Your Data, Your Rights

A-X Software, operator of BioForge, processes personal data, including special category data under Article 9 GDPR (health data, genetic data, biometric data), exclusively on the basis of your explicit consent.

You provide consent when you voluntarily upload health records, genetic data, blood work results, or microbiome profiles to the platform. You may withdraw consent at any time by deleting the relevant data or contacting our Data Protection Officer.

We process your data solely for the purpose of providing the BioForge service — training intelligence, health analysis, AI coaching, and personalized recommendations. We never process your data for advertising, profiling for third parties, or any purpose unrelated to your direct use of the platform.

Under the GDPR, you have comprehensive rights over your personal data. These include the right of access, rectification, erasure, restriction of processing, data portability, objection, rights related to automated decision-making, and the right to withdraw consent.

We have dedicated a full page to explaining each right in plain language, how to exercise it, and what to expect.

BioForge uses a limited number of sub-processors to operate the service. Each sub-processor is selected based on their data protection practices and is bound by contractual obligations to protect your data.

We maintain a public list of all sub-processors, including their purpose, location, and the categories of data they access.

Some of our sub-processors are located outside the European Economic Area (EEA), primarily in the United States. For all international transfers, we rely on the European Commission's Standard Contractual Clauses (SCCs) as the legal mechanism to ensure an adequate level of data protection.

We assess the data protection laws and practices of each destination country and implement supplementary measures where necessary. No personal data is transferred to countries without appropriate safeguards in place.

All data is encrypted in transit using TLS 1.3 and at rest using AES-256 encryption. Encryption keys are managed separately from the data they protect.

AI analysis via Anthropic's Claude operates under a zero-retention policy — your data is processed in real-time and is neither stored nor used for model training by the AI provider.

Infrastructure access is restricted, logged, and auditable. We use automated deployment pipelines with no manual server access.

Our Data Protection Officer is available to answer any questions about how BioForge processes your personal data, to receive data subject requests, and to handle any data protection concerns.

You can reach our DPO at dpo@bioforge.science. We commit to acknowledging receipt within 48 hours and responding substantively within 30 days, as required by the GDPR.

You also have the right to lodge a complaint with your local supervisory authority. For users in France, this is the Commission Nationale de l'Informatique et des Libertes (CNIL).