General Data Protection Regulation
Last Updated: January 30, 2025
For EU/EEA Users
This page provides specific information for users in the European Economic Area (EEA), United Kingdom, and Switzerland about how Beatrace complies with the General Data Protection Regulation (GDPR) and protects your rights.
Beatrace is the data controller responsible for your personal data. We can be reached at:
Under GDPR, we process your personal data based on the following legal grounds:
We process your health data (heart rate, HRV, etc.) based on your explicit consent. You may withdraw consent at any time.
Processing necessary to provide the Service you've subscribed to, including account management and service delivery.
Processing for fraud prevention, security, service improvement, and analytics, where your interests don't override ours.
Processing required to comply with applicable laws and regulations.
Under GDPR, you have the following rights regarding your personal data:
You can request a copy of all personal data we hold about you.
Response time: Within 1 month (may be extended to 3 months for complex requests)
You can correct inaccurate or incomplete personal data.
Available in-app settings or by contacting support
You can request deletion of your personal data in certain circumstances.
Note: Some data may be retained for legal compliance
You can request we limit how we process your data.
Applies when accuracy is contested or processing is unlawful
You can receive your data in a structured, machine-readable format (JSON, CSV).
Includes health data, profile information, and activity history
You can object to processing based on legitimate interests or for direct marketing.
We will stop processing unless we have compelling legitimate grounds
You have the right not to be subject to decisions based solely on automated processing.
Note: Beatrace calculations are algorithmic but not legally significant automated decisions
You can withdraw consent for health data processing at any time.
Available in-app: Settings β Privacy β Manage Consents
To exercise any of your GDPR rights, you can:
In-App
Settings β Privacy β Data Rights
Web Portal
Response Timeline: We will respond to your request within 1 month. For complex requests, we may extend this to 3 months and will inform you of the delay.
Your heart rate, HRV, and related metrics are classified as "special category data" under GDPR Article 9. We process this sensitive data based on:
Your data may be transferred outside the EEA. We ensure adequate protection through:
We use EU-approved Standard Contractual Clauses with all data processors outside the EEA.
We transfer data to countries with EU adequacy decisions where possible.
End-to-end encryption and additional technical safeguards protect your data during transfers.
We retain your personal data only as long as necessary:
In compliance with GDPR Article 30, we maintain records of processing activities:
| Purpose | Legal Basis | Data Categories |
|---|---|---|
| Account Management | Contract | Name, Email, Profile |
| Health Tracking | Consent | Heart Rate, HRV |
| Rankings | Legitimate Interest | Anonymized Metrics |
| Payment Processing | Contract | Payment Info |
| Service Improvement | Legitimate Interest | Usage Analytics |
In the event of a data breach affecting your personal data:
If you believe we have not complied with GDPR, you have the right to lodge a complaint with:
Contact the data protection authority in your EU country:
Find Your Supervisory Authority β[Name of your lead supervisory authority]
[Contact details]
We implement data protection by design and by default:
For GDPR-related inquiries, contact our Data Protection Officer:
Data Protection Officer
Email: dpo@beatrace.app
GDPR Requests: gdpr@beatrace.app
Address: [Your Company Address]
We respond to all GDPR requests within 1 month. For urgent matters, please mark your email as "Urgent - GDPR Request."