BioForge

Account & Data Deletion

Last updated: May 2026

You can delete your BioForge account at any time. When you do, all athlete-scoped data we hold about you is removed from the live database (see “What is deleted” below). This page satisfies the requirement from the Google Play Store, the Apple App Store, and GDPR Article 17.

Option 1 — Delete from inside the app (recommended)

  1. Open the BioForge app (iOS or Android).
  2. Go to the Today tab → tap the profile icon in the top-right corner.
  3. Scroll to Account Delete account.
  4. Confirm. The deletion is processed immediately and you are signed out.

Option 2 — Delete from the web app

  1. Sign in at app.bioforge.science/login.
  2. Open Profile Account Delete account.
  3. Confirm. You will be signed out and the deletion runs.

Option 3 — If you no longer have access to your account

Email our Data Protection Officer at dpo@bioforge.science from the email address registered on your BioForge account. Include the words “Account deletion request” in the subject so we can prioritise it. We will reply within 7 days and complete the deletion within 30 days, in line with GDPR Article 12(3).

We may ask one verification question (e.g. last login date, last race you added) to confirm ownership — we will never ask for your password.

What is deleted

When your deletion request is processed, the following are removed from the live database via cascading delete:

  • Account data — email, name, profile picture, OAuth identifiers, hashed password.
  • Athletic profile — age, weight, height, FTP, VMA, CSS pace, max HR, LTHR, experience level, weekly hours, target races.
  • Health data (GDPR Article 9) — blood-work panels and markers, microbiome profiles, medical-history records, prescriptions, AI recommendations.
  • Genetic data (GDPR Article 9) — variant data, risk profiles, pharmacogenomic profiles. Raw genomic upload files are already deleted within 1 hour of upload, before this point.
  • Training data — completed sessions, programs, wellness entries (sleep, HRV, mood, soreness), race briefs, coach chat history.
  • Connected-account tokens — encrypted OAuth tokens for Intervals.icu, Garmin, Apple Health.

What is retained (and for how long)

  • Audit logs of admin access and consent events — retained for 5 years in pseudonymised form (account ID only, no email, no name) to satisfy our accountability obligations under GDPR Article 5(2) and Article 24.
  • Database backups — managed by our infrastructure provider (Railway). Your data persists in encrypted backups for the backup-retention window, then is overwritten. We do not restore data from backups for any reason other than disaster recovery, and re-deletion is applied on any restore.
  • Financial records — at the time of writing, BioForge is free during open beta, so we hold no billing data. If this changes, applicable tax law (currently 10 years in France) will require us to keep invoices.

Can I delete just my health or genetic data?

Yes. From Profile → Account → Data & consents you can withdraw consent for either category independently. Health data deletion removes blood-work, microbiome, and medical-history rows; genetic data deletion removes variants and downstream analyses. Your training profile, sessions, and coach chat remain functional.

Questions

For anything not covered here, email dpo@bioforge.science. The complete privacy policy is at /legal/privacy-policy.