Coach
Explore
RecipesBlogBiomarkersPartner Labs
Health
Shop
Test PackagesPlans

Privacy Policy

How we handle your data

Last updated: March 2026

1. Controller

The controller within the meaning of the GDPR and the Swiss Data Protection Act (nDSG) is:

Evida Life AG
Sihleggstrasse 5, 8832 Wollerau, Switzerland
Email: •••@•••

2. Data we collect

User account

During registration we collect your email address and a password. Additional profile details (e.g. name, date of birth) can be added voluntarily. The legal basis is contract performance (Art. 6(1)(b) GDPR).

Health data

If you choose to track your health, we process health data with your explicit consent (Art. 9(2)(a) GDPR / Art. 6 nDSG). This includes self-entered biomarkers and lab values, medical conditions and allergies, dietary preferences, habit-tracker entries, AI coach conversations, and optional health notes. Once partner-lab integrations are active, biomarker values may be imported automatically from ISO-accredited labs after your separate consent. All health data is stored in our Supabase database in the EU/Zurich region under row-level security. You can export or delete this data at any time from your profile, and you may withdraw consent at any time.

Automatically collected data

When you visit our website, technically necessary data (IP address, browser, referrer) are stored in server logs for a very short time. This data is not linked to other data.

3. Analytics (Vercel)

We use Vercel Analytics sets no cookies, stores no personal data, and is fully GDPR-compliant. No data is shared with third parties.

4. Data storage (Supabase)

Your data is stored in Supabase infrastructure. Our database server is located in the EU (Zurich) region. Supabase processes data according to its privacy policy and acts as a data processor.

5. Cookies & Local Storage

We use strictly necessary cookies to maintain your login session after you sign in. These cookies are essential for the authentication service to function and do not require consent under EU law (Art. 5(3) ePrivacy Directive). We do not use any tracking, advertising, or third-party cookies. Our website analytics are provided by Vercel Analytics, which is fully cookieless and does not collect personal data.

6. Your rights

You have the right to:

  • Access your stored data (Art. 15 GDPR / Art. 25 nDSG)
  • Correction of inaccurate data (Art. 16 GDPR)
  • Deletion of your data (Art. 17 GDPR / Art. 32 nDSG)
  • Restriction of processing (Art. 18 GDPR)
  • Data portability (Art. 20 GDPR)
  • Withdrawal of consent at any time without giving reasons
  • Lodge a complaint with a supervisory authority (FDPIC, Switzerland)

Send requests to: •••@•••

7. Third parties and data sharing

We rely on the following processors to operate the platform. Each is bound by a data-processing agreement under Art. 28 GDPR / Art. 9 nDSG:

  • Supabase (Zurich, Switzerland) — database, authentication, file storage
  • Vercel (United States) — hosting and privacy-friendly analytics (cookieless)
  • OpenAI (United States) — AI coach and research responses
  • Anthropic (United States) — AI coach and research responses
  • ElevenLabs (United States) — text-to-speech audio generation
  • Deepgram (United States) — speech-to-text for voice check-ins
  • Stripe (United States / Ireland) — payment processing (activated when paid plans launch)
  • Partner labs (Switzerland, planned) — biomarker import once lab partnerships go live

Transfers to US-based processors are made under Standard Contractual Clauses (SCCs) as required by the GDPR. We never sell personal data.

8. Changes to this policy

We reserve the right to update this privacy policy as needed. The current version is always available on this page. For material changes, registered users will be notified by email.

9. Contact

For privacy-related questions, reach us at •••@•••.