Privacy Notice


Lifesum AB, reg. no. 556729-2841, is a company established in Sweden under Swedish law.
LykonDX GmbH, HRB 193238, is a company established in Germany under German law.

Lifesum is a service developed and provided by Lifesum AB and LykonDX GmbH. Lifesum AB and LykonDX GmbH are the joint data controllers, i.e. responsible, for the processing of your personal data when providing the service to you and for complying with applicable data protection laws.

In this Privacy Notice we describe how we at Lifesum and LykonDX collect, use, transfer, maintain and store (collectively "process") your personal data. Depending on the context, there might be other responsible data controllers that apply to you for other associated services and integrations to Lifesum. This privacy notice explains how we process your personal data in compliance with applicable data protection legislation and what we do to respect your integrity. It is intended for processing activities related to our mobile application, using or accessing our services, and other related interactions.

If you want to know more about our data processing activities, what we do to keep your data safe or to exercise your rights, feel free to contact us at:

Lifesum AB
Postal Address: Repslagargatan 17B, 118 46 Stockholm, Sweden.
E-Mail: contact@lifesum.com

LykonDX GmbH
Postal Address: ℅ Mindspace, Münzstraße 12, 10178 Berlin, Germany
E-Mail: support@lykon.com

Lifesum AB and LykonDX as Joint Data Controllers

How does the cooperation take place? Who processes which data and for what purpose?

Lifesum AB and LykonDX GmbH have jointly created this offer and are continuously developing it further. Lifesum AB programs and maintains the app and operates the app servers required for operation. LykonDX is responsible for the provision and evaluation of certain test offers within the app as well as customer support for these test offers. For this purpose, LykonDX also operates servers of the app and integrates the laboratories required for the test evaluation as service providers.

How can I exercise my rights as a data subject?

In accordance with Art. 26 para. 3 EU GDPR, you can assert your rights under the EU GDPR (e.g. right of access to the processed data) with both controllers. The joint controllers work together to ensure and fulfill your rights.

In the interests of efficient processing, we kindly ask you to send any such requests directly to: contact@lifesum.com

How is the protection of your personal data ensured?

The controllers have taken appropriate technical and organizational measures to ensure the protection of your data. Compliance with these measures has been contractually agreed between the data processors and is continuously monitored.

List of Personal Data Processed

  • Name
  • Email Address
  • Date of Birth
  • Gender
  • Country of Residence
  • Correspondence
  • Images Uploaded
  • User Preferences
  • Account Information
  • Dietary Information
  • Nutrition and Hydration Data
  • Exercise Data
  • Body Measurements
  • Health Questionnaire Responses
  • App Usage and Activity Data
  • User Created Content and Notes
  • Location Data
  • Partner Integration Data
  • Device Data
  • Payment and Financial Data
  • Advertising and Marketing Data
  • Organisation Affiliation (Lifesum for Work or wellness provider subscription)

Data Sources

We obtain personal data directly from you as you install our app and interact with our services. Personal data is also generated internally at Lifesum. Depending on your actions, your personal data could be complemented with personal data from other sources like third-party app integrations.

Purposes of Processing

As a part of our relationship to you as a free user, paying user or a Lifesum for Work or other type of provider subscription, your personal data will be processed for the following purposes:

Account Management

  • Create an account
  • Setup account for social media login (optional)
  • Link user account with stored data
  • Log in to account
  • Retrieve lost accounts
  • Delete account
  • Customize user profile
  • Managing consents
  • Age verification and compliance

Provision of the App

  • Providing the app
  • Providing third-party integrations with the app
  • Set up the app for personalized recommendations
  • Customize tracking experience
  • Calculate calorie requirements
  • Food search and food tracking
  • Exercise, fasting, hydration, habit, and sleep tracking
  • Tracking diary, AI input interpretation, personalized feedback
  • Share meal, invite friends, create meals and recipes
  • Monitoring misuse, access Lykon test results

Customer Support and Communication

  • Answer customer communications
  • Send essential and personalized content
  • Customer communication analytics

Customer Acquisition

  • Attribute installs to advertisers
  • Target or retarget on third-party platforms
  • Ad analytics and performance

Subscriptions, Orders, and Payments

  • Manage orders and payments
  • Invoices and subscriptions
  • Partner reporting and statistics

Product Development, Analytics and Research

  • Customer and product analytics
  • Debugging and user demographic analysis
  • Societal trend research

Lawful Bases for Processing

The legal basis includes your consent, contractual necessity, legal obligations, and Lifesum’s or a third party’s legitimate interests such as:

  • Improving our services and user experience
  • Marketing and direct communication (with opt-out)
  • Security and fraud prevention
  • Supporting Lifesum for Work partners with aggregated data

Recipients of the Data

Access is limited to departments needing it. Processors are bound by data protection contracts per Art. 28 EU GDPR. Processors include:

  • Cloud hosting and infrastructure
  • Payment service providers
  • AI and multimodal tracking providers
  • Marketing and analytics services
  • Test kit laboratories
  • Customer support tools

Processing of Health Data

Processed with your explicit consent. Includes food, exercise, body metrics, and test responses. Essential for personalized app experience.

International Data Transfers

Data may be transferred outside EEA with safeguards: UK adequacy, EU-U.S. DPF, SCCs, or BCRs.

Optional Third-Party Integrations

We may collect data from platforms like Google, Facebook, Apple Health, Fitbit, etc., with your consent. This enables syncing and analysis of your health and lifestyle metrics.

Profiling

No automated profiling under Art. 22 GDPR.

Retention Periods

Data is kept as long as needed. Inactive accounts are anonymized or deleted after 5 years. You may request deletion or opt out any time.

Children

No data from children under 13 or your country’s digital age of consent. Contact us if this occurs.

Your Rights

  • Right to be informed
  • Right to access
  • Right to rectification
  • Right to withdraw consent
  • Right to erasure
  • Right to restriction
  • Right to object
  • Right to data portability
  • Right to lodge a complaint

To exercise your rights, email us at contact@lifesum.com. To delete your account or withdraw consent, visit your account settings. You can also contact our DPO at dpo@lifesum.com.