OmicEdgeLegal
Draft

This document is a working draft and has not been reviewed by legal counsel. Do not rely on it for regulatory purposes.

Privacy Policy

Effective date: 15 April 2026

OmicEdge takes privacy seriously. This policy explains what personal data we collect, how we use it, and what rights you have under the EU General Data Protection Regulation (GDPR).

1. Who we are

The data controller is OmicEdge (hereafter “we”). You can reach our data protection contact at privacy@omicedge.com.

2. What we collect

  • Account data: name, email, phone number, date of birth, sex at birth, shipping address.
  • Health data (Article 9 GDPR): biomarker results, wearable readings you connect, lifestyle inputs you enter.
  • Authentication data: sign-in events, IP address, user agent, linked providers.
  • Billing metadata: Stripe customer ID and subscription status. Card details never touch our servers.

3. Why we process it

  • To provide and improve the Service (contract, Art. 6(1)(b) GDPR).
  • To process your biomarker data for personalized insights (explicit consent, Art. 9(2)(a) GDPR).
  • To meet legal obligations such as tax and consumer-rights requirements (Art. 6(1)(c) GDPR).
  • To secure the Service and prevent fraud (legitimate interest).

4. Where your data lives

All application data is hosted in the European Union (Supabase Frankfurt / AWS eu-central-1 for email, AWS eu-west-1 for SMS). We do not transfer health data outside the EU.

5. How long we keep it

  • Account data: for as long as your account is active, plus up to 6 months after deletion for operational reasons.
  • Biomarker results: 10 years by default, to support meaningful longitudinal tracking. You may request earlier deletion at any time.
  • Billing records: 7 years, to comply with Dutch tax law.

6. Who we share it with

  • Specialist EU laboratories performing the biomarker analysis.
  • Infrastructure providers (Supabase, AWS, Stripe, Google Cloud) acting as processors under Data Processing Agreements.
  • Law-enforcement authorities only where strictly required by a valid legal order.

We do not sell or share your personal data for advertising purposes.

7. Your rights

Under the GDPR you have the right to access, correct, delete, export, or restrict processing of your data, and to object to processing based on legitimate interest. You may withdraw your explicit consent to health-data processing at any time; doing so will pause the biomarker features of the Service.

Email privacy@omicedge.com to exercise any of these rights. You also have the right to lodge a complaint with your national data-protection authority (in the Netherlands: the Autoriteit Persoonsgegevens).

8. Security

We encrypt data in transit (TLS) and at rest, enforce row-level security on the database, require phlebotomists to follow ISO 15189 protocols, and rotate production credentials regularly.

9. Cookies and tracking

We use strictly necessary cookies for authentication. We use anonymized analytics (Vercel Analytics) without personal identifiers. No third-party advertising trackers run on the Service.

10. Changes to this policy

We will notify you by email of any material change at least 30 days before it takes effect.