Privacy Policy

aessence GmbH ("aessence", "we", "us") operates the website aessence.com and the aessence* supplement personalisation service. Our registered address is listed in the Imprint. For questions about this policy, contact privacy@aessence.com.

We collect the following categories of personal data:

• Account data — email address, hashed password, account creation date.
• Quiz data — health-related inputs such as age, weight, height, fitness goals, sleep quality, and stress level. This is special-category health data processed with your explicit consent.
• Order and subscription data — subscription tier, billing status, renewal dates. Payment card details are processed by Stripe and never stored on our servers.
• Check-in data — weekly self-reported metrics (supplement adherence, workout days, sleep, energy).
• Usage data — anonymised analytics (page views, feature usage) via server-side logging.

• Contract performance — to deliver your personalised supplement formula and process orders.
• Explicit consent — to process your health-related quiz data (Art. 9(2)(a) GDPR).
• Legitimate interests — to prevent fraud, improve our service, and communicate relevant product updates.
• Legal obligation — to comply with accounting and tax regulations.

• Generate and update your personalised supplement recommendations.
• Process payments and manage your subscription via Stripe.
• Send transactional emails (order confirmations, shipping updates) via Resend.
• Display your progress dashboard (Potential tab, Check-in history).
• Comply with legal obligations (invoicing, tax records).

We do not sell your data. We share data only with:

• Stripe — payment processing (EU-based servers, SCCs in place).
• Supabase — database and authentication (EU region).
• Resend — transactional email delivery.
• Our fulfilment partner — name and shipping address only, for order dispatch.

Account and order data is retained for 7 years to meet German commercial law requirements (§ 257 HGB). Quiz and check-in data is retained for the duration of your account. You may request deletion at any time via privacy@aessence.com or from within your account settings.

• Access, correct, or delete your personal data.
• Withdraw consent for health-data processing at any time.
• Request data portability in a machine-readable format.
• Object to processing based on legitimate interests.
• Lodge a complaint with your local supervisory authority (in Germany: the relevant Landesbeauftragter für den Datenschutz).

We use only essential session cookies required for authentication. We do not use advertising or tracking cookies. You can manage or clear cookies in your browser settings at any time.

We may update this policy periodically. Material changes will be communicated by email or via an in-app notice at least 14 days before they take effect.