Privacy Policy

Binqo Labs AB, registered in Stockholm, Sweden, is the controller of personal data processed when you use binqo.eu, our applications, or related services (collectively, the "Service"). You can reach us at privacy@binqo.eu.

• Account data: name, email address, profile photo, password hash, workspace memberships, and role.
• Wellbeing data: self-reported energy and stress check-ins, ritual sessions, chronotype, and work-style preferences you choose to record.
• Calendar data: meeting titles, times, attendee counts, and free/busy data when you connect Google Calendar or another provider.
• Wearable data: aggregated heart-rate variability, recovery score, sleep performance, and strain when you connect a wearable provider.
• Technical data: IP address, device and browser type, language, session timestamps, and crash diagnostics.
• Cookies and similar technologies: see our Cookie Policy.

• Contract (Art. 6(1)(b) GDPR): to deliver the Service you signed up for, including authentication, workspace collaboration, and ritual scheduling.
• Legitimate interests (Art. 6(1)(f)): securing the Service, preventing abuse, and improving features. We balance these against your rights.
• Consent (Art. 6(1)(a) and Art. 9(2)(a)): for sensitive wellbeing and biometric data, optional analytics cookies, and marketing communications. You can withdraw consent at any time.
• Legal obligation (Art. 6(1)(c)): tax, accounting, and responses to lawful requests.

We never sell personal data. We share it only with vetted processors acting on our instructions: cloud hosting (EU regions where possible), authentication, email delivery, error monitoring, and customer support tooling. A current sub-processor list is available on request.

Managers and workspace admins see aggregated, anonymised wellbeing trends only (minimum cohort size of five). Individual energy or stress responses are never shown to anyone but you.

Where data is transferred outside the EU/EEA, we rely on Standard Contractual Clauses and additional safeguards as required by Schrems II.

• Account data: until you delete your account, then 30 days grace period.
• Wellbeing check-ins: 24 months rolling, then deleted.
• Calendar metadata: 90 days rolling.
• Technical logs: 30 days.

Under GDPR you have the right to access, rectify, erase, restrict, or port your data, and to object to processing. You can also lodge a complaint with your local supervisory authority (in Sweden: Integritetsskyddsmyndigheten, IMY). Email privacy@binqo.eu to exercise any right; we respond within 30 days.

We use TLS in transit, encryption at rest, role-based access control, row-level security on every table, audit logging, and least-privilege staff access. No system is perfectly secure; we will notify affected users and regulators of any qualifying breach within 72 hours.

The Service is not directed to children under 16 and we do not knowingly collect their data.

We will post material changes here and, where appropriate, notify you in-product or by email at least 14 days before they take effect.

Binqo Labs AB · Stockholm, Sweden · privacy@binqo.eu