Privacy Policy & Terms of Service

Privacy Notice

  • Lifesum AB, reg. no. 556729-2841, is a company established in Sweden under Swedish law.
  • LykonDX GmbH, HRB 193238, is a company established in Germany under German law.

Lifesum is a service developed and provided by Lifesum AB and LykonDX GmbH. Lifesum AB and LykonDX GmbH are the joint data controllers, i.e. responsible, for the processing of your personal data when providing the service to you and for complying with applicable data protection laws.

In this Privacy Notice we describe how we at Lifesum and LykonDX collect, use, transfer, maintain and store (collectively "processes") your personal data. Depending on the context, there might be other responsible data controllers that apply to you for other associated services and integrations to Lifesum. This privacy notice explains how we process your personal data in compliance with applicable data protection legislation and what we do to respect your integrity. It is intended for processing activities related to our mobile application, using or accessing our services, and other related interactions.

If you want to know more about our data processing activities, what we do to keep your data safe or to exercise your rights, feel free to contact us at:

Lifesum AB

LykonDX GmbH

  • Postal Address: ℅ Mindspace, Münzstraße 12, 10178 Berlin, Germany
  • E-Mail: support@lykon.com

Lifesum AB and LykonDX as Joint Data Controllers

How does the cooperation take place? Who processes which data and for what purpose?

Lifesum AB and LykonDX GmbH have jointly created this offer and are continuously developing it further. Lifesum AB programs and maintains the app and operates the app servers required for operation. LykonDX is responsible for the provision and evaluation of certain test offers within the app as well as customer support for these test offers. For this purpose, LykonDX also operates servers of the app and integrates the laboratories required for the test evaluation as service providers.

How can I exercise my rights as a data subject?

In accordance with Art. 26 para. 3 EU GDPR, you can assert your rights under the EU GDPR (e.g. right of access to the processed data) with both controllers. The joint controllers work together to ensure and fulfill your rights.

In the interests of efficient processing, we kindly ask you to send any such requests directly to the following email address: contact@lifesum.com

How is the protection of your personal data ensured?

The controllers have taken appropriate technical and organizational measures to ensure the protection of your data. Compliance with these measures has been contractually agreed between the data processors and is continuously monitored.

List of Personal Data Processed

  • Name
  • Email Address
  • Date of Birth
  • Gender
  • Country of Residence
  • Correspondence
  • Images Uploaded
  • User Preferences
  • Account Information
  • Dietary Information
  • Nutrition and Hydration Data
  • Exercise Data
  • Body Measurements
  • Health Questionnaire Responses
  • App Usage and Activity Data
  • User Created Content and Notes
  • Location Data
  • Partner Integration Data
  • Device Data
  • Payment and Financial Data
  • Advertising and Marketing Data
  • Organisation Affiliation (Lifesum for Work or wellness provider subscription)

Data Sources

We obtain personal data directly from you as you install our app and interact with our services. Personal data is also generated internally at Lifesum. Depending on your actions, your personal data could be complemented with personal data from other sources like third-party app integrations.

Purposes of Processing

As a part of our relationship to you as a free user, paying user or a Lifesum for Work or other type of provider subscription, your personal data will be processed for the following purposes:

Account Management

  • Create an account
  • Setup account for social media login (optional)
  • Link user account with stored data
  • Log in to account
  • Retrieve lost accounts
  • Delete account
  • Customize user profile
  • Managing consents
  • Age verification and compliance

Provision of the App:

  • Providing the app
  • Providing third-party integrations with the app
  • Set up the app for personalized recommendations
  • Customize tracking experience
  • Calculate calorie requirements
  • Food search
  • Interpret tracking input with AI
  • Food tracking
  • Exercise tracking
  • Fasting tracking
  • Hydration tracking
  • Habit tracking
  • Sleep tracking
  • Tracking diary
  • Give advice and personalized feedback
  • Day, food, and meal ratings
  • Lifescore & Lifescore questionnaire
  • Share meal
  • Invite friends
  • Create food items, meals and recipes
  • Report incorrect food item
  • Create exercise
  • Monitoring services for misuse
  • Access Lykon test results

Customer Support and Communication with the User:

  • Customer support and communications
  • Answer customer communications
  • Send essential communications
  • Send personalized content and offers
  • Customer communication analytics

Customer Acquisition:

  • Attribute installs to advertisers
  • Target or retarget customers on third-party platforms
  • Ad analytics & performance measurement

Subscriptions, Orders, and Payments:

  • Manage your orders and subscriptions
  • Manage subscriptions
  • Manage customer payments
  • Manage invoices
  • Manage the Lifesum for Work partner or other wellness provider subscriptions
  • Share aggregated statistics with Lifesum for Work Partner

Product Development, Analytics and Research

  • Customer analytics and product development
  • Debugging
  • Product Management
  • User demographic analysis
  • Societal trend research

Lawful bases for processing

As part of our relationship, you may be required to provide us with the personal data necessary for us to be able to provide you with our services. Without this data, we will generally not be able to perform our contract and provide you with the App and its features.

The legal basis for processing your personal data includes your consent, the necessity of processing for us to fulfill our contractual and legal obligations, and the legitimate interests pursued by Lifesum or a third-party.

Our legitimate interests include:

  • Improving Our Services
    • We collect information on how you interact with our services to enhance the experience for you and other users.
    • We enrich search results with AI generated suggestions when no results are found in our database.
  • Customer Acquisition and Analysis
    • We use data to build target groups for marketing.
    • We analyze data to measure the effectiveness of marketing campaigns.
  • Direct Marketing
    • We use data to build profiles and send you personalized offers and promotions related to your usage of our services
    • You may opt out of direct marketing through your app settings or by clicking the unsubscribe link directly from the message
  • Keeping Our Services Secure
    • We analyze interactions with our services to prevent any actions that could harm Lifesum or our users.
  • Supporting our Users
    • We use data about you when you contact us in order to assist you and answer your enquiries.
  • Supporting Lifesum for Work Partners
    • We provide aggregated usage data to Lifesum for Work partners, allowing them to assess if the subscriptions they fund are helping improve their employees’ wellbeing.
  • Market Research and Insights Reports
    • We use aggregated data to spot trends in how people eat, work out, and think about their health.
    • We share reports in our blogs, newsletters, as well as with partners and media

Recipients of the Data

Within the controllers, access to your data is only granted to the respective departments that require it to fulfill the above-mentioned processing purposes. Service providers used by the controllers (so-called processors) may also have access to your data. Contracts for commissioned data processing in accordance with art. 28 EU GDPR ensure that these service providers are bound by instructions of the controllers, and strict obligations to data security and the confidential handling of your data.

The controllers use processors in the following areas

  • for the provision of cloud-based hosting and infrastructure resources,
  • for the provision of payment services,
  • for the provision of AI services in the area of multimodal tracking,
  • for the provision of tools and services for marketing and reach measurement
  • for the evaluation of test kits (partner laboratories)
  • for the provision of tools and services in customer support

Data is forwarded to other recipients if this is required by law or if you have given your prior consent.

Processing of Health Data

To provide you with the core services of the Lifesum app, we need to process data about what you eat, how you exercise, your body measurements, weight goals, and allergies. This data may be considered data concerning health and is as such only processed with your explicit consent. The above data is essential in providing our app and services, as we can not provide the food tracking functionality or give you any recommendations without access to that data.

In addition, data concerning your health may be collected through health questionnaires when you create your account online, when you take our health test, or when you fill in the pre-purchase Lykon questionnaire. This data is, with your explicit consent, used to personalize your experience and provide you with recommendations.

International Data Transfers

To provide our services globally and ensure smooth functionality, we may transfer your personal data outside the European Economic Area (EEA). We take steps to ensure these transfers comply with applicable data protection laws by implementing appropriate safeguards:

  • For transfers to the UK, we rely on the European Commission's adequacy decision, which confirms that the UK provides an equivalent level of data protection as the EEA.
  • For data transfers to the U.S., we use the EU-U.S. Data Privacy Framework where applicable. In other cases, we rely on Standard Contractual Clauses (SCCs) or Binding Corporate Rules (BCRs) approved by the European Commission to ensure an adequate level of data protection.

Optional Third-Party Integrations

If you use an external platform to authenticate and access the Services, such as Facebook Login or Google Auth, Lifesum will collect and process certain personal information from these applications, including your username, full name, profile picture, country, hometown, email address, date of birth, and gender.

Additionally, if you link your Lifesum account with a third-party application to track food intake, exercise, hydration, sleep, or step count data—such as Apple HealthKit, Google Health Connect, Fitbit, Withings, Oura, Runkeeper, or Garmin—Lifesum may exchange or process data with these applications to facilitate the requested integration. Please review each third-party's privacy policy to understand how they handle and protect your data.

  • When you grant us permissions to read your exercise, nutrition, calorie, or steps data from a third-party application, we can use it to automatically populate your diary view, to include it in calculations of your calorie balance and weekly Lifescore recommendations.
  • When you grant us permission to read your sleep data from a third-party application, we can use it to visualize how the quality of your sleep relates to your nutrition and exercise.
  • When you grant us permission to write nutrition and hydration data to a third-party application, this lets you leverage Lifesum’s user interface and food database for tracking what you eat and drink into several systems at once.

Profiling

There is no profiling in accordance with art. 22 para. 1 and 4 EU GDPR.

Retention Periods

Lifesum will retain the personal data for as long as necessary to fulfill the stated purposes, or if we have a legal obligation to retain the data. When it is no longer necessary to retain the personal data, we will either delete or anonymise it. We periodically review the necessity to keep personal data, and if your account has been inactive, we will delete or anonymise the data after a period of five (5) years after you have been persistently inactive on the Lifesum Services.

If you delete your account, exercise your rights for relevant personal data, or opt out from processing relating to direct marketing, we will cease storing and processing your personal data for those purposes, if necessary. It could be necessary for us to process the relevant personal data for a longer time due to legal obligations or if the invoked data protection right is not applicable or absolute (e.g. for bookkeeping purposes).

Children

If you are under the age of 13 or your country’s age of digital consent, whichever is higher, you are not allowed to submit any personal data through our Services. Further, we encourage parents and legal guardians to monitor their children’s Internet use and to help us in enforcing our Privacy Policy by instructing their children to never provide any personal data through our Service without their permission. If you become aware that a child under the age of 13 or their country’s digital age of consent has submitted personal data to us, please contact us at https://lifesum.com/contact.

Your rights

As Lifesum processes your data within the scope of the GDPR, you have the following rights as the data subject:

  • The right to be informed about the processing of your data.
  • The right to access a copy of the personal data we hold about you.
  • The right to correct any inaccuracies in your data.
  • The right to withdraw your consent where processing is based on consent.
  • The right to request deletion of your personal data ("right to be forgotten").
  • The right to request restrictions on the processing of your data.
  • The right to object to certain processing activities.
  • The right to data portability, allowing you to obtain and reuse your data across different services.
  • The right to lodge a complaint with a supervisory authority.

To exercise your rights or if you have a complaint about the way we process your personal data, you can always reach out to us at contact@lifesum.com. Account deletion and withdrawal of consents can also be done from the account settings page within the app. If you need to reach our data protection officer, you can do so at dpo@lifesum.com.

Version: 11