Elev-Aura LogoElev-Aura

Privacy Policy

**Last updated: July 1, 2025**

1. Introduction

At Elev-Aura, protecting your personal data and respecting your privacy is our absolute priority.

This Privacy Policy informs you about how we collect, use, store, and protect your personal data in accordance with the GDPR (EU Regulation 2016/679) and applicable Belgian legislation.

By using the Elev-Aura Application, you accept the practices described in this policy.

2. Data Controller

The controller of your personal data is:

**Stéphane Dekegel**
**Business number: 0697.828.490**
**VAT: BE0697.828.490**
**Address:** Belgium
**Email:** ceo@elev-aura.com

For any questions regarding your personal data, you can contact us at: ceo@elev-aura.com

3. Data Collected

We collect different categories of personal data depending on your use of the Application:

3.1 Identity and Contact Data - First and last name (optional) - Email address (required for account creation) - Date of birth - Unique account identifier

3.2 Health and Wellness Data **Important: This data is considered sensitive under GDPR.**

  • Menstrual cycle information (dates, duration, symptoms)
  • Biometric data (weight, height, BMI)
  • Physical activity information (type of exercise, duration, intensity)
  • Nutritional data (eating habits, goals)
  • Emotional and mental state information (mood, stress level)
  • Wellness and health goals
  • Progress history

3.3 Technical Data - Device type and model - Operating system - Application version - Device identifiers - IP address - Application browsing and usage data - Connection and error logs

3.4 Usage Data - Modules used (Sport, Nutrition, Mindset, Lifestyle, Cycle) - Time spent on the Application - Features accessed - Preferences and settings - Content interactions

3.5 Transaction Data - Subscription history - Subscription type (monthly/annual) - Subscription status - Billing information (processed by our payment providers)

**Note:** Payment information (credit card number) is never stored on our servers. It is processed directly and securely by our certified payment providers (Apple Pay, Google Pay, Stripe).

4. Legal Basis for Processing

In accordance with GDPR, we process your personal data on the following legal bases:

  • **Contract Performance**: Provision of coaching services and subscription management
  • **Consent**: Processing of sensitive health data, sending notifications and marketing communications
  • **Legitimate Interest**: Service improvement, Application security, fraud prevention
  • **Legal Obligation**: Compliance with accounting and tax obligations

For health data, we obtain your explicit consent when creating your account and when first using each module.

5. Processing Purposes

We use your personal data for the following purposes:

5.1 Service Provision and Personalization - Create and manage your user account - Provide personalized support adapted to your profile - Generate customized recommendations and action plans - Track your progress and results - Adapt content to your needs and goals

5.2 Application Improvement - Analyze Application usage (anonymized) - Identify and fix bugs - Develop new features - Improve user experience

5.3 Communication and Support - Answer your questions and requests - Inform you of updates and new features - Send you progress-related notifications (if enabled) - Offer you relevant advice and content

5.4 Administrative and Legal Management - Manage your subscription and payments - Comply with legal and regulatory obligations - Prevent fraud and ensure security

5.5 Marketing (with your consent) - Offer you personalized deals - Inform you of our news and events - Collect your feedback and suggestions

5.6 Automated Processing and Personalization

Some Elev-Aura features rely on automated processing to personalize recommendations (sport, nutrition, and wellness). These processes analyze information provided by the user to offer adapted content. The user always retains final control over their choices and can modify or ignore any recommendation. These automated processes do not produce any legal effects within the meaning of Article 22 of the GDPR.

6. Retention Period

We retain your personal data only for as long as necessary for the purposes for which it was collected:

  • **Active Account Data**: Throughout your subscription
  • **Data After Termination**: Maximum 3 years after subscription ends (legal limitation period)
  • **Health Data**: Immediate deletion or anonymization upon request, maximum retention of 3 years after subscription ends
  • **Billing Data**: 10 years in accordance with accounting obligations
  • **Technical Data/Logs**: Maximum 12 months

You may request early deletion of your data at any time (see section 9).

7. Data Recipients

Your personal data is accessible only to the following persons and entities:

7.1 Authorized Personnel - Our technical team for maintenance and support - Our development team for Application improvement - Our customer service to answer your requests

All our employees are bound by strict confidentiality obligations.

7.2 Service Providers We use trusted service providers to help us deliver our services:

  • **Technical Platform and Hosting (Floot)**: The Elev-Aura application is developed and hosted on the Floot platform (floot.app), which provides the technical infrastructure including application hosting, database, server-side code execution (serverless backend), and deployment management. As a technical sub-processor, Floot has technical access to data stored in the infrastructure it operates. This access is strictly governed and limited to maintenance and platform operations. Data is encrypted in transit and at rest.
  • **Payment**: Apple Pay, Google Pay, Stripe (secure payment processing)
  • **Analytics**: Anonymized analysis tools (Plausible Analytics - privacy-friendly)
  • **Push Notifications**: OneSignal (if you have enabled notifications)
  • **Customer Support**: Support management tools
  • **Personalization and Content Generation**: Technology providers for personalized content generation and recommendations, including artificial intelligence services (OpenAI). Processing is governed by GDPR-compliant contractual clauses, including Standard Contractual Clauses (SCCs) approved by the European Commission.

These providers act as processors and are contractually required to respect the confidentiality and security of your data in accordance with GDPR.

7.3 Legal Obligations We may disclose your data if required by law or in response to a legal request from competent authorities.

**We never sell your personal data to third parties and never use it for commercial purposes other than those described in this policy.**

8. Transfers Outside the European Union

We strive to minimize data transfers outside the European Union. Our servers and main providers are located in the EU.

If a transfer outside the EU becomes necessary (for example, for certain cloud services), we ensure that:
- The country benefits from an adequacy decision by the European Commission, OR
- Standard Contractual Clauses (SCCs) approved by the European Commission are in place, accompanied where necessary by supplementary protection measures

You can contact us for more information about these transfers and the safeguards in place.

Regarding our hosting platform Floot, we invite you to consult their privacy policy at floot.app for additional details about their server locations and data protection practices. In case of transfers outside the EU via Floot's infrastructure, Standard Contractual Clauses (SCCs) and appropriate protection measures are applied.

9. Your Rights

In accordance with GDPR, you have the following rights regarding your personal data:

9.1 Right of Access You can obtain a copy of all personal data we hold about you.

9.2 Right to Rectification You can request correction of inaccurate or incomplete data. You can also directly modify certain information from your account settings.

9.3 Right to Erasure ("right to be forgotten") You can request deletion of your personal data. This deletion will result in permanent closure of your account.

You can perform this deletion directly from your account settings or contact us at privacy@elev-aura.com.

9.4 Right to Data Portability You can retrieve your data in a structured, commonly used, machine-readable format and transmit it to another controller.

9.5 Right to Object You can object at any time to processing of your data for direct marketing purposes or for legitimate reasons.

9.6 Right to Restriction of Processing You can request restriction of processing of your data in certain circumstances (e.g., when contesting data accuracy).

9.7 Right to Withdraw Consent For processing based on your consent (health data, notifications, marketing), you can withdraw your consent at any time from your account settings.

9.8 Right to File a Complaint If you believe your rights are not being respected, you can file a complaint with the Data Protection Authority (APD) – Belgium: - Website: https://www.autoriteprotectiondonnees.be - Address: Rue de la Presse 35, 1000 Brussels, Belgium

**To exercise your rights, contact us at: privacy@elev-aura.com**

We commit to responding to your request within a maximum of one month.

10. Data Security

We implement appropriate technical and organizational measures to protect your personal data against destruction, loss, alteration, disclosure, or unauthorized access:

  • **Encryption**: All sensitive data is encrypted in transit (HTTPS/TLS) and at rest
  • **Secure Authentication**: Robust authentication process to protect access to your account
  • **Access Control**: Limited data access on a "need to know" basis
  • **Secure Servers**: Infrastructure hosted in certified data centers in Europe
  • **Managed Infrastructure**: The application is hosted on a professional technical platform (Floot) that handles infrastructure management, security updates, and system monitoring
  • **Monitoring**: Monitoring and logs to detect security incidents
  • **Regular Backups**: Encrypted backups of your data to prevent data loss
  • **Security Testing**: Regular security audits and tests
  • **Staff Training**: Data protection awareness for our teams

Despite these measures, no system is completely foolproof. We recommend choosing a strong password and not sharing it.

11. Cookies and Trackers

The Application uses cookies and similar technologies. For more information, please see our [Cookie Policy](/legal/cookies).

In summary:
- **Essential Cookies**: Necessary for Application operation (session, authentication)
- **Analytical Cookies**: To understand Application usage (anonymized, opt-in)
- **Functional Cookies**: To remember your preferences
- **Marketing Cookies**: To offer you relevant content (opt-in)

You can manage your cookie preferences from the Application settings or via the cookie management panel.

12. Policy Modifications

We reserve the right to modify this Privacy Policy at any time to reflect changes in our practices, legislation, or the Application.

In case of substantial modification, we will inform you by email or notification in the Application at least 30 days before the changes take effect.

The last update date is indicated at the top of this document.

We encourage you to regularly review this policy to stay informed about how we protect your data.

13. Minors' Data

The Elev-Aura Application is intended for adults. We do not knowingly collect personal data from minors under 18 years of age.

If you are a parent or guardian and discover that your child has provided us with personal data, please contact us immediately at privacy@elev-aura.com so we can delete this data.

14. Contact - Data Protection Officer (DPO)

For any questions regarding this Privacy Policy or exercising your rights, you can contact our data protection officer:

**Email:** privacy@elev-aura.com
**Postal Address:** Stéphane Dekegel, Belgium
**Business number: 0697.828.490**
**VAT: BE0697.828.490**

We commit to processing your request as quickly as possible and providing you with all necessary information.

---

*This policy is written in compliance with the GDPR (EU Regulation 2016/679) and applicable Belgian data protection legislation.*

*By using Elev-Aura, you acknowledge that you have read and understood this Privacy Policy.*

Last updated: 7/1/2025