Privacy Policy

Protection of personal data of Telegram bot users @BioMaxingBot, @BioMaxingLifeBot, and @BioMaxingSupportBot

Privacy Policy

Last Updated: February 3, 2026

1. Introduction

This Privacy Policy explains how BioMaxing (“we”, “us”, or “our”) collects, uses, shares, and protects your personal data when you use our website and Telegram bots. We are committed to protecting your privacy and ensuring compliance with the General Data Protection Regulation (GDPR) (EU) 2016/679.

By using our services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please do not use our services.

2. Data Controller

The data controller responsible for your personal data is:

EntityMaria Elina (Sole Proprietor)
LocationAmsterdam, Netherlands
Emailprivacy@biomaxing.io

3. Personal Data We Collect

We collect and process the following categories of personal data:

3.1 Account Information

  • Telegram User ID (stored in hashed/encrypted form)
  • Email address (for web platform authentication)
  • Timezone preferences
  • Account settings and preferences

3.2 Health and Wellness Data (Special Category Data)

With your explicit consent, we may collect:

  • Supplement intake and tracking data
  • Habit tracking information (sleep duration, mood scores, exercise completion)
  • Health practices and wellness activity participation
  • Personal supplement stacks and combinations
  • AI chat conversations about health and supplements

3.3 Payment Information

  • Subscription tier and status
  • Payment transaction history
  • Note: Credit card details are processed directly by Stripe and never stored on our servers

3.4 Usage Data

  • Interaction with our Telegram bots
  • Website usage patterns (via self-hosted Umami analytics)
  • Bookmarks and saved items
  • Feature usage statistics

We process your personal data based on the following legal grounds under Article 6 and Article 9 of the GDPR:

Legal BasisPurposeData Categories
Contract Performance (Art. 6(1)(b))Providing our services, managing subscriptions, processing paymentsAccount data, payment data
Explicit Consent (Art. 9(2)(a))Processing health and wellness dataHealth data, habit tracking, supplement logs
Legitimate Interest (Art. 6(1)(f))Service improvement, security, analyticsUsage data, aggregated statistics
Legal Obligation (Art. 6(1)(c))Tax records, legal complianceTransaction records

5. How We Use Your Data

We use your personal data for the following purposes:

  • To provide and maintain our services, including Telegram bots and web platform
  • To process and manage your subscription and payments
  • To personalize your experience with supplement recommendations
  • To track your health and wellness progress (with your consent)
  • To provide AI-powered chat assistance for health inquiries
  • To improve our services through aggregated, anonymized analytics
  • To communicate with you about service updates and changes
  • To comply with legal obligations

6. Data Sharing and Third-Party Processors

We share your personal data with the following categories of recipients, all of whom are bound by Data Processing Agreements (DPAs) ensuring GDPR compliance:

6.1 Sub-Processors

ProcessorPurposeData ProcessedLocation
ScalewayCloud infrastructure hostingAll dataParis, France (EU)
StripePayment processingPayment details, emailIreland (EU)
TelegramBot platform communicationUser ID, messagesDubai (adequacy pending)
OpenRouter (AI Provider)AI chat assistanceChat messagesUSA (SCCs)

6.2 We Never Share Your Data

  • We never sell your personal data to third parties
  • We do not use third-party advertising or tracking services
  • We do not share data with supplement brands or affiliates

7. International Data Transfers

Your data is primarily stored within the European Union (Scaleway, Paris, France). When data is transferred outside the EU/EEA, we ensure adequate protection through:

  • EU Commission adequacy decisions
  • Standard Contractual Clauses (SCCs) approved by the EU Commission
  • Additional technical and organizational measures

8. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected:

Data CategoryRetention Period
Account dataDuration of account + 30 days after deletion
Health and wellness dataDuration of account (deleted upon request)
Payment records7 years (Dutch tax law requirement)
AI chat history90 days or until deletion request
Analytics data (Umami)24 months (aggregated, anonymized)

9. Your Rights Under GDPR

Under the GDPR, you have the following rights regarding your personal data:

Right of Access (Art. 15) You have the right to obtain confirmation of whether we process your personal data and to request a copy of your data.

Right to Rectification (Art. 16) You have the right to have inaccurate personal data corrected and incomplete data completed.

Right to Erasure (Art. 17) You have the right to request deletion of your personal data when it is no longer necessary for the purposes for which it was collected.

Right to Restrict Processing (Art. 18) You have the right to request restriction of processing in certain circumstances, such as when you contest the accuracy of your data.

Right to Data Portability (Art. 20) You have the right to receive your personal data in a structured, commonly used, machine-readable format (JSON/CSV).

Right to Object (Art. 21) You have the right to object to processing based on legitimate interests or for direct marketing purposes.

Right to Withdraw Consent (Art. 7(3)) Where processing is based on consent, you have the right to withdraw consent at any time without affecting the lawfulness of prior processing.

Right to Lodge a Complaint You have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) at www.autoriteitpersoonsgegevens.nl

How to exercise your rights: Contact us at privacy@biomaxing.com. We will respond within 30 days.

10. Cookies and Analytics

10.1 Essential Cookies

We use strictly necessary cookies for authentication purposes only. These cookies are essential for the website to function and cannot be disabled. They do not track you across websites or collect personal data for marketing purposes.

10.2 Analytics (Umami)

We use Umami, a privacy-focused, open-source analytics platform that we self-host on our own EU-based servers. Umami:

  • Does not use cookies for tracking
  • Does not collect personal identifiable information
  • Does not track users across websites
  • Is fully GDPR compliant by design
  • Provides only aggregated, anonymous website statistics

We do not use: Google Analytics, Facebook Pixel, or any third-party tracking services.

11. Security Measures

We implement appropriate technical and organizational measures to protect your personal data, following privacy by design and by default principles:

Technical Measures

  • Encryption in transit (TLS 1.3) and at rest (AES-256)
  • Hashing of sensitive identifiers (Telegram User IDs)
  • Regular automated backups with encryption
  • Secure secrets management
  • Infrastructure as Code with security best practices

Organizational Measures

  • Privacy by design architecture
  • Data minimization (we only collect necessary data)
  • Access controls and authentication requirements
  • Regular security assessments

12. Children’s Privacy

Our services are not intended for individuals under 18 years of age. We do not knowingly collect personal data from children. If we become aware that we have collected personal data from a child without parental consent, we will take steps to delete that information promptly.

13. Medical Disclaimer

BioMaxing provides educational information about supplements and wellness practices. Our services are not intended to diagnose, treat, cure, or prevent any disease. The information provided should not be considered a substitute for professional medical advice. Always consult with a qualified healthcare professional before making changes to your supplement regimen or health practices.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on our website and updating the “Last Updated” date. For significant changes, we will provide notice through our Telegram bots or by email.

15. Contact Us

If you have any questions about this Privacy Policy or wish to exercise your data protection rights, please contact us:

Emailprivacy@biomaxing.io
Response TimeWithin 30 days (as required by GDPR)
Supervisory AuthorityAutoriteit Persoonsgegevens (Dutch DPA)

Appendix A: List of Sub-Processors

This appendix provides detailed information about our sub-processors as required by GDPR Article 28:

NameProcessing ActivitiesTransfer MechanismDPA Status
Scaleway SASCloud hosting, database, storageN/A (EU processor)Standard DPA in ToS
Stripe, Inc.Payment processing, fraud preventionEU entity (Stripe Ireland)Stripe DPA available
Telegram FZ-LLCBot platform, messagingSCCs (user-initiated)Telegram Privacy Policy
OpenRouterAI/LLM chat processingSCCs + supplementary measuresDPA executed

— End of Privacy Policy —