Privacy.
What we collect, and why.
BIOHACKER collects only the personal data required to operate the catalogue, fulfil orders, and meet our regulatory obligations. We do not sell personal data. We do not run third-party advertising. This policy explains the rest.
01Data controller
The data controller is BIOHACKER TEAM.
Our Data Protection Officer can be reached at contact@biohacker.team.
02What we collect
We collect only what is necessary, for clearly defined purposes:
- Identity and contact — name, business email, phone, shipping address.
- Account — password hash, IP, user-agent, login history.
- Order data — items purchased, batch allocation, invoice records.
- Compliance — entity registration, intended use, jurisdiction (for partner applicants).
- Operational — support correspondence, telemetry strictly limited to error reports.
03How we use it
We use personal data to: (a) fulfil and account for orders, (b) issue Certificates of Analysis to the correct recipient, (c) verify partner applications, (d) meet anti-money-laundering, export-control, and tax obligations, and (e) communicate with you about your account.
We do not use personal data to train external machine-learning systems, profile you for advertising, or share it with marketers. Period.
04Lawful basis
We rely on the following lawful bases under the Swiss Federal Act on Data Protection (revFADP) and, where applicable, the EU GDPR: (i) contract performance, (ii) legal obligation, (iii) our legitimate interests in operating a compliant business, and (iv) your consent, where requested.
05Sharing
We share data only with: payment processors (Stripe Payments Europe Ltd., Adyen N.V., BitPay Inc.), shipping carriers (DHL, FedEx, World Courier), tax authorities and customs, and our auditors and legal counsel under professional confidentiality. All processors are bound by data-processing agreements.
06International transfers
Personal data is hosted in the European Economic Area. Where transfers outside the EEA are necessary, we rely on Standard Contractual Clauses or an adequacy decision. A list of current sub-processors is available on request.
07Retention
We retain personal data only for as long as necessary. Order and invoice records are retained for ten (10) years to satisfy Swiss commercial-law requirements. Marketing consent records are kept for two (2) years from withdrawal. Account data is deleted within thirty (30) days of account closure, except where retention is legally required.
08Your rights
Subject to applicable law, you have the right to access, rectify, erase, restrict, port, and object to the processing of your personal data, and to withdraw consent at any time without affecting the lawfulness of prior processing.
To exercise a right, write to contact@biohacker.team. We respond within thirty (30) days. You may also lodge a complaint with the Swiss FDPIC or your local supervisory authority.
09Security
Data is encrypted in transit (TLS 1.3) and at rest (AES-256). Access is restricted by role and reviewed quarterly. We run penetration tests annually and disclose material incidents to affected individuals and regulators within seventy-two (72) hours.
10Cookies
We use a small set of first-party cookies strictly for session management, language preference, and cart state. We do not run third-party analytics or advertising trackers.
Signed by BIOHACKER TEAM