Legal & Privacy

Privacy Policy

Effective: 1 January 2026

Last reviewed: 1 March 2026

Version 2.0

Please read this Privacy Policy carefully. It explains how Bionic Ring, Inc. ("Bionic Ring", "we", "us", "our") collects, uses, stores, shares, and protects the personal data of people who use our website (bionicring.com), the Bionic Ring mobile application, and our smart ring hardware products, including Bionic Eve and Bionic Adam.

By visiting bionicring.com, creating an account, purchasing a Bionic Ring product, or using the Bionic Ring app, you are accepting and consenting to the practices described in this policy. This notice is provided in accordance with the UK General Data Protection Regulation (UK GDPR), the EU General Data Protection Regulation (EU GDPR 2016/679), the Data Protection Act 2018, the California Consumer Privacy Act (CCPA), and other applicable data protection laws.

For specific information about cookies and tracking technologies, please read our separate Cookie Policy. For health data collected by your ring, additional protections are described in Section 6 of this policy.

Contents

1. Who we are 2. Personal data we collect 3. How and why we use your data 4. Our lawful bases for processing 5. Special category data 6. Health & biometric data 7. Who we share data with 8. International data transfers 9. How long we keep your data 10. Your rights 11. Children's privacy 12. Security 13. Third-party links 14. California residents (CCPA) 15. Changes to this policy 16. Contact & complaints

Section 01

Who we are — the Data Controller

The data controller responsible for your personal data is:

◎ Bionic Ring, Inc.

Registered address: 1209 Orange Street, Wilmington, Delaware 19801, United States
Company number: US Delaware Corporation #7845221
UK registered entity: Bionic Ring UK Ltd, 7 Bell Yard, London WC2A 2JR (UK GDPR Article 27 Representative)
EU registered entity: Bionic Ring Europe GmbH, Rosenheimer Str. 143C, 81671 Munich, Germany (EU GDPR Article 27 Representative)
Data Protection Officer: Dr. Elena Vasquez — privacy@bionicring.com
General enquiries: hello@bionicring.com | +1 (800) 247-2664

Where this policy refers to "Bionic Ring", it includes Bionic Ring, Inc. and its wholly owned subsidiaries Bionic Ring UK Ltd and Bionic Ring Europe GmbH, all of which operate under unified data governance standards.

Section 02

Personal data we collect

We collect personal data in the following categories, depending on your relationship with us:

2.1 Data you provide directly

Account registration: your name, email address, password (stored as a one-way cryptographic hash), date of birth, and biological sex (used only to calibrate health algorithms — see Section 6).
Purchase and billing: your name, billing address, delivery address, and payment card details. Payment card data is processed exclusively by our PCI-DSS Level 1 certified payment processor (Stripe) and is never stored on Bionic Ring servers.
Health profile: information you voluntarily provide within the app, such as your health goals, medical conditions you choose to disclose, and menstrual cycle history (Bionic Eve users).
Communications: any messages you send us via email, live chat, contact forms, or social media, including the content of support tickets.
Surveys and feedback: responses to product satisfaction surveys, beta testing feedback, and research questionnaires.
Marketing preferences: your consent status for marketing communications and the channels you prefer.
Ring sizing: your finger circumference measurement, which you provide via our sizing guide or sizing kit.

2.2 Data collected automatically

Website usage data: IP address, browser type and version, operating system, referring URL, pages visited, time on page, click events, and session duration, collected via server logs and analytics tools.
Device and technical data: device type, device identifiers (where permitted by your OS settings), screen resolution, timezone, language preference, and app version.
Cookies and similar technologies: as described in our Cookie Policy.
Location data: approximate location derived from your IP address for fraud prevention and regulatory compliance. We do not collect precise GPS location unless you explicitly grant location permission in the Bionic Ring app.

2.3 Biometric and health data from the Bionic Ring device

When you wear your Bionic Ring and sync it with the app, the following biometric signals are measured and transmitted to our servers (this is described in full in Section 6):

Continuous photoplethysmography (PPG) — heart rate, heart rate variability (HRV), blood oxygen saturation (SpO₂)
Skin temperature readings, measured to ±0.1°C precision
Accelerometer and gyroscope data — movement, activity classification, step count, workout detection
Sleep staging data derived from the above sensor inputs — deep sleep, REM, light sleep, and wake periods
For Bionic Eve users: basal body temperature (BBT) trend, menstrual cycle phase estimates, and predicted fertile window
Readiness score, strain score, and recovery score — algorithmic outputs derived from the above raw signals

2.4 Data from third parties

Social sign-in: if you choose to register or sign in using Apple ID or Google Sign-In, we receive your name and email address from those providers.
Health platform integrations: if you connect Bionic Ring to Apple Health, Google Health Connect, or Garmin Connect, we may receive or share activity, sleep, or heart rate data with those platforms as directed by you.
Affiliate referrals: if you arrive at bionicring.com via an affiliate link, we receive an anonymised referral code from our affiliate tracking system.
Fraud prevention: we may receive fraud risk signals from our payment processor (Stripe) and security providers (Cloudflare).

Section 03

How and why we use your data

We use your personal data only for the specific purposes described below. We do not sell your personal data to any third party.

🛍️ Processing your order and delivering your product Contract

We process your name, address, and payment information to fulfil your order, arrange shipping, issue receipts, and manage returns and warranties.

🏥 Providing the Bionic Ring health service

We process your biometric and health data to calculate your health metrics, generate your readiness and sleep scores, provide cycle tracking (Bionic Eve), and personalise coaching recommendations within the app. You provide explicit consent for this when you set up your account and device.

📧 Communicating with you about your account and products Contract Legitimate Interests

We use your contact details to send order confirmations, shipping updates, security alerts, product recall notices, critical app updates, and responses to your support requests. These are not marketing communications and you cannot opt out of them while you remain a customer.

📊 Improving our products and services through analytics Legitimate Interests

We use aggregated, anonymised data about how users interact with our website and app to identify bugs, improve features, and prioritise our product roadmap. Individual biometric data is never used for this purpose without your separate consent.

📣 Sending marketing communications

With your opt-in consent, we will send you emails, push notifications, and personalised in-app messages about new products, features, offers, and health content. You may withdraw this consent at any time via your account settings or by clicking "unsubscribe" in any marketing email. Withdrawal will not affect any prior lawful processing.

🔒 Fraud prevention and security Legitimate Interests Legal Obligation

We process technical data including IP addresses, device fingerprints, and login patterns to detect and prevent fraudulent activity, unauthorised account access, and malicious use of our platform. We may share data with law enforcement when legally required.

⚖️ Complying with legal obligations Legal Obligation

We retain certain records — including purchase histories, VAT records, and communications logs — for the periods required by UK, EU, and US tax, accounting, and consumer protection laws.

🔬 Scientific research and product development

With your separate explicit consent (opt-in, never assumed), we may use your anonymised and de-identified health data in aggregate form to improve the accuracy of our health algorithms, conduct internal clinical validation studies, or collaborate with academic research partners. You will always be asked separately for this consent and can withdraw it at any time.

Section 04

Our lawful bases for processing

Under UK GDPR and EU GDPR, every instance of personal data processing must rest on one of six lawful bases. The bases we rely upon are set out below:

Consent (Article 6(1)(a)): You have given clear, informed, and freely withdrawable consent to the specific processing activity. We rely on consent for marketing communications, for processing special category health data (see Section 5), and for participation in research.
Contract (Article 6(1)(b)): Processing is necessary to perform a contract with you — for example, processing your order, delivering your ring, or providing the health tracking service you have paid for.
Legal obligation (Article 6(1)(c)): Processing is necessary to comply with our legal obligations — for example, retaining financial records for HMRC, responding to court orders, or reporting suspicious transactions under anti-money-laundering laws.
Vital interests (Article 6(1)(d)): In emergency situations, we may process data where necessary to protect your life or someone else's life — for example, if health data indicates an acute cardiac event and you have enabled emergency alert features.
Legitimate interests (Article 6(1)(f)): Processing is necessary for our legitimate business interests, provided those interests are not overridden by your rights and interests. We conduct a Legitimate Interests Assessment (LIA) for each use under this basis. Our legitimate interests include: improving our products and services, preventing fraud and security threats, and sending service-related communications.

📋

Where we rely on legitimate interests as our lawful basis, you have the right to object to that processing. If you object, we will stop processing your data for that purpose unless we can demonstrate compelling legitimate grounds that override your rights. To exercise this right, contact privacy@bionicring.com.

Section 05

Special category data

Special category data is a set of particularly sensitive personal data types that receive additional protection under Article 9 of UK GDPR and EU GDPR. We process the following special category data:

Health data — including heart rate, HRV, SpO₂, sleep patterns, skin temperature, and any health conditions you voluntarily disclose in your health profile. All health tracking data collected by the Bionic Ring device and app constitutes health data under GDPR.
Biometric data — finger dimensions used to fit your ring. Note: raw sensor data from the ring's PPG and accelerometer sensors is processed to derive health metrics and may constitute biometric data in some jurisdictions.
Data concerning sex life or sexual orientation — menstrual cycle, ovulation, and fertility data collected by Bionic Eve relates to reproductive health and is afforded the highest level of protection.

Our lawful basis for processing special category data under Article 9(2) UK GDPR is your explicit consent (Article 9(2)(a)), supplemented where applicable by:

The provision of healthcare or treatment (Article 9(2)(h)) where you use our data exports for medical consultations
Processing necessary for reasons of public interest in the area of public health (Article 9(2)(i)) where you have separately opted into de-identified research participation

You may withdraw your consent to the processing of special category data at any time. Note that withdrawal will result in the Bionic Ring health tracking features becoming unavailable, as they cannot function without accessing and processing this data.

Section 06

Health & biometric data — additional protections

Our commitment on health data

Health data is the most sensitive data we hold. We have designed Bionic Ring's data infrastructure from the ground up with the following non-negotiable protections:

Never sold: Your health and biometric data is never sold to any third party, under any circumstances.
Never used for advertising: Health data collected by your ring or the app is never shared with advertising networks or used to serve targeted advertisements.
Never combined with marketing data: Our health data systems are technically separated from our marketing analytics systems. A firewall prevents any combination of individual health metrics with advertising platforms.
Encrypted end-to-end: Data transmitted from your ring to your phone, and from your phone to our servers, is encrypted using TLS 1.3. All health data is encrypted at rest using AES-256 with per-user encryption keys.
Deletable on request: You can permanently delete all health data we hold about you at any time from within the app (Account → Privacy → Delete All Health Data), or by contacting privacy@bionicring.com.

How health data is processed

Your Bionic Ring device collects raw sensor data locally on the ring. This data is transmitted via Bluetooth Low Energy (BLE) to the Bionic Ring mobile app on your smartphone, and then transmitted over an encrypted HTTPS connection to our servers for processing.

On our servers, the raw sensor data is processed by our proprietary health algorithms to produce derived metrics (heart rate, HRV, sleep stages, readiness score, etc.). The derived metrics are stored in your account. Raw sensor data is retained for 90 days for algorithm debugging and then deleted permanently.

Health platform integrations

If you connect Bionic Ring to a third-party health platform, data flows are as follows:

Apple Health (iOS): You control which metrics are shared with Apple Health via iOS permissions. Bionic Ring writes workout, sleep, heart rate, HRV, SpO₂, and step data to Apple Health if you permit it. We do not read any data from Apple Health.
Google Health Connect (Android): Same as Apple Health — you control all permissions within Android settings. Bionic Ring writes data only; we do not read from Google Health Connect.
Third-party fitness apps: If you authorise a third-party app to access your Bionic Ring data via our API, you are consenting to that third party's own privacy policy. We recommend reviewing their policies before granting access.

Bionic Eve — additional reproductive health data protections

Cycle tracking, fertility window data, basal body temperature history, and ovulation predictions collected by Bionic Eve are subject to the following additional protections, recognising the particularly sensitive nature of reproductive health information:

Reproductive health data is stored in a separately encrypted, access-controlled data partition that requires elevated permissions for Bionic Ring employees to access.
Bionic Ring will never share reproductive health data with any government authority, law enforcement agency, or insurance provider unless compelled by a court order with specific legal jurisdiction over us.
In jurisdictions where reproductive healthcare may be criminalised or restricted, we advise users to review their local laws. We will challenge any requests for reproductive health data from authorities in such jurisdictions and will notify affected users where legally permitted to do so.
You may delete all reproductive health data from your account at any time independently of other health data.

Section 07

Who we share your data with

We share personal data only with the parties listed below, and only to the extent necessary for the stated purpose. We never sell personal data. All third parties who process data on our behalf are bound by Data Processing Agreements (DPAs) under Article 28 UK GDPR.

Service providers (data processors)

Stripe, Inc. (US) — Payment processing. Stripe processes payment card data on our behalf under its own PCI-DSS Level 1 certification. We never receive or store raw payment card numbers.
Amazon Web Services, Inc. (US, EU, UK) — Cloud infrastructure. All Bionic Ring application servers, databases, and file storage run on AWS infrastructure. Health data is stored exclusively in AWS EU (Frankfurt) and AWS UK (London) regions.
Google LLC (US) — Google Analytics 4 (website analytics, with IP anonymisation enabled). Google Ads conversion tracking (if you have consented to marketing cookies).
Hotjar Ltd (Malta, EU) — Website session recording and heatmaps for UX improvement. Configured to mask all health data fields.
Intercom, Inc. (US) — Customer support live chat. Only your name, email, and support conversation history are shared.
Klaviyo, Inc. (US) — Email marketing platform. Receives your email address and marketing preferences only if you have opted in to marketing communications.
Shipwire / Ingram Micro (US, UK, EU) — Third-party logistics and order fulfilment. Receives your name, delivery address, and order details to process shipments.
Sift (US) — Fraud detection. Receives device and behavioural signals to assess transaction risk.
Cloudflare, Inc. (US) — Content delivery network, DDoS protection, and bot management.

Health research partners

Where you have separately opted in to research participation, we may share de-identified, aggregated health data with academic or clinical research partners. This data contains no names, email addresses, device identifiers, or any information that could identify you individually. A list of current research partners is available at bionicring.com/research-partners.

Professional advisers and legal authorities

Legal and financial advisers: solicitors, accountants, and auditors who provide professional services to Bionic Ring, subject to professional confidentiality obligations.
Regulators: the ICO, HMRC, Companies House, and equivalent authorities in other jurisdictions, where required by law.
Law enforcement: we disclose data to police, courts, or government bodies only when legally obliged to do so by a valid warrant, court order, or statutory notice. We will notify you of such requests where legally permitted.

Business transfers

If Bionic Ring is acquired by, merged with, or sells all or substantially all of its assets to another company, personal data held by us may form part of the transferred assets. In such event, we will notify you by email and by posting a prominent notice on our website at least 30 days before your data is transferred and becomes subject to a different privacy policy.

Section 08

International data transfers

Bionic Ring is headquartered in the United States. When we transfer personal data from the UK or EU to the US or other countries outside the UK/EEA, we ensure appropriate safeguards are in place:

Standard Contractual Clauses (SCCs): The primary mechanism for transfers from UK and EU to third countries. All Data Processing Agreements with US-based service providers incorporate the UK ICO's International Data Transfer Agreement (IDTA) and/or the EU SCCs (Commission Implementing Decision 2021/914).
EU-US Data Privacy Framework: Several of our US service providers (including Google and Meta) are certified under the EU-US Data Privacy Framework, providing an adequacy basis for transfers.
Adequacy decisions: Where we transfer data to countries for which the UK or EU has issued an adequacy decision (e.g., Japan, Canada, Israel), we rely on that adequacy basis.

Health data residency: All health and biometric data is processed and stored exclusively within AWS EU (Frankfurt, eu-central-1) and AWS UK (London, eu-west-2) data centres. Health data does not leave the UK/EU region, with the sole exception of technical data transiently processed by AWS global services that operate under EU SCCs.

🌍

You may request a copy of the specific safeguards in place for any international transfer by writing to our Data Protection Officer at privacy@bionicring.com.

Section 09

How long we keep your data

We retain personal data only for as long as necessary for the purposes for which it was collected, or as required by law. Our retention periods are set out below:

Data category	Retention period	Reason
Account data (name, email, profile)	Duration of account + 2 years	Active service delivery; 2-year buffer to reactivate or raise disputes after account deletion.
Purchase and billing records	7 years from transaction	UK Companies Act 2006 and HMRC requirement. 6 years for US federal tax compliance (IRS).
Health & biometric data (derived metrics)	Duration of account; deleted on request	Required to provide the health tracking service. Deleted immediately upon request or account deletion.
Raw sensor data (PPG, accelerometer)	90 days	Algorithm debugging and accuracy validation. Deleted automatically after 90 days regardless of account status.
Reproductive health data (Bionic Eve)	Duration of account; deleted on request	Service delivery. Deletable independently of other health data at any time.
Support communications	3 years from last interaction	Product improvement and dispute resolution. Deleted on request subject to ongoing disputes.
Marketing consent records	5 years from last activity	Legal requirement to demonstrate consent under PECR and UK GDPR.
Cookie consent records	13 months from consent	ICO guidance on consent records under PECR.
Website server logs	90 days	Security monitoring and incident investigation.
Analytics data (aggregated)	26 months	Google Analytics GA4 default (14 months user-level; 26 months aggregated reporting).
Fraud and security records	7 years	To detect recurring fraud patterns and comply with anti-money-laundering obligations.

When the retention period for any category of data expires, we will either permanently delete it or irreversibly anonymise it so that it can no longer be linked to you.

Section 10

Your rights

Under UK GDPR and EU GDPR, you have the following rights regarding your personal data. All requests should be sent to privacy@bionicring.com. We will respond within one calendar month of receipt, and will extend this to three months only for complex or numerous requests (in which case we will notify you within the first month).

📋

Right to be Informed

You have the right to be informed about how we collect and use your personal data — this privacy notice fulfils that obligation.

Article 13 & 14 UK GDPR

🔍

Right of Access (Subject Access Request)

You have the right to request a copy of all personal data we hold about you, including health data, purchase history, and communications. We provide this free of charge within one month.

Article 15 UK GDPR

✏️

Right to Rectification

If your personal data is inaccurate or incomplete, you have the right to have it corrected. Most profile data can be corrected directly in the Bionic Ring app.

Article 16 UK GDPR

🗑️

Right to Erasure ("Right to be Forgotten")

You can request deletion of your personal data. Health data can be deleted immediately within the app. Some data may be retained for legal obligations (e.g., billing records). We will tell you what cannot be deleted and why.

Article 17 UK GDPR

⏸️

Right to Restriction of Processing

You may request that we limit the way we use your data in certain circumstances — for example, while you contest the accuracy of data we hold, or while an objection is being assessed.

Article 18 UK GDPR

📤

Right to Data Portability

For data you have provided to us under a consent or contract basis, you may request it in a structured, commonly used, machine-readable format (JSON or CSV). Your full health history is available to export from the Bionic Ring app at any time.

Article 20 UK GDPR

🚫

Right to Object

You have the right to object to processing based on legitimate interests or for direct marketing purposes. For direct marketing, your objection is absolute — we must stop immediately. For legitimate interests, we will assess whether our grounds override your rights.

Article 21 UK GDPR

🤖

Rights in Automated Decision-Making

Our health scores (readiness, sleep, recovery) are generated algorithmically. These are informational and do not constitute legally or significantly consequential automated decisions. You may request human review of any score if you believe it is materially inaccurate.

Article 22 UK GDPR

✅

Many of these rights can be exercised directly within the Bionic Ring app under Account → Privacy & Data — including exporting your health data, deleting health data, managing marketing preferences, and deleting your account entirely. For requests that cannot be fulfilled in-app, email privacy@bionicring.com and we will respond within one calendar month.

Section 11

Children's privacy

Bionic Ring products and services are not directed at children under the age of 18. We do not knowingly collect personal data from anyone under 18 years of age.

If you are under 18, please do not use bionicring.com or the Bionic Ring app, and do not provide us with any personal data. If we become aware that we have collected personal data from a person under 18 without verification of parental consent, we will delete that data immediately.

If you are a parent or guardian and believe your child under 18 has provided us with personal data, please contact us at privacy@bionicring.com and we will act promptly.

Section 12

Security

We take the security of your personal data seriously and have implemented appropriate technical and organisational measures to protect it against unauthorised access, loss, alteration, or destruction:

Encryption in transit: All data transmitted between the Bionic Ring device, the mobile app, and our servers is encrypted using TLS 1.3. We enforce HTTPS across all our web properties with HSTS preloading.
Encryption at rest: All databases containing personal data are encrypted at rest using AES-256. Health data uses per-user encryption keys managed through AWS Key Management Service (KMS).
Access controls: Access to personal data is restricted to Bionic Ring employees and contractors who need it to do their jobs. All access is authenticated using multi-factor authentication (MFA) and is logged.
Penetration testing: We commission independent third-party penetration tests of our infrastructure and mobile apps at least twice per year.
Bug bounty programme: We operate a responsible disclosure and bug bounty programme at security.bionicring.com. Security researchers who responsibly disclose vulnerabilities are credited and rewarded.
Employee training: All Bionic Ring employees with access to personal data receive data protection and security training at onboarding and annually thereafter.
Incident response: In the event of a personal data breach, we will notify the relevant supervisory authority within 72 hours of becoming aware of it (as required by Article 33 UK GDPR), and will notify affected individuals where the breach is likely to result in a high risk to their rights and freedoms.

While we take every precaution, no transmission of data over the internet is completely secure. If you have reason to believe your Bionic Ring account has been compromised, please contact us immediately at security@bionicring.com.

Section 13

Third-party links and services

Our website and app may contain links to, and integrations with, websites and services operated by third parties — for example, links to our social media profiles, media coverage, retail partners, and health platform integrations (Apple Health, Google Health Connect).

When you access a third-party website or service, their privacy policy governs the collection and use of your data — not ours. We do not accept any responsibility or liability for the privacy practices of third parties. We recommend reading the privacy policy of any website or service you visit before submitting personal data.

Embedded content from third parties (such as YouTube videos or social media posts displayed on our website) may allow those third parties to collect data about your interactions with that embedded content, subject to their privacy policies. We only embed third-party content where you have consented to the relevant cookie category (see our Cookie Policy).

Section 14

California residents — CCPA / CPRA rights

If you are a California resident, the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA) grants you specific rights regarding your personal information. In addition to the rights described in Section 10, you have the following:

Right to Know: You have the right to know the categories of personal information we collect, the purposes for which we use it, the categories of third parties we share it with, and the specific pieces of personal information we hold about you.
Right to Delete: You may request deletion of your personal information, subject to certain exceptions (e.g., completing a transaction, detecting security incidents, legal obligations).
Right to Correct: You may request correction of inaccurate personal information.
Right to Opt-Out of Sale or Sharing: Bionic Ring does not sell your personal information. We do not share personal information with third parties for cross-context behavioural advertising without your consent. A "Do Not Sell or Share My Personal Information" link is not required as we do not engage in these practices.
Right to Limit Use of Sensitive Personal Information: California law designates health data, biometric data, and precise geolocation as sensitive personal information. We use sensitive personal information only to provide the Bionic Ring service and as described in this policy — not to infer characteristics about you beyond what is necessary for the service.
Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights.

To exercise California rights, contact privacy@bionicring.com or write to Bionic Ring, Inc., 1209 Orange Street, Wilmington, Delaware 19801. We will verify your identity before processing requests. Authorised agents may submit requests on your behalf with written permission.

Categories of personal information collected (CCPA categories)

Category A — Identifiers: Name, email address, IP address, account username.
Category B — Personal Records: Physical address, payment information (processed by Stripe; not stored by us).
Category C — Protected Classification Characteristics: Date of birth, biological sex, health information.
Category D — Commercial Information: Purchase history, product preferences.
Category F — Internet Activity: Browsing history on bionicring.com, interactions with our emails and app.
Category H — Biometric Information: Health metrics derived from ring sensors (heart rate, HRV, sleep data, temperature).
Category I — Inferences: Readiness score, recovery score, sleep quality score — derived from biometric data.

Section 15

Changes to this Privacy Policy

We review and update this Privacy Policy regularly. We may change it to reflect new features, new legal requirements, changes to our data practices, or clarifications of existing practices.

When we make material changes — such as processing your data for new purposes, sharing data with new categories of third party, or changing how we handle health data — we will:

Update the "Last reviewed" date at the top of this policy.
Display a banner notice on bionicring.com for a minimum of 30 days.
Send an email notification to all registered Bionic Ring account holders.
Where required by law, seek fresh consent before processing data under the new purposes.

For changes that do not materially affect how we process your data (for example, formatting changes or clarifications), we will update the policy and the "Last reviewed" date without further notice.

Section 16

Contact us & supervisory authorities

If you have any questions, concerns, or complaints about this Privacy Policy or our data practices, please contact our Data Protection Officer. We aim to respond to all enquiries within five working days.

Data Protection Officer

Dr. Elena Vasquez

privacy@bionicring.com
Bionic Ring, Inc.
1209 Orange Street
Wilmington, Delaware 19801, USA

UK Representative (GDPR Art. 27)

Bionic Ring UK Ltd

privacy-uk@bionicring.com
7 Bell Yard
London, WC2A 2JR
United Kingdom

EU Representative (GDPR Art. 27)

Bionic Ring Europe GmbH

privacy-eu@bionicring.com
Rosenheimer Str. 143C
81671 Munich
Germany

Security issues

Security Team

security@bionicring.com
PGP key available at
security.bionicring.com/pgp

Supervisory authorities

If you are not satisfied with our response, you have the right to lodge a complaint with the data protection supervisory authority in your country or region of residence:

United Kingdom: Information Commissioner's Office (ICO) — Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF — Tel: 0303 123 1113
European Union: Your national data protection authority — find your authority at the EDPB member list. Our lead EU supervisory authority is the Bavarian State Office for Data Protection Supervision (BayLDA) as our EU entity is registered in Bavaria, Germany.
United States (California): California Privacy Protection Agency (CPPA)