Privacy Policy for Stabilyn products

This Privacy Policy explains how Stabilyn, presented through sproutbackao.world, handles personal data when you browse, purchase, or interact with habit-support products and related educational materials. It applies to customers in Denmark, the wider European Economic Area, and other regions where our digital goods are accessible, unless a stricter local rule explicitly overrides a provision described here.

Last updated: . The policy focuses on product delivery, customer communications, and service improvement. It does not describe clinical services because Stabilyn products are educational resources rather than regulated healthcare offerings.

Data controller and contact

The data controller responsible for processing personal data in connection with Stabilyn products is the Stabilyn team operating sproutbackao.ddd. You may contact us regarding privacy matters using the channels listed on the Contact page, including postal correspondence to Antwerpengade 5, 2150 København, Denmark, and the dedicated electronic contact path published there. When you exercise rights described below, include enough detail for us to verify your identity proportionately to the request.

Categories of personal data

Depending on how you engage with Stabilyn products, we may process identifiers such as your name, email address, phone number when you provide it voluntarily, postal address for physical shipments, payment-related references supplied by payment partners, purchase history, consent records, communication content you send through forms, technical logs including IP address, browser type, device identifiers, timestamps, and cookie identifiers as described in the Cookies Policy. We avoid collecting sensitive categories of data through product purchase flows. If you voluntarily disclose health-related context in a message, we treat it as correspondence and limit internal access.

Purposes and legal bases

We process data to perform contracts for digital downloads, live sessions, and printed Stability Kits, including fulfillment, invoicing where applicable, customer support, fraud prevention, and account-related communication. This processing relies on Article 6(1)(b) GDPR performance of a contract and, where necessary, Article 6(1)(f) legitimate interests in securing transactions and maintaining service quality. Where consent is required for optional marketing or non-essential cookies, we rely on Article 6(1)(a) GDPR and ask you to opt in clearly. Legal obligations, such as bookkeeping or responding to lawful authority requests, may require processing under Article 6(1)(c) GDPR.

Product-specific processing

For the Digital Stability Primer, we process your email address to deliver download links, license refresh communications, and security notices about expired URLs. For Monthly Habit Review Sessions, we process scheduling data, video platform identifiers if used, and session notes you agree to store. For the Printed Stability Kit, we process shipping details, carrier tracking references, and delivery confirmations. Product analytics are limited to aggregated usage of download portals where technically feasible, avoiding unnecessary profiling.

Retention

We retain purchase records, invoices, and tax documentation for the period required by Danish bookkeeping rules, typically five to ten years depending on record type. Marketing consent logs remain until you withdraw consent. Support tickets may be retained for twenty-four months after the last related message unless a dispute requires longer retention. Download access logs rotate on a regular schedule designed to reduce identifiability while preserving security forensics for a limited window.

Recipients and transfers

We use infrastructure providers, email delivery services, payment processors, and shipping partners who process data on our instructions under Article 28 GDPR agreements. Some providers may be located outside the EEA; when that occurs, we implement appropriate safeguards such as Standard Contractual Clauses and supplementary measures where required by supervisory guidance. A summary of categories of recipients is available upon request.

Your rights

Subject to conditions in the GDPR, you may request access, rectification, erasure, restriction of processing, data portability, and objection to processing based on legitimate interests. You may withdraw consent at any time without affecting the lawfulness of processing before withdrawal. You may lodge a complaint with Datatilsynet in Denmark or another competent supervisory authority in your place of residence or work.

Security measures

We apply access controls, encryption in transit for modern connections, vendor due diligence, and staff guidance limiting data use to operational necessity. No system is perfectly secure; we encourage you to use unique passwords for accounts you create with us and to report suspected incidents promptly.

Children

Stabilyn products are designed for adults capable of entering contracts. We do not knowingly market to children below the age of digital consent in their jurisdiction. If you believe we collected a child’s data inadvertently, contact us for prompt deletion.

Updates to this policy

We may revise this Privacy Policy to reflect product changes, legal requirements, or organizational structure. Material updates will be communicated through sproutbackao.world or direct email when appropriate. Continued use of paid services after notice may constitute acceptance where contractually permitted; for consent-based processing, we will seek fresh consent when necessary.

For questions specifically about how Stabilyn handles product data, contact us through the Contact page on sproutbackao.ddd.