← Back to Home

Privacy Policy (GDPR)

How Metastate Bio and Taraftech UG process personal and genetic data for the DNA Metabolic Action Report.

Controller (data controller):
Taraftech UG (haftungsbeschrankt)
Herzogstrasse 26, 66953 Pirmasens, Germany
Email: info@metastate.bio
Phone: +49 (0)6331 4913 896

Contact for privacy requests:privacy@metastate.bio (or info@metastate.bio)

Last updated: March 5, 2026

1. Overview

This Privacy Policy explains how we process personal data when you use Metastate Bio websites and services, including purchase and upload of a DNA file for report generation. Genetic data is sensitive and treated accordingly.

2. Categories of data we process

  • Account and contact data: name, email address, billing details
  • Payment data: transaction metadata processed by payment providers
  • Uploaded DNA data: SNP raw data file (genetic data)
  • Report data: generated analysis output
  • Technical data: IP address, browser/device information, logs
  • Consent data: cookie and analytics consent choices

3. Purposes of processing

  • Provide the service, generate and deliver your report
  • Communicate about delivery, support, and updates
  • Handle payments, invoicing, and accounting
  • Secure and improve website and service operations
  • Comply with legal obligations

4. Legal bases (GDPR)

  • Art. 6(1)(b) GDPR (contract)
  • Art. 6(1)(c) GDPR (legal obligation)
  • Art. 6(1)(f) GDPR (legitimate interests for security and fraud prevention)
  • Art. 6(1)(a) GDPR (consent for optional analytics)
  • Art. 9(2)(a) GDPR (explicit consent for genetic data)

5. Data retention

  • DNA file and analysis inputs: deleted after 30 days from report delivery, unless deletion is requested earlier
  • Generated report: retained for 12 months for re-download support, unless deletion is requested earlier
  • Invoices and accounting records: retained as required by German law (up to 10 years)

6. Data recipients and processors

  • Hosting and infrastructure: AWS cloud infrastructure used by Metastate Bio
  • Payment processing: PayPal for checkout and payment transaction handling
  • Analytics: Google Analytics, only after consent
  • Email operations: business email services used to deliver operational communication

7. International transfers

If a provider processes data outside the EU/EEA, we apply appropriate safeguards such as Standard Contractual Clauses.

8. Security measures

  • Access control and least-privilege access
  • TLS encryption in transit
  • Secure storage and audit logging
  • Retention minimization and deletion workflows

9. Cookies and analytics

We use essential cookies and local storage to operate the site. With consent, we use Google Analytics to understand website performance. Consent can be changed from the GDPR banner choices.

10. Your rights

You have rights under GDPR, including access, rectification, deletion, restriction, portability, objection where applicable, and withdrawal of consent.

11. Supervisory authority

You can lodge a complaint with the relevant data protection authority in Germany.

12. Changes

We may update this policy. The latest version is published on this page with the updated date.