This Privacy Policy explains how RAS BioHacker ("we", "us", "our") collects, uses, discloses and safeguards your information when you visit our website, mobile experience and use our services (collectively, the "Service"). We process personal data in accordance with the EU General Data Protection Regulation (Regulation (EU) 2016/679, "GDPR") and Greek Law 4624/2019.
1. Data Controller
The data controller responsible for your personal data is the operator of RAS BioHacker, whose website is developed and maintained by Pixelab (VAT: EL100843320), Greece. Contact: info@pixelab.gr.
2. Information We Collect
- Account data: email, name, password (hashed), authentication provider identifiers.
- Usage data: sessions listened to, program progress, preferences, device and browser info, IP address.
- Payment data: processed by our payment providers (e.g. Stripe). We do not store card details.
- Communications: messages you send us via the contact form or email.
3. Legal Bases for Processing
- Contract (Art. 6(1)(b) GDPR): to provide the Service you requested.
- Legitimate interest (Art. 6(1)(f)): security, fraud prevention, service improvement.
- Consent (Art. 6(1)(a)): non-essential cookies, marketing communications.
- Legal obligation (Art. 6(1)(c)): tax, accounting and regulatory record-keeping.
4. How We Use Your Data
- Provide and personalize the Service and audio sessions.
- Process payments and manage subscriptions.
- Communicate with you regarding your account, updates and support.
- Monitor and improve reliability, performance and security.
- Comply with legal obligations.
5. Sharing and Recipients
We share data only with trusted processors necessary to operate the Service: cloud hosting, database and authentication providers, payment processors, email delivery, and analytics. All processors are bound by data-processing agreements consistent with the GDPR. We do not sell your personal data.
6. International Transfers
Where data is transferred outside the European Economic Area, we rely on adequacy decisions or Standard Contractual Clauses adopted by the European Commission.
7. Data Retention
We keep personal data only for as long as necessary for the purposes described, or as required by law. Account data is deleted within 30 days of account closure; invoicing data is retained for the periods required by Greek tax law.
8. Your Rights
Under the GDPR you have the right to:
- Access, rectify or erase your personal data.
- Restrict or object to processing.
- Data portability.
- Withdraw consent at any time.
- Lodge a complaint with the Hellenic Data Protection Authority (www.dpa.gr).
To exercise your rights, contact info@pixelab.gr.
9. Security
We implement appropriate technical and organizational measures — encryption in transit, hashed credentials, access controls and monitoring — to protect your data from unauthorized access, alteration or disclosure.
10. Children
The Service is not directed to children under 16. We do not knowingly collect personal data from children without parental consent.
11. Changes to this Policy
We may update this Policy from time to time. Material changes will be notified via the Service or by email.
12. Contact
Questions about this Policy? Email info@pixelab.gr.