Privacy Policy

1. Data Controller

BODY-LAB

767 Ratke Camp, Bel Air, Sans Souci, Seychelles, SC (SYC)

Email: [email protected]

2. Data We Collect

Account and identity data: name, email, hashed password, and related account metadata.

Order and transaction data: billing/shipping details, items, totals, order status, and payment reference.

Technical and security logs: IP address, user agent, timestamps, and rate-limit / abuse-prevention events.

3. Purpose and Legal Basis

Contract performance: order processing, shipping coordination, and customer support.

Legitimate interests: platform security, abuse prevention, and operational reliability.

Legal obligations: accounting, tax compliance, and statutory retention duties.

4. Processors / Service Providers

Hosting/Infrastructure: VPS provider and Docker-based deployment (self-managed).

Database/Storage: PostgreSQL and Redis operated by BODY-LAB.

5. Retention Period

Orders and accounting data are stored for 10 years; support tickets for 24 months; security logs for up to 90 days, unless longer retention is legally required.

6. Your Rights

You may request access, correction, deletion, restriction, portability, and object to processing where applicable.

You may lodge a complaint with the competent Seychelles data protection authority.

7. Privacy Contact

Email: [email protected]

1. Data Controller

BODY-LAB

767 Ratke Camp, Bel Air, Sans Souci, Seychelles, SC (SYC)

Email: [email protected]

2. Data We Collect

Account and identity data: name, email, hashed password, and related account metadata.

Order and transaction data: billing/shipping details, items, totals, order status, and payment reference.

Technical and security logs: IP address, user agent, timestamps, and rate-limit / abuse-prevention events.

3. Purpose and Legal Basis

Contract performance: order processing, shipping coordination, and customer support.

Legitimate interests: platform security, abuse prevention, and operational reliability.

Legal obligations: accounting, tax compliance, and statutory retention duties.

4. Processors / Service Providers

Hosting/Infrastructure: VPS provider and Docker-based deployment (self-managed).

Database/Storage: PostgreSQL and Redis operated by BODY-LAB.

5. Retention Period

Orders and accounting data are stored for 10 years; support tickets for 24 months; security logs for up to 90 days, unless longer retention is legally required.

6. Your Rights

You may request access, correction, deletion, restriction, portability, and object to processing where applicable.

You may lodge a complaint with the competent Seychelles data protection authority.

7. Privacy Contact

Email: [email protected]