If you have concerns regarding our processing activities or are not satisfied with our response to your privacy requests/concerns, you can complain to the Office of the Australian Information Commissioner (OAIC):

United Kingdom

Healthcare regulation

Where healthcare services are provided through Juniper-branded platforms, the service is regulated by the Care Quality Commission (CQC) and our pharmacy service is registered with the General Pharmaceutical Council (GPhC).

NHS Summary Care Records

We meet NHS Data Security and Protection Toolkit (DSPT) requirements (organisation code O6P4Y).

Where appropriate for your care, our clinicians and/or pharmacy professionals may access your NHS Summary Care Record (SCR) to support safe prescribing and clinical decision-making. Your SCR is a summary drawn from your GP record and typically includes your current medicines, allergies, previous adverse reactions, and may also include additional clinical information such as significant medical history, immunisations, care plan information, and communication needs.

Before we access your NHS SCR, we will normally ask for your permission to view it a) at the point of care or b) by asking for extended permission to view on an ongoing basis. If you are unable to give permission, an authorised clinician or pharmacy professional may access the record where it is in your best interests. Access is role-based, limited to those involved in your care, and is logged and auditable.

Your GP practice remains the data controller for your GP medical record. If you want to exercise your data protection rights in relation to your GP record, you should contact your GP practice. Your GP practice can also help with your NHS SCR preferences (including opting out).

We are the data controller for any SNOMED-coded information we create or add to our records following access to your NHS SCR. You can also ask us for a record of who has accessed your NHS SCR.

For more information about NHS SCR, please visit NHS Digital’s Information of Patients webpage.

International transfers

When we transfer personal data outside the UK, we rely on UK adequacy regulations to freely transfer the personal data or other recognised safeguards to ensure a sufficient level of protection, including UK International Data Transfer Agreements (IDTA) or European Commission standard contractual clauses with the UK addendum.

Diagnostics and testing services

We facilitate diagnostic and pathology services (such as blood testing) via third-party partners, including Randox Laboratories Ltd and Thriva Limited. 

These services necessitate the collection and processing of your personal data, including Special Category Data (health history, biological samples, and test results), for analysis, interpretation, and clinical decision-making. 

Biological samples may be provided in-clinic or using at-home testing kits.

For the data shared in connection with these services, we and the testing provider act as separate and independent data controllers, and the testing provider will handle your information according to their own privacy notices (linked below)

Randox: https://www.randox.com/privacy-and-cookies

Thriva: https://thriva.co/privacy-policy 

Rights request timeframe and complaints

We normally respond to rights requests within 30 days (subject to permitted extensions).

If you have concerns regarding our processing activities or are not satisfied with our response to your privacy requests/concerns, you can complain to the Information Commissioner’s Office (ICO) - https://ico.org.uk/ 

EEA

International transfers

When we transfer personal data outside the EEA, we rely on the European Commission’s adequacy decisions to freely transfer the personal data or other recognised safeguards to ensure a sufficient level of protection, including standard contractual clauses.

Rights request timeframe and complaints

We normally respond to rights requests within 30 days (subject to permitted extensions).

If you have concerns regarding our processing activities or are not satisfied with our response to your privacy requests/concerns, you can complain to your local supervisory authority:

  • For complaints relating to processing by Juniper Technologies Germany GmbH:

https://www.datenschutzkonferenz-online.de/datenschutzaufsichtsbehoerden.html

  • For complaints relating to processing by Juniper Europe B.V:

https://www.autoriteitpersoonsgegevens.nl 

Japan

Legal framework

By acknowledging this notice and using our services, you consent to our acquisition and use of your special care-required personal information (health data) as described in the Eucalyptus Privacy Notice and this regional annex.

Where our Japanese services are provided, we handle personal data in accordance with Japan’s Act on the Protection of Personal Information (APPI).

Third-party provision

We do not provide personal data to third parties without your prior consent unless an APPI exception applies (e.g. required by law; necessary to protect life, body or property; public health; cooperation with authorities; or other permitted cases).

Where necessary to provide services, we may also share personal data with affiliated medical institutions, and you consent to this sharing by acknowledging this notice and using our services.

Joint use

We may jointly use personal data as follows:

  • Items of personal data jointly used: The personal data described in Section 3 of the Eucalyptus Privacy Notice.
  • Purpose of joint use: The purposes described in Section 5 of the Eucalyptus Privacy Notice.
  • Joint users: Euc Services Pty Ltd; Fill Function UK Ltd; Juniper Technologies UK Ltd; Juniper Europe BV.
  • Responsible party for joint use: Eucalyptus Japan K.K (Representative Director: Mr Timothy Doyle).

Marketing and advertising measurement 

By acknowledging this notice and using our services, you consent to receiving marketing or promotional information by email, SMS, etc (you can opt out at any time).

We may receive information about advertisements you clicked (such as click date and where the advertisement was shown) from third-party tools and compare it with order information to measure effectiveness.

Canada

Practitioners as independent controllers

While we manage the platform and your account, the healthcare practitioners you consult with are separate and independent data controllers responsible for your medical record and clinical care. They process your personal health information in accordance with their own professional and legal obligations.

Rights request timeframe and complaints

Where Canadian privacy laws apply, you can request access to and correction of your personal data.

We normally respond to rights requests within 30 days (subject to permitted extensions).

If you have concerns regarding our processing activities or are not satisfied with our response to your privacy requests/concerns, you can complain to the Office of the Privacy Commissioner of Canada (OPC) or the relevant provincial regulator, where applicable:

Annex B: Responsible Group Entities

This annex lists the responsible entities (i.e. data controllers) and the services they manage in relation to the processing of personal data.

Australia

  • EUC Services Pty Ltd - Employer and Service Provider Contracts
  • Juniper Technologies Pty Ltd - Consumer Services (Juniper)
  • Pilot Technologies Pty Ltd - Consumer Services (Pilot)
  • Kin Fertility Pty Ltd - Consumer Services (Kin)
  • Skin Software Pty Ltd - Consumer Services (Software)

Juniper

United Kingdom

  • Fill Function UK Limited - Employer, Consumer Services and Service Provider Contracts
  • Juniper Technologies UK Limited - Service Provider Contracts

EEA

  • Juniper Europe B.V. - Employer and Service Provider Contracts
  • Juniper Technologies Germany GmbH - Consumer Services

Japan

  • Eucalyptus Japan K.K.- Employer, Consumer Services and Service Provider Contracts

Canada

  • Eucalyptus Canada Ltd. - Employer, Consumer Services and Service Provider Contracts

Annex C: Regional Contact Information

This annex lists the contact information for each region. For general privacy queries, you can also contact privacy@eucalyptus.vc

Australia

United Kingdom

EEA

  • Email: hallo@myjuniper.com 
  • Address: Juniper Technologies Germany GmbH, Wittelsbacherplatz 1, 80333 München

Japan

  • Email: contact@myjuniper.jp 
  • Address: Toranomon Hills Business Tower 16F, 1-17-1 Toranomon, Minato-ku, Tokyo

Canada

  • Customer Service: hello@myjuniper.ca 
  • Address: Eucalyptus Canada Ltd., 100 King Street West, Toronto, Ontario, Canada