Data Management Policy

Last updated: 17th September 2025

  1. Who We Are

This Data Management Policy explains how OXLABS Limited (“we”, “our”, “us”) collects, uses, stores, and protects personal data through our in-home wellness monitoring system, habita®.
We are committed to protecting the privacy, dignity, and rights of all users, particularly the elderly and vulnerable individuals our product is designed to support.

  1. What Data We Collect

We collect the following types of data:

  • Personal Information: name, contact details, caregiver information.
  • Wellness & Environment Data: activity levels, fire risk indicators, daily routines, medical indicators.
  • Caregiver Input: information shared via conversations or through the mobile app.
  • Website Interactions: details provided when contacting us via our website.

We currently do not process “special category data” (such as detailed health or biometric data).

  1. How Data is Collected
  • Through the habitaHub sensors placed in the home.
  • Via the habita® mobile app used by caregivers.
  • From caregiver input and interactions with our team.
  • Through the OXLABS website when you contact us.
  1. How We Use Data

We use the data we collect to:

  • Provide monitoring and send safety alerts.
  • Notify caregivers of unusual changes in daily activity or emergencies.
  • Improve the quality and safety of our service.
  • Support product development and innovation.
  • Train and refine AI models using anonymised data only.
  • Conduct research using anonymised and aggregated data.
  1. Who We Share Data With

We may share data with:

  • Approved caregivers and family members.
  • Medical professionals and emergency services (where necessary).
  • Trusted third-party service providers who help us operate and improve habita®.

We do not sell or rent personal data to third parties.

  1. Legal Basis for Processing

Depending on the context, we rely on one or more of the following lawful bases under UK GDPR:

  • Consent – where you or your representative have given clear permission.
  • Contract – where data is necessary to provide you with our services.
  • Legitimate Interests – where processing is necessary for safety, monitoring, and continuous improvement.
  1. Data Storage & Security

All data is stored securely within the United Kingdom.

We apply strong safeguards, including:

  • Encryption of data in transit and at rest.
  • Access controls to limit who can view or process data.
  • Secure servers monitored and updated regularly.

We regularly review our security practices to ensure they meet industry standards and regulatory requirements. In the unlikely event of a data breach, we will notify affected individuals and the UK Information Commissioner’s Office (ICO) in accordance with legal obligations.

  1. How Long We Keep Data

We retain personal data only for as long as necessary to deliver our services and meet legal or regulatory requirements. When data is no longer required, it is securely deleted or anonymised.

  1. Your Rights

Under UK GDPR, you have the following rights regarding your personal data:

  • The right to access a copy of your data.
  • The right to correct inaccurate or incomplete data.
  • The right to delete your data (“right to be forgotten”).
  • The right to restrict or object to how we process your data.
  • The right to data portability, to move or transfer your data to another provider.


If you wish to exercise any of these rights, please contact us at [email protected]. We will respond within one month, in line with UK GDPR requirements.

  1. Consent and Vulnerable Users

habita® is designed to support elderly and vulnerable individuals. In some cases, they may not be able to provide informed consent themselves.

Where this is the case, we require consent from a legally authorised representative (such as a family member, guardian, or caregiver with the appropriate authority). We ensure that the rights and best interests of the end user remain central to all data use.

  1. International Data Transfers

We do not currently transfer personal data outside the UK. If this changes in the future, we will ensure appropriate safeguards are in place (such as adequacy decisions or standard contractual clauses).

  1. Changes to This Policy

We may update this policy from time to time. Any significant changes will be communicated via our website or directly to caregivers where appropriate.

  1. Contact Us

If you have any questions or concerns about this policy or your data, please contact:
OXLABS Limited
📧 Email: [email protected]

You also have the right to raise a concern with the UK Information Commissioner’s Office (ICO) via www.ico.org.uk.