Privacy Policy &
Data Protection

1. Information We Collect

We collect two distinct categories of data depending on how you interact with Biokonstra®.

If you choose to join our waitlist or contact us directly, we collect only the personal data you provide — such as your name and email address — solely to fulfil your request or maintain our agreement with you.

2. How We Protect Your Biological Identity

Your privacy inside the member portal is protected by design. Your extracted health metrics and genetic data are completely decoupled from your real name, email address, and payment information. We use a secure, random alphanumeric code system to store your biological data in a strictly anonymised format.

In the unlikely event of a security breach, your scientific metrics cannot be linked back to your real-world identity. Your data and your identity are kept in separate systems that are never joined.

3. Our Non-Training AI Commitment

When our research engine, AQ, analyses your anonymised data to support your practitioner, your health information is treated as strictly private, ephemeral context. Three commitments apply without exception:

• Your health data is never shared with public networks or third-party platforms.
• Your data is never used to train public or private AI models.
• Once your formulation session is complete, your personal data is immediately cleared from AQ's active processing memory.

4. Why We Process Your Data

We process the minimum data necessary to operate the website and deliver your programme. Specifically:

• Website device data — to identify potential abuse and maintain site security. This data is aggregated and cannot identify you personally.
• Waitlist and contact data — to respond to your enquiry or maintain our service relationship with you.
• Portal biological data — to enable your practitioner, supported by AQ, to calibrate your bespoke botanical formulation. This data is processed only with your explicit consent and is handled under the anonymised Bio-Vault system described above.

5. Your Data Rights (UK GDPR)

Under UK GDPR, you have comprehensive rights over your personal data. These include:

• The right to be informed — to know what data we hold and how we use it.
• The right of access — to request a copy of your personal data at any time.
• The right to rectification — to have inaccurate data corrected.
• The right to erasure (the right to be forgotten) — to request permanent deletion of all your records and anonymised health data from our servers. Deletion requests are fulfilled within 30 days.
• The right to restrict processing and the right to object to processing.
• The right to data portability — to receive your data in a portable format.
• Rights in relation to automated decision-making — our formulation decisions are always reviewed and signed off by a human practitioner; no fully automated decisions are made about your health.

International transfers

To deliver our services, your general website information may be securely transferred and processed outside the UK, including in Canada and the United States, in compliance with applicable data protection law.

6. Cookies

Our public website uses cookies to ensure the site functions correctly and to collect aggregated, anonymised visitor statistics. We do not use advertising cookies or sell your browsing data to third parties.

You can control or disable cookies through your browser settings at any time. Disabling cookies may affect some website functionality but will not affect your ability to read our content.

7. Information Security & External Links

We secure the information you provide on servers in a controlled, protected environment with reasonable administrative, technical, and physical safeguards in place. No data transmission over the internet can be guaranteed 100% secure, but we take all reasonable measures to protect your information in transit and at rest.

Our website may occasionally link to external third-party websites or diagnostic laboratories for your convenience. We are not responsible for the privacy practices of those third parties and encourage you to review their specific privacy statements.

8. Legal Disclosure

We will disclose information we collect only if strictly required or permitted by law — for example, to comply with a subpoena or lawful government request — or where we believe in good faith that disclosure is necessary to protect our rights, your safety, or the safety of others, or to investigate fraud.

9. Contact & Data Rights Requests

To exercise any of your data rights, request deletion of your portal records, or ask any question about this policy, please contact our data protection team: