This Privacy Policy describes how discovermonk.com (the “website”or “we” or “app”) collects, uses, and discloses your Personal Information when you visit our website, download our app or make a purchase from our website and / or app. 

Contact

After reviewing this policy, if you have additional questions, want more information about our privacy practices, or would like to make a complaint, please email us at hello@discovermonk.com or by mail at 71-75 Shelton Street, London WC2H 9JQ, United Kingdom.

Collecting Personal Information

When you visit the Site, we collect certain information about your device, your interaction with the Site, and information necessary to process your purchases. We may also collect additional information if you contact us for customer support. In this Privacy Policy, we refer to any information about an identifiable individual (including the information below) as “Personal Information”. See the list below for more information about what Personal Information we collect and why.

• Device information

  • Purpose of collection: to load the Site accurately for you, and to perform analytics on Site usage to optimise our Site.

  • Source of collection: Collected automatically when you access our Site using cookies, log files, web beacons, tags, or pixels.

  • Disclosure for a business purpose: shared with our processor Shopify.

  • Personal Information collected: version of web browser, IP address, time zone, cookie information, what sites or products you view, search terms, and how you interact with the Site.

• Order information

  • Purpose of collection: to tailor the app to your specific goals and needs, along with showing you your health data, and how cold plunges and Monk ice bath usage has impacted those metrics.

  • Source of collection: through your input during the app onboarding and through connected wearable data if connected by you.

  • Disclosure for a business purpose: reasonable disclosure to your partner processors only. We may in the future look to analyse this data on an anonymised basis for the purposes of scientific study or generalised marketing.

  • Personal information collected: this is dependent on both the wearable you connect and the data that you may have inputted into the relevant app. This can include but is not limited to: all apple / google health kit data, heart related data, sleep data, menstruation data, other inputted personal goals and feelings. 

  • Purpose of collection: to provide products or services to you to fulfil our contract, to process your payment information, arrange for shipping, and provide you with invoices and/or order confirmations, communicate with you, screen our orders for potential risk or fraud, and when in line with the preferences you have shared with us, provide you with information or advertising relating to our products or services.

  • Source of collection: collected from you.

  • Disclosure for a business purpose: shared with our processor Shopify and Klaviyo.

  • Personal Information collected: name, billing address, shipping address, payment information (including credit card numbers), email address, and phone number.

  • Health data

• UX Experience
  • We improve our products and advertising by using Microsoft Clarity to see how you use our website. By using our site, you agree that we and Microsoft can collect and use this data. 
  • This includes behavioural metrics, heatmaps and session replay. Website usage data is captured using first and third-party cookies. Additionally, we use this information for site optimisation, fraud/security purposes and advertising. To learn more, access the Microsoft Privacy Statement.
    
    
• App Experience: location data
  • We do not access, store, track, or process your physical location.
  • We do not use this permission for analytics, personalisation, or cold water therapy features.
  • The permission is requested only when needed, such as during Bluetooth or Wi-Fi configuration.

• App Experience: Analytics and IP-Based Location 
  • Our analytics tools (including Google Firebase) may derive approximate regional information based on your IP address, such as country or city, for normal app analytics.
  • This is standard across most mobile apps and does not involve the device’s GPS or location permission.
  • No fine or coarse GPS-based location is ever transmitted to Firebase.
  • We do not combine IP-based regional data with any other personal identifiers.
    
• App Experience: Sharing
• • We do not share any GPS-based or permission-based location data with third parties.
     Analytics providers may receive IP-derived region information, which is processed in line with their privacy policies.
    Personal Information Collected
    
    • No GPS location data collected.
    • No precise or coarse location data stored or transmitted.
    • IP-derived approximate region (e.g., country/city) may be used for analytics.
   

Sources of personal data

We collect personal data from the following sources:

• Directly from you: When you place an order, create an account, use our app, contact customer support, subscribe to marketing, or otherwise interact with our website or app.
• From your devices: Automatically through cookies, log files, web beacons, and similar technologies when you visit our website or use our app.
• From third-party wearable devices and apps: Health and activity data is collected via Terra API from wearable devices and health platforms (such as Apple Health, Google Health Connect, or compatible fitness trackers) that you have chosen to connect.
• From third-party service providers: Our payment processor and analytics providers may provide us with data relating to your transactions and site interactions.

Your obligation to provide personal data

The provision of certain personal data is a contractual requirement necessary for us to fulfil your order and provide our services. Specifically:

• Order information (name, shipping address, billing address, email, payment details): Required in order to process and deliver your purchase. If this data is not provided, we will be unable to complete your order.
• Account data (email address): Required to create an account and access app features. Without this, we cannot provide access to the app or personalised services.

The following data is provided voluntarily:

• Health and wearable data: Connecting a wearable device and sharing health data is entirely optional. If you choose not to connect a wearable, you can still use the app, but certain features (such as personalised cold water therapy insights based on your health metrics) will not be available.
• Marketing preferences: Opting in to marketing communications is voluntary. You can use our products and services without subscribing.
  
  

Sharing Personal Information

We do not sell your data to third parties. We only share your Personal Information with service providers to help us provide our services and fulfil our contracts with you, as described above, when necessary. For example:

• We use Shopify to power our online store. You can read more about how Shopify uses your Personal Information here: https://www.shopify.com/legal/privacy.
  

• We use Klaviyo to process our email correspondence and provide tailored CWT recommendations based on your data: You can read more about how Klaviyo manage your Personal Information here: https://www.klaviyo.com/legal/privacy/privacy-notice
  
  
• We use Terra API to collect your wearable data. You can read more about how Terra uses your wearable information here: https://tryterra.co/privacy

Behavioural Advertising

As described above, we use your Personal Information to provide you with targeted advertisements or marketing communications we believe may be of interest to you. For example:

• We use Google Analytics to help us understand how our customers use the Site. You can read more about how Google uses your Personal Information here: https://www.google.com/intl/en/policies/privacy/. You can also opt-out of Google Analytics here: https://tools.google.com/dlpage/gaoptout.

Using Personal Information

We use your personal Information to provide our services to you, which includes: offering products for sale, processing payments, shipping and fulfilment of your order, and keeping you up to date on new products, services, and offers.

Lawful basis

Pursuant to the General Data Protection Regulation (“GDPR”), if you are a resident of the European Economic Area (“EEA”), we process your personal information under the following lawful bases:

• Your consent;

• The performance of the contract between you and the Site;

• Compliance with our legal obligations;

• To protect your vital interests;

• To perform a task carried out in the public interest;

• For our legitimate interests, which do not override your fundamental rights and freedoms. The legitimate interests we rely upon are:

  • Marketing and communications: Sending you information about products, services, and offers that are relevant to you based on your purchase history and preferences, in order to grow and sustain the business.
  • Fraud prevention and security: Screening orders for potential risk or fraud to protect both the business and our customers.
  • Service improvement: Analysing how customers use the website and app (including through tools such as Microsoft Clarity and Google Analytics) in order to optimise performance, user experience, and product development.
  • Business operations: Processing and fulfilling orders, managing customer accounts, and maintaining accurate business records.

   

Special category data (health data)

Our app and services may collect and process special category personal data, including health-related information such as heart rate, heart rate variability (HRV), sleep data (including REM and deep sleep metrics), and heart rate. Under Article 9 of the GDPR, we rely on your explicit consent as the lawful basis for processing this data.

We obtain your explicit consent at the point of collection – specifically during the app onboarding process and when you choose to connect a wearable device. You can withdraw your consent at any time by disconnecting your wearable device within the app settings, or by contacting us at hello@discovermonk.com. Withdrawing consent does not affect the lawfulness of processing carried out before the withdrawal.

We maintain a record of each consent given, including when it was provided and the scope of data covered.

Retention

We retain your personal information only for as long as is necessary to fulfil the purposes for which it was collected, or as required by law. The specific retention periods we apply are:

• Order and transaction data (name, address, payment references, order history): Retained for 6 years from the date of the transaction, in line with HMRC record-keeping requirements and the Limitation Act 1980.
• Customer account data (email address, account preferences): Retained for as long as your account remains active. 
• Health and wearable data (heart rate, HRV, sleep metrics): Retained for as long as your wearable device remains connected and you have an active account. Upon disconnection of your wearable or account deletion, this data is deleted within 30 days.
• Marketing and communications data (email engagement, preferences): Retained for 2 years from your last interaction with a marketing communication, unless you unsubscribe sooner.
• Device and analytics data (IP address, browser info, cookies): Retained in accordance with the cookie durations set out in the Cookies section of this policy.
• Customer support correspondence: Retained for 2 years from the date of your last communication with us.

When personal data is no longer required, it is securely deleted or anonymised. For more information on your right to request erasure, please see the "Your rights" section below.

Automatic decision-making

If you are a resident of the EEA, you have the right to object to processing based solely on automated decision-making (which includes profiling), when that decision-making has a legal effect on you or otherwise significantly affects you.

Our processor Shopify uses limited automated decision-making to prevent fraud that does not have a legal or otherwise significant effect on you.

Services that include elements of automated decision-making include:

• Temporary blacklist of IP addresses associated with repeated failed transactions. This blacklist persists for a small number of hours.

• Temporary blacklist of credit cards associated with blacklisted IP addresses. This blacklist persists for a small number of days.

Your rights

GDPR

If you are a resident of the EEA or the United Kingdom, you have the right to:

• Access the personal information we hold about you
• Port your data to a new service
• Request that your personal information be corrected, updated, or erased
• Restrict or object to the processing of your personal data
• Withdraw consent at any time, where consent is the basis for processing
• Lodge a complaint with a supervisory authority

If you would like to exercise any of these rights, please contact us through the contact information above.

If you are not satisfied with how we handle your personal data or respond to your request, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's supervisory authority for data protection:

• Website: https://ico.org.uk
• Telephone: 0303 123 1113
• Post: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

We would, however, appreciate the opportunity to address your concerns before you contact the ICO, so please do reach out to us in the first instance.

California Consumer Privacy Act (CCPA) Rights

If you are a California resident, the CCPA provides you with the following rights regarding your personal information:

1. Right to Know

You have the right to request details about the categories and specific pieces of personal information we have collected about you in the past 12 months.

2. Right to Delete

You can request that we delete any personal information we have collected from you, subject to certain exceptions.

3. Right to Opt-Out

You have the right to opt-out of the sale of your personal information. We do not sell personal information as defined by the CCPA, but if we change this practice, you will be notified in advance, and you will be able to opt-out.

4. Non-Discrimination

We will not discriminate against you for exercising any of your CCPA rights. This includes not denying services, charging different prices, or providing a different quality of services.

5. Submitting a Request

To exercise your rights, you can contact us via the following methods:

• Email: hello@discovermonk.com
• Online Form: available here

We will verify your identity and respond within business hours.

6. Authorised Agents

You may designate an authorised agent to make requests on your behalf. To do so, you must provide written permission for the agent and verify your identity.

7. Data Collection and Sharing

In the past 12 months, we have collected the following categories of personal information from Californian residents:

• Identifiers (e.g., name, email, IP address)
• Commercial Information (e.g., purchase history)
• (Optional) Additional personal information: age, height, purpose of using the app (self-reported).
• (Optional) Health metrics: heart rate, HRV, REM sleep, and deep sleep (via third party wearables).

Cookies

A cookie is a small amount of information that’s downloaded to your computer or device when you visit our Site. We use a number of different cookies, including functional, performance, advertising, and social media or content cookies. Cookies make your browsing experience better by allowing the website to remember your actions and preferences (such as login and region selection). This means you don’t have to re-enter this information each time you return to the site or browse from one page to another. Cookies also provide information on how people use the website, for instance whether it’s their first time visiting or if they are a frequent visitor.

We use the following cookies to optimise your experience on our Site and to provide our services.

Cookies Necessary for the Functioning of the Store

Reporting and Analytics

The length of time that a cookie remains on your computer or mobile device depends on whether it is a “persistent” or “session” cookie. Session cookies last until you stop browsing and persistent cookies last until they expire or are deleted. Most of the cookies we use are persistent and will expire between 30 minutes and two years from the date they are downloaded to your device.

You can control and manage cookies in various ways. Please keep in mind that removing or blocking cookies can negatively impact your user experience and parts of our website may no longer be fully accessible.

Most browsers automatically accept cookies, but you can choose whether or not to accept cookies through your browser controls, often found in your browser’s “Tools” or “Preferences” menu. For more information on how to modify your browser settings or how to block, manage or filter cookies can be found in your browser’s help file or through such sites as: www.allaboutcookies.org.

Additionally, please note that blocking cookies may not completely prevent how we share information with third parties such as our advertising partners. To exercise your rights or opt-out of certain uses of your information by these parties, please follow the instructions in the “Behavioural Advertising” section above. Please note that additional cookies outside of Shopify’s core cookie list are in use on our website and app, in order to help better present our website and app to you, and to provide us with analytics data.

Do Not Track

Please note that because there is no consistent industry understanding of how to respond to “Do Not Track” signals, we do not alter our data collection and usage practices when we detect such a signal from your browser.

Changes

We may update this Privacy Policy from time to time in order to reflect, for example, changes to our practices or for other operational, legal, or regulatory reasons.

Complaints

As noted above, if you would like to make a complaint, please contact us by email or by mail using the details provided under “Contact” above.

Last updated: 07/04/2026 version 1.14.