HomeObesity & LongevityFood SafetyAbout usContactApp
de en

Data Privacy

Data Privacy Policy


Thank you for your interest in our website and our products. Protecting your personal data during collection, processing, and use is an important concern for us.


1. Collection and Use of Personal Data

We collect and process personal data to operate our website and Nutrion™ services effectively. This includes:


1.1 Website and Newsletter Data

  • Website Hosting: Our website is hosted by Hoststar, a Swiss-based hosting provider. Hoststar operates data centers in Austria, Germany, and Switzerland, ensuring compliance with Swiss and EU data protection laws.
  • Log Data: When you visit our website, we collect connection data such as IP addresses, browser type, previous pages visited, and system configuration. IP addresses are stored for a maximum of 7 days to detect and prevent cyber threats.
  • Cookies & Tracking: We use cookies for essential website functions, analytics, and marketing purposes. Users can manage cookie preferences through their browser settings. We use CookieRobot to manage cookies and ensure compliance with applicable regulations. CookieRobot helps categorize and control cookies for essential website functionality, analytics, and marketing purposes, allowing users to adjust their preferences accordingly. We also use Google Analytics to analyze website traffic and improve user experience. Google Analytics may collect information such as your IP address, browser type, and interactions with our website. You can opt out of Google Analytics tracking by adjusting your browser settings or using Google's opt-out tools.
  • Newsletter Subscription (Mailchimp): If you sign up for our newsletter, we collect email addresses and track email open rates and link clicks to optimize our communications. We use Mailchimp to manage our newsletters. Your data is stored on Mailchimp servers, and their data protection policies apply. You can unsubscribe at any time by using the link in the newsletter.


1.2 Nutrion™ Device Data

With Nutrion, we collect and process personal data through the Nutrion breath detector hardware, the Nutrion Core smartphone app for end users, and the Nutrion Insights web platform for group administrators. This data is used to provide insights into fat metabolism and enhance user experience.

  • Breath sample data (acetone concentration in the breath) uploaded to our cloud for analysis
  • Timestamps of measurements
  • Device identifiers and technical usage data
  • Account-related data (e.g., email, preferences)
  • Manually entered diary entries such as meals, activities, and weight

We retain breath data and manually entered diary entries (meals, activities, and weight) for as long as your account remains active to provide you with continuous insights. If you decide to delete your account, your data will be anonymized and archived, meaning it will no longer be linked to your identity. You can request a digital copy of your data before account deletion. Certain data may be retained for administrative or legal compliance purposes where required.

If users belong to a group (e.g., research teams, fitness or longevity clubs), the group administrator may access individual and aggregated breath data, timestamps, and usage activity. Administrators can view, analyze, download, and export this data. Users cannot manually revoke administrator access after joining a group. However, Alivion or the group administrator can remove a user from the group upon request by the user, after which their account and data will no longer be visible to the group administrator. To ensure data removal from a group administrator’s records, users must request deletion directly from them.


1.3 Legal Basis for Processing Personal Data

We process your personal data in accordance with Swiss and European data protection laws (including GDPR Article 6). The legal bases for processing depend on the specific purpose of data collection:

  • Consent (Art. 6(1)(a) GDPR) – When you subscribe to our newsletter, accept cookies, or provide optional data (e.g., diary entries in the Nutrion™ Core app), we rely on your explicit consent. You can withdraw your consent at any time.
  • Contractual necessity (Art. 6(1)(b) GDPR) – When you create a Nutrion™ account, purchase a product, or use our services, we process your data because it is necessary to fulfill our contractual obligations (e.g., providing breath analysis, delivering orders).
  • Legal obligation (Art. 6(1)(c) GDPR) – Certain data must be retained to comply with legal requirements, such as invoice records for tax authorities.
  • Legitimate interest (Art. 6(1)(f) GDPR) – In some cases, we process data to improve our services or enable specific platform features. This includes allowing group administrators to manage users within the Nutrion™ Insights platform and ensuring platform security.

If the legal basis for processing changes, we will notify users in accordance with applicable regulations.


2. Disclosure of Personal Data to Third Parties

We share personal data only when necessary and in compliance with relevant data protection laws.


2.1 International Data Transfers

Some of our service providers, such as Mailchimp, may process personal data outside Switzerland and the European Economic Area (EEA), including in the United States. To ensure compliance with Swiss and EU data protection laws, we rely on safeguards such as the EU-U.S. Data Privacy Framework (DPF) and Standard Contractual Clauses (SCCs) approved by the European Commission.


2.2 Third-Party Service Providers

We engage trusted third-party service providers to support our business operations, including:

  • Cloud Storage & IT Infrastructure: Data is securely stored and processed using Microsoft Azure data centers located in Europe, compliant with Swiss and EU data protection regulations.
  • Analytics & Website Tracking: We use Google Analytics to analyze website traffic and improve our services.
  • Email & Marketing Services: We use Mailchimp to manage our newsletters and communications.
  • Shipping & Order Fulfillment: When you purchase a physical product, we collect necessary personal data (e.g., name, shipping address) to fulfill your order. We work with various shipping providers depending on your location and shipping method. These providers are contractually obligated to handle your data securely and in compliance with applicable regulations.


2.3 Legal Compliance & Other Disclosures

We may disclose personal data:

  • When legally required, such as to comply with court orders or regulatory obligations.
  • To protect our rights, investigate fraud, or ensure the security of our services.
  • To group administrators, where applicable, as outlined in Section 1.2 Nutrion™ Device Data.


3. Children’s Privacy & Age Restrictions

Our services are not intended for children under 16 (or 13 where applicable). We do not knowingly collect personal data from minors. However, in cases where group administrators use Nutrion™ with minors (e.g., for research purposes), it is their responsibility to ensure compliance with applicable laws, including obtaining parental or guardian consent where required. If we become aware that a minor has used our services without proper authorization, we will take steps to delete their data.


4. Automated Decision-Making & Profiling

We do not use automated decision-making or profiling that has legal or significant effects on users. All insights provided by Nutrion™ Core and Nutrion™ Insights are informational only, and users retain full control over how they interpret and act on the data.


5. Security & Incident Response

We implement industry-standard security measures, including:

  • Encrypted transmission of sensitive data
  • Secure storage in Microsoft Azure data centers
  • Regular security audits and updates

If a data breach occurs:

  • We assess its severity and identify affected data within 48 hours.
  • We notify affected users within 72 hours, unless security investigations require a delay.
  • We inform relevant regulatory authorities if required by law.
  • We implement corrective security measures to prevent future breaches.


6. Your Rights

Under applicable Swiss and European data protection laws, you have certain rights regarding the personal data we process. Below, we explain these rights and how you can exercise them.

To prevent misuse, we will only send copies of your data to the email address registered in our system. If you wish to receive your data at a different email address or by postal mail, we may require additional identity verification. We maintain records of completed requests for documentation purposes. In the event of a request for deletion, we will anonymize the data and log the request in an administrative record.


Right to Access

You have the right to request a copy of the personal data we store about you. This includes an overview of the categories of data we process, the purposes for processing, and the recipients of this data. You can request this information by contacting us, and we will respond within 30 days.


Right to Rectification

If any of your personal data is incorrect or incomplete, you can request that we correct or update it. Once your request is validated, we will make the necessary changes and confirm the update.


Right to Erasure (“Right to Be Forgotten”)

You have the right to request that we delete your personal data from our records. If you request account deletion, your data will be anonymized and archived, meaning it will no longer be linked to you. However, certain data may need to be retained for administrative or legal compliance reasons.


Right to Restriction of Processing

You may request that we restrict the processing of your data in certain cases, such as when you contest the accuracy of your data or object to its processing. While processing is restricted, your data will only be stored but not actively processed.


Right to Data Portability

If you request, we can provide you with a copy of your data in a machine-readable format so that you can transfer it to another service provider. If technically feasible, we can also transmit your data directly to another provider upon your request.


Right to Object

You have the right to object to our processing of your personal data when it is based on legitimate interests. If you exercise this right, we will evaluate whether our reasons for processing override your rights and freedoms.


Right to Withdraw Consent

If you have provided consent for us to process your personal data, you may withdraw this consent at any time. Withdrawal does not affect the lawfulness of processing based on consent before its withdrawal.


Right to Lodge a Complaint

If you believe that we are processing your personal data unlawfully, you have the right to file a complaint with the relevant data protection authority in your jurisdiction.

To exercise any of these rights, please contact us via email at info@alivion.ch or by postal mail at the address provided below. We will respond to your request within 30 days.


7. Contact Information

Alivion AG
Flughofstrasse 42
8152 Glattbrugg, Switzerland
Phone: +41 41 511 46 71
Email: info@alivion.ch

If you have concerns regarding data protection, you may also contact the relevant supervisory authority in your jurisdiction.


This privacy policy is subject to updates. Significant changes will be communicated in advance where required by law.

Last updated: March 2025