BioMetrix Professional Data Export

Privacy Policy

Privacy Policy Terms of Service
← Back to BioMetrix.pro

Last updated: 04.02.2026


1. About this document

This document covers all aspects of data protection for BioMetrix.pro services, including our Privacy Policy, Cookie Policy, GDPR compliance information, and Data Processing Agreement. By using our service, you agree to all terms outlined in this document.


2. Data controller information

Data controller:
Brand New Brand Ltd.
Unit 10, Enterprise Court, Farfield Park, Rotherham, S63 5DB, England
Registered with Companies House under number 09476258

EU Establishment:
EU Establishment:
ul. Wiejska 12/3, 00-490 Warsaw, Poland
VAT ID: PL5263518955
(official address only)

Contact:
Email: office@brandnewbrand.pro
Service Support: support@biometrix.pro
Website: https://biometrix.pro


3. Service description

BioMetrix.pro is a professional fitness data export service that allows users to securely download and export their personal fitness data from connected fitness platforms (such as Garmin Connect) in multiple formats for analysis, archiving, or integration with other tools.


4. Types of data we process

4.1 Personal information

Contact data: Email address, name (if provided)
Payment data: Payment information processed by Stripe (we do not store card details)
Order data: Package selection, date ranges, export preferences

4.2 Authentication data (temporary)

Platform credentials: Username and password for fitness platforms (encrypted, stored max 48 hours)
Authentication tokens: Temporary access tokens from fitness platforms
Two-factor authentication: Codes when required by fitness platforms

4.3 Fitness data (processed, not stored)

The following fitness data types are processed through our service but NOT permanently stored:
Sleep data, Activity data, Wellness metrics, Health metrics


5. Legal basis for data processing

We process your personal data under the following legal bases:
Contract Performance (Art. 6(1)(b) UK GDPR): To provide the data export service you have purchased
Consent (Art. 6(1)(a) UK GDPR): To access and process your fitness data for export
Legal Obligations (Art. 6(1)(c) UK GDPR): Tax, accounting, and legal compliance
Legitimate Interests (Art. 6(1)(f) UK GDPR): Service improvement, fraud prevention, technical support

Art. 9: We process health-related data (e.g. sleep, heart rate, activity) exclusively based on your explicit consent (art. 9(2)(a) UK GDPR). You can withdraw consent at any time – this does not affect the lawfulness of processing before withdrawal.


6. Data processing purposes

We process your personal data for the following purposes:
1. Providing export service: order fulfillment, downloading and formatting fitness data
2. Payment processing: processing payments via Stripe, issuing accounting documents
3. Customer communication: order status notifications, technical support
4. Legal compliance: fulfilling tax, accounting and legal obligations
5. Security: fraud prevention, protection against abuse
6. Service improvement: performance analysis, process optimization (based on legitimate interest)


7. Data retention and deletion

Fitness platform credentials: maximum 48 hours
Authentication tokens: Until export completion + 24 hours
Exported fitness data: maximum 48 hours
Download links: 48 hours from creation
Payment records: 7 years (legal requirement)
Order history: 2 years
Support communications: 1 year
System logs: 90 days


8. Data processors (DPA agreements)

We use data processors (e.g. hosting provider, Stripe payment operator). We conclude a data processing agreement with each processor (art. 28 UK GDPR), which ensures an appropriate level of security and processing exclusively on our documented instructions.


9. International transfers

Our main servers and databases are located in Poland. We process data primarily within the EU/EEA territory.

If we work with suppliers who process data outside the EEA/UK (e.g. in the USA – payment solutions), we ensure appropriate legal safeguards, such as Standard Contractual Clauses (SCCs) and/or adequacy decisions, in accordance with art. 44–49 UK GDPR.


10. Data security measures

Technical safeguards: TLS 1.3 encryption, AES-256 for stored data, Multi-factor authentication, Role-based access, Regular security audits

Organizational safeguards: Staff training, Privacy by design, Incident response procedures, Vendor management


11. Your rights under UK GDPR

You have the right to: Access your data, Rectify incorrect data, Erase data, Restrict processing, Data portability, Object to processing, Rights related to automated decision-making.

You can withdraw consent for health data processing at any time by contacting us: support@biometrix.pro.

How to exercise rights:
Email: support@biometrix.pro
Post: Brand New Brand LIMITED, Unit 10, Enterprise Court, Farfield Park, Rotherham, S63 5DB, England


12. Cookies

We use cookies: (a) necessary – required for service operation and payments; (b) analytics – for statistics and quality improvement; (c) marketing – for presenting targeted content. You cannot manage consent for necessary cookies (they are required). You can manage consent for analytics/marketing cookies through the banner on the site and browser settings. You can withdraw consent at any time.


13. Data breach notification

In case of personal data breach, we immediately take remedial action and – if required – report the breach to the supervisory authority (ICO) within 72 hours and inform the affected data subjects (art. 33–34 UK GDPR).


14. Contact information

General questions: hello@biometrix.pro
Customer support: support@biometrix.pro
Data Protection Officer: dpo@brandnewbrand.pro

Complaints: You have the right to lodge complaints with the Information Commissioner's Office (ICO): ico.org.uk