BioStackBack to Home
    Your Privacy Matters

    Privacy Policy

    Last updated: January 19, 2026

    Introduction

    BioStack ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our blood test analysis service. We understand that health data is particularly sensitive, and we take your trust seriously.

    Data Controller

    The data controller responsible for your personal data is:

    SIA DEVIX

    Reg. No.: 40203710936

    Brivibas iela 40 - 20B, Riga, LV-1050, Latvia

    Email: privacy@biostack.app

    Information We Collect

    Personal Information

    • Name and email address (required for account creation)
    • Date of birth (optional, used for biological age calculations)
    • Payment information (processed securely by Stripe)

    Health Data

    • Blood test results you upload (PDF, images)
    • Biomarker values extracted from your tests
    • Calculated biological age and health metrics
    • Supplement tracking and health goals
    • Family member profiles (if you create them)

    Usage Data

    • Log data (IP address, browser type, device information)
    • Feature usage patterns to improve the service
    • Sidebar and UI preference states

    How We Use Your Data

    1

    Service Delivery: To analyze your blood tests, calculate biological age, generate recommendations, and provide personalized health insights.

    2

    Account Management: To manage your account, process payments, and communicate service updates.

    3

    Service Improvement: To analyze usage patterns and improve our algorithms and user experience.

    Legal Basis for Processing (GDPR)

    Consent

    You explicitly consent to processing when you upload health data and agree to our terms at signup.

    Contract Performance

    Processing is necessary to provide the service you subscribed to.

    Legitimate Interest

    For service improvement and fraud prevention, where it doesn't override your rights.

    Data Security

    We implement industry-standard security measures to protect your data:

    • Encryption at Rest: All data stored using AES-256 encryption
    • Encryption in Transit: TLS 1.3 for all data transmission
    • Access Controls: Role-based access with row-level security policies
    • Data Isolation: Your data is logically isolated from other users
    • Regular Audits: Security monitoring and vulnerability assessments

    Data Storage Location

    Your data is stored on secure cloud infrastructure provided by our hosting partners. Servers are located in data centers with SOC 2 Type II certification. We ensure appropriate safeguards for any international data transfers in compliance with GDPR requirements.

    Data Retention

    • Active Accounts: Data retained as long as your account is active
    • Cancelled Subscriptions: Data retained for 90 days grace period
    • Account Deletion: All personal data permanently deleted within 30 days of request
    • Legal Requirements: Some data may be retained longer if required by law

    Third-Party Services

    We use trusted third-party services to operate BioStack. These providers are bound by data processing agreements and only access data necessary for their function:

    • AI Processing: For blood test analysis and recommendations (data processed but not stored)
    • Stripe: Payment processing (we never see your full card details)
    • Cloud Infrastructure: Secure hosting and database services

    We never sell your personal or health data to third parties.

    Your Data Rights

    Under GDPR and similar regulations, you have the following rights:

    Right to Access

    Request a copy of all your data

    Right to Rectification

    Correct inaccurate data

    Right to Erasure

    Request deletion of your data

    Right to Portability

    Export your data in a common format

    To exercise any of these rights, use the options in your account settings or contact us at privacy@biostack.app.

    Cookies

    We use only essential cookies required for the service to function (authentication, session management, user preferences like sidebar state). We do not use third-party tracking or advertising cookies. Analytics, if used, are privacy-focused and do not track individual users across sites.

    Children's Privacy

    BioStack is not intended for use by individuals under 16 years of age. We do not knowingly collect personal information from children. If you are a parent and believe your child has provided us with personal information, please contact us.

    Policy Updates

    We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. For significant changes, we may also send you an email notification.

    Contact Us

    If you have any questions about this Privacy Policy or our data practices, please contact us:

    SIA DEVIX

    Brivibas iela 40 - 20B, Riga, LV-1050, Latvia

    Email: privacy@biostack.app

    We aim to respond within 48 hours.