Bio Vera

Privacy Policy

Last updated: January 2026

1. Introduction and Data Controller

Bio Vera ("we", "our", "us", or "Company") is committed to protecting your privacy and personal data. This Privacy Policy explains in detail how we collect, use, process, disclose, and safeguard your information when you use our platform, mobile applications, and related services (collectively, the "Service").

Data Controller: Bio Vera, with headquarters in Germany, is the data controller responsible for the processing of your personal data. For the purposes of the General Data Protection Regulation (GDPR) and other applicable data protection laws, we are the entity that determines the purposes and means of processing your personal data.

By using the Service, you acknowledge that you have read and understood this Privacy Policy and agree to the collection, use, and disclosure of your information as described herein. If you do not agree with this Privacy Policy, please do not use the Service.

2. Information We Collect

We collect various types of information from and about users of our Service, including:

2.1. Information You Provide Directly

  • Account Information: Full name, email address, phone number, business name, tax identification numbers, partner codes, and other registration information
  • Profile Information: Profile photos, biographical information, years of experience, generation information, and other profile data you choose to provide
  • Location Data: GPS coordinates for farms, estates, parcels, delivery locations, and real-time location tracking during transport missions
  • Financial Information: Payment method details, bank account information, transaction history, payment preferences, and tax information
  • Transaction Data: Purchase history, order details, delivery information, product specifications, pricing agreements, and contract terms
  • Content Data: Photos, documents, certificates, field entries, compliance records, quality reports, and other content you upload or submit
  • Communication Data: Messages, inquiries, support requests, and other communications you send to us
  • Certification Data: GlobalG.A.P. certificates, organic certifications, compliance records, and other regulatory documentation

2.2. Information Collected Automatically

  • Usage Data: How you interact with our platform, pages visited, features used, time spent, click patterns, and navigation paths
  • Device Information: Device type, operating system, browser type, device identifiers, mobile network information, and device settings
  • Log Data: IP addresses, access times, error logs, crash reports, and system activity logs
  • Location Information: GPS coordinates, location history, route data, and geofencing information
  • Sensor Data: Temperature readings, humidity levels, and other environmental data from IoT sensors
  • Performance Data: App performance metrics, loading times, and technical diagnostics

2.3. Information from Third Parties

  • Payment Processors: Transaction confirmations and payment status from our payment service providers
  • Logistics Partners: Delivery confirmations, transport status, and location updates
  • Certification Bodies: Certification status and compliance records from third-party certifiers
  • Service Providers: Analytics data, marketing information, and other data from our service providers

3. How We Use Your Information and Legal Basis

We process your personal data for the following purposes and based on the legal bases indicated:

3.1. Service Provision (Contract Performance)

  • Create and manage your account, authenticate your identity, and provide access to the Service
  • Process transactions, orders, payments, and delivery confirmations
  • Facilitate communication between growers, suppliers, logistics partners, and buyers
  • Provide traceability services, quality assurance, and compliance tracking
  • Enable logistics coordination, route optimization, and delivery management
  • Generate digital passports, certificates, and documentation
  • Send transaction confirmations, order updates, and service-related communications

Legal Basis: Performance of contract, legitimate interest

3.2. Compliance and Legal Obligations

  • Comply with applicable laws, regulations, and legal processes
  • Respond to government requests, court orders, and regulatory inquiries
  • Enforce our Terms of Service and other agreements
  • Protect our rights, property, and safety, as well as that of our users and third parties
  • Maintain records for tax, accounting, and regulatory compliance purposes
  • Comply with food safety regulations, agricultural standards, and export control laws

Legal Basis: Legal obligation, legitimate interest

3.3. Service Improvement (Legitimate Interest)

  • Monitor and analyze usage patterns, trends, and performance metrics
  • Improve, optimize, and enhance the Service functionality and user experience
  • Develop new features, products, and services
  • Conduct research and analytics to understand user behavior
  • Detect, prevent, and address technical issues, security threats, and fraudulent activity
  • Ensure platform security, integrity, and availability

Legal Basis: Legitimate interest

3.4. Marketing and Communications (Consent)

  • Send marketing communications, newsletters, and promotional materials (with your consent)
  • Provide information about new features, products, and services
  • Conduct surveys, research, and user feedback collection
  • Personalize content and advertising based on your preferences

Legal Basis: Consent (you may withdraw at any time)

4. Information Sharing and Disclosure

We do not sell your personal data. We may share your information only in the following limited circumstances:

4.1. Service Providers and Business Partners

We may share your information with trusted third-party service providers who perform services on our behalf, including:

  • Payment Processors: To process payments and manage financial transactions
  • Cloud Storage Providers: To store and manage data securely
  • Analytics Services: To analyze usage patterns and improve our Service
  • Email Service Providers: To send communications and notifications
  • Logistics Partners: To coordinate deliveries and track shipments
  • Certification Bodies: To verify compliance and manage certifications
  • IT Service Providers: To maintain and support our technical infrastructure

All service providers are contractually obligated to protect your information and use it only for the purposes we specify.

4.2. Business Transfers

In the event of a merger, acquisition, reorganization, bankruptcy, or sale of assets, your information may be transferred to the acquiring entity. We will notify you of any such change in ownership or control of your personal information.

4.3. Legal Requirements

We may disclose your information if required to do so by law or in response to valid requests by public authorities, including:

  • Court orders, subpoenas, or other legal processes
  • Government or regulatory agency requests
  • To comply with applicable laws, regulations, or legal obligations
  • To protect our rights, property, or safety, or that of our users or others
  • To investigate potential violations of our Terms of Service
  • To detect, prevent, or address fraud, security, or technical issues

4.4. With Your Consent

We may share your information with third parties when you explicitly consent to such sharing, such as when you authorize sharing with specific business partners or when you participate in optional features that require data sharing.

4.5. Traceability and Public Information

For traceability purposes, certain product information (origin, journey, certifications) may be visible to buyers through QR codes and digital passports. However, sensitive personal information such as exact farm locations, personal contact details, and financial information are protected and not disclosed in public traceability features.

5. Data Security and Protection Measures

We implement comprehensive technical and organizational security measures designed to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:

  • Encryption: Data encryption in transit (TLS/SSL) and at rest (AES-256) for sensitive information
  • Access Controls: Role-based access controls, multi-factor authentication, and regular access reviews
  • Network Security: Firewalls, intrusion detection systems, and regular security audits
  • Secure Infrastructure: Hosting on secure, compliant cloud infrastructure with regular security updates
  • Data Backup: Regular automated backups with encrypted storage and disaster recovery procedures
  • Employee Training: Regular security awareness training for all employees and contractors
  • Incident Response: Established procedures for detecting, responding to, and reporting security incidents
  • Vulnerability Management: Regular security assessments, penetration testing, and vulnerability remediation

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee absolute security. You are responsible for maintaining the confidentiality of your account credentials and for all activities that occur under your account.

6. Your Rights Under GDPR and Other Data Protection Laws

If you are located in the European Economic Area (EEA), United Kingdom, or other jurisdictions with similar data protection laws, you have the following rights regarding your personal information:

6.1. Right of Access

You have the right to obtain confirmation as to whether we process your personal data and to access your personal data, including copies of the data we hold about you. You may request this information by contacting us at privacy@biovera.app.

6.2. Right to Rectification

You have the right to request correction of inaccurate or incomplete personal data. You can update most of your information directly through your account settings, or contact us to request corrections.

6.3. Right to Erasure ("Right to be Forgotten")

You have the right to request deletion of your personal data in certain circumstances, such as when the data is no longer necessary for the original purpose, you withdraw consent, or the data has been unlawfully processed. However, we may retain certain information as required by law or for legitimate business purposes (e.g., transaction records for tax compliance).

6.4. Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller, where technically feasible.

6.5. Right to Object

You have the right to object to processing of your personal data based on legitimate interests or for direct marketing purposes. We will stop processing your data unless we can demonstrate compelling legitimate grounds that override your interests.

6.6. Right to Restrict Processing

You have the right to request restriction of processing of your personal data in certain circumstances, such as when you contest the accuracy of the data or object to processing.

6.7. Right to Withdraw Consent

Where processing is based on consent, you have the right to withdraw your consent at any time. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

6.8. Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority, particularly in the EU member state of your habitual residence, place of work, or place of the alleged infringement, if you believe that our processing of your personal data violates applicable data protection laws.

6.9. Exercising Your Rights

To exercise any of these rights, please contact us at privacy@biovera.app. We will respond to your request within one month (or two months for complex requests). We may require verification of your identity before processing your request. In some cases, we may charge a reasonable fee if your request is manifestly unfounded or excessive.

7. Data Retention and Deletion

We retain your personal information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. Our retention periods are based on:

  • Active Accounts: While your account is active and for a reasonable period thereafter
  • Transaction Records: At least 7 years for financial and tax records, as required by law
  • Traceability Data: Indefinitely for product traceability and compliance purposes, as required by food safety regulations
  • Legal Claims: For the duration of any legal proceedings or potential legal claims
  • Regulatory Compliance: As required by applicable laws, regulations, or industry standards
  • Contract Performance: For the duration of any contracts and a reasonable period thereafter

When personal data is no longer needed, we will securely delete or anonymize it in accordance with our data retention policies and applicable law. You may request deletion of your data at any time, subject to legal and contractual obligations.

8. Children's Privacy

Our Service is not intended for, and we do not knowingly collect personal information from, children under 18 years of age. If you are under 18, you must not use the Service or provide any personal information to us.

If we become aware that we have collected personal information from a child under 18 without verifiable parental consent, we will take steps to delete such information immediately. If you believe we have collected information from a child under 18, please contact us immediately at privacy@biovera.app.

9. International Data Transfers and Safeguards

Your information may be transferred to and processed in countries other than your country of residence, including countries outside the European Economic Area (EEA) that may not have the same data protection laws as your country. These transfers may occur for the purposes described in this Privacy Policy, including service provision, data storage, and business operations.

When we transfer personal data outside the EEA, we ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses: European Commission approved contractual clauses that ensure adequate protection
  • Adequacy Decisions: Transfers to countries with adequacy decisions by the European Commission
  • Binding Corporate Rules: Internal policies ensuring consistent data protection standards
  • Certification Schemes: Participation in recognized data protection certification programs

By using the Service, you consent to the transfer of your information to countries outside your country of residence, including countries that may not provide the same level of data protection as your home country.

10. Data Breach Notification

In the event of a personal data breach that is likely to result in a high risk to your rights and freedoms, we will notify you and the relevant supervisory authority without undue delay, and in any event within 72 hours of becoming aware of the breach, where feasible.

Our breach notification will include: (a) the nature of the breach, (b) the categories and approximate number of data subjects affected, (c) the likely consequences of the breach, and (d) the measures we have taken or propose to take to address the breach.

11. Automated Decision-Making and Profiling

We may use automated decision-making, including profiling, in certain circumstances, such as:

  • Route optimization for logistics partners
  • Price calculation and market analysis
  • Fraud detection and prevention
  • Quality assessment and compliance scoring

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you, unless such processing is necessary for entering into or performance of a contract, is authorized by law, or is based on your explicit consent.

12. Marketing Communications

With your consent, we may send you marketing communications about our products, services, and promotions. You can opt-out of receiving marketing communications at any time by:

  • Clicking the "unsubscribe" link in any marketing email
  • Updating your communication preferences in your account settings
  • Contacting us at privacy@biovera.app

Please note that even if you opt-out of marketing communications, we may still send you service-related communications, such as transaction confirmations, account updates, and important notices about the Service.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other reasons. We will notify you of any material changes by:

  • Posting the updated Privacy Policy on this page with a new "Last updated" date
  • Sending an email notification to the address associated with your account (for material changes)
  • Displaying a prominent notice on the Service (for significant changes)

Your continued use of the Service after any changes to this Privacy Policy constitutes your acceptance of the updated policy. If you do not agree with the changes, you should stop using the Service and may request deletion of your account.

14. Contact Us and Data Protection Officer

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Bio Vera
Email: privacy@biovera.app
Legal: legal@biovera.app

For users in the EEA, you also have the right to contact your local data protection authority if you have concerns about how we handle your personal data.