top of page

MyBya LLC Privacy Policy

Effective Date: July 18, 2025
 

Last Updated: July 18, 2025

MyBya LLC (“MyBya,” “we,” “our,” or “us”), based in Pennsylvania, USA, is committed to protecting the privacy of our users (“Users,” “you,” or “your”). This Privacy Policy governs the collection, use, maintenance, and disclosure of information collected through our websites, mobile applications, and related services (collectively, the “Services”), including www.mybya.com and our mobile apps available on the Apple App Store and Google Play Store. By using our Services, you signify your acceptance of this Privacy Policy. If you do not agree, please do not use the Services.

This Privacy Policy applies to all Services offered by MyBya but excludes services with separate privacy policies or third-party websites, applications, or services linked from our Services. MyBya is not a healthcare provider and is not subject to the Health Insurance Portability and Accountability Act (HIPAA) unless explicitly stated otherwise.

 

 

1. When This Privacy Policy Applies

This Privacy Policy applies to all data collected through our Services, including our websites, mobile applications, and related platforms. It does not cover:

  • Services offered by other companies or individuals, including third-party sites linked from our Services.

  • Information practices of third parties that advertise or interact with our Services.

  • Information you choose to share publicly or with third parties outside our Services.

 

 

2. Terms of Service

By accessing or using our Services, you agree to be bound by MyBya’s Terms of Service (the “Agreement”). Please review the Agreement carefully, as it forms a legally binding contract between you and MyBya. If you do not accept the Agreement, you must not use the Services.

 

 

3. Information We Collect

We collect information to provide and improve our Services, including Personal Information (data that can identify you) and Non-Personal Information (data that cannot identify you). We may collect the following types of information:

Personal Information

  • Registration Information: Name, email address, time zone, and login credentials (e.g., password) when you create an account.

  • Workout and Health Data: Data such as workout duration, intensity, location, route, heart rate, blood lactate levels (via compatible devices), height, weight, sex, age, ethnicity, diet, and other self-reported fitness or biometric information.

  • Payment Information: Billing details (e.g., credit card or bank account information) processed through secure third-party payment processors.

  • Social Media Information: If you link your social media accounts, we may collect profile details or activity data, with your consent.

  • User Content: Information provided through surveys, forms, comments, or communications with us, such as feedback or customer support inquiries..

  • Biomarker Data (if applicable): Biomarker data uploaded by you 

Non-Personal Information

  • Analytical Information: Device data (e.g., browser type, operating system, IP address, mobile device identifiers) and interactions with our Services (e.g., pages viewed, links clicked).

  • Clickstream Data: Navigation details, such as pages visited, time spent, and referring websites.

  • Aggregated Data: De-identified data used for analytics, such as user demographics or usage patterns.

We may combine Non-Personal Information with Personal Information to improve our Services. If combined, such information will be treated as Personal Information under this Privacy Policy.

 

 

4. How We Use Personal Information

We use your Personal Information for the following purposes, consistent with applicable laws and your consent where required:

  • Service Delivery: To provide, operate, and personalize the Services, including fitness tracking, workout analysis, and personalized recommendations.

  • Transaction Processing: To process payments, confirm orders, and deliver products or services.

  • Customer Support: To respond to inquiries, provide support, and address service-related issues.

  • Personalization: To tailor your experience, such as customizing workout plans or content based on your data.

  • Analytics and Improvement: To analyze usage patterns, improve our Services, and develop new features, using de-identified or aggregated data where possible.

  • Marketing and Communications: With your consent, to send promotional emails, newsletters, or notifications about offers, events, or third-party products that may interest you. We do not use genetic or blood biomarker data for marketing.

  • Legal Compliance: To comply with applicable laws, regulations, or legal processes, such as responding to subpoenas or protecting against fraud.

  • Research: With your explicit consent, to use de-identified blood biomarker data for scientific research to advance training, exercise, fitness, wellness, and nutrition knowledge.

We will not use your Personal Information for purposes other than those listed above without your consent or as required by law.

 

 

5. Legal Basis for Processing

We process Personal Information based on the following legal grounds:

  • Contract Performance: To fulfill our obligations under the Agreement (e.g., providing Services or processing payments).

  • Consent: For specific purposes, such as marketing, research, or processing sensitive data like blood biomarker information.

  • Legitimate Interests: For purposes like improving Services, preventing fraud, or ensuring network security, provided these interests do not override your rights.

  • Legal Obligation: To comply with applicable laws or regulations.

For sensitive data (e.g., health, biometric, or biomarker information), we rely on your explicit consent, which you may withdraw at any time.

 

 

6. Your Failure to Provide Personal Information

Providing certain Personal Information is necessary to use our Services. If you choose not to provide required information, you may not be able to access or use all features of the Services.

 

 

7. Retention of Personal Information

We retain your Personal Information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, comply with legal obligations (e.g., IRS requirements for transaction records up to 7 years), or resolve disputes. If you close your account, we will delete your Personal Information, except for de-identified data used in ongoing research (with your prior consent) or limited transaction data required for compliance. Data that cannot be fully deleted for technical reasons will be anonymized to prevent further use.

 

 

8. Sharing Personal Information

We may share your Personal Information in the following circumstances:

  • Affiliates and Service Providers: With our affiliates or third-party service providers (e.g., payment processors, analytics providers, wearable devices) to support our Services, under contracts ensuring confidentiality and limited use.

  • Third-Party Integrations: With third-party apps or devices (e.g., Apple Health, Garmin, social media platforms) if you enable sharing, subject to their privacy policies.

  • Legal Requirements: To comply with laws, regulations, or legal processes, or to protect the rights, safety, or property of MyBya, LLC, our Users, or the public.

  • Business Transfers: In connection with a merger, acquisition, or sale of assets, ensuring the recipient uses your data consistent with this Privacy Policy.

  • With Your Consent: For additional purposes disclosed at the time of collection or with your explicit approval.

We have not sold Personal Information in the past 12 months and will not sell it without your consent.

 

 

9. Your Privacy Choices

You have the following rights regarding your Personal Information, subject to applicable laws:

  • Access: Request a copy of your Personal Information.

  • Correction: Request correction of inaccurate or outdated information.

  • Deletion: Request deletion of your Personal Information, subject to legal or contractual obligations.

  • Opt-Out: Opt out of marketing communications or certain data uses (e.g., research).

  • Data Portability: Request a portable copy of your Personal Information.

  • Restrict Processing: Request restrictions on how we process your data in certain cases.

  • Withdraw Consent: Withdraw consent for processing where consent is the legal basis.

To exercise these rights, contact us at info@mybya.com. We will verify your identity before processing your request and respond within 45 days (or longer if permitted by law). For marketing emails, you can unsubscribe using the link provided in each email.

 

 

10. Privacy Rights Specific to California Residents

Under the California Consumer Privacy Act (CCPA), California residents have additional rights:

  • Right to Know: Request details about the categories and specific pieces of Personal Information we collect, use, or share.

  • Right to Delete: Request deletion of your Personal Information, subject to exceptions (e.g., completing transactions or legal compliance).

  • Right to Opt-Out of Sale: Opt out of the sale of your Personal Information (note: we do not sell Personal Information).

  • Non-Discrimination: We will not discriminate against you for exercising your CCPA rights.

To make a CCPA request, contact us at privacy@mybya.com. We will respond within 45 days, as required by law.

 

 

11. Privacy Rights Specific to European Union Residents

Under the General Data Protection Regulation (GDPR), EU residents have the following rights:

  • Right to Be Informed: Be informed about how we use your Personal Information (as detailed in this Privacy Policy).

  • Right of Access: Request a copy of your Personal Information.

  • Right of Correction: Request correction of inaccurate or outdated data.

  • Right to Erasure: Request deletion of your data when it is no longer necessary, subject to legal obligations.

  • Right to Restrict Processing: Request restrictions on data processing in certain cases.

  • Right to Data Portability: Request a portable copy of your data.

  • Right to Object: Object to certain uses of your data, such as direct marketing.

  • Right to Avoid Automated Decision-Making: Avoid decisions based solely on automated processing that significantly affect you.

  • Right to Complain: Lodge a complaint with a supervisory authority (e.g., the Irish Data Protection Commission or your local authority).

To exercise these rights, contact us at privacy@mybya.com. We may verify your identity and respond within one month, as required by GDPR.

 

 

12. Cookies and Tracking Technologies

We use cookies, web beacons, and similar technologies to enhance your experience and analyze usage:

  • Strictly Necessary Cookies: Enable core functionality, such as logging in or processing payments.

  • Analytical/Performance Cookies: Track visitor numbers and behavior to improve our Services.

  • Targeting Cookies: Deliver relevant ads based on your interests, with your consent.

You can manage cookies through your browser settings, but disabling them may limit Service functionality. For more information, visit www.aboutcookies.org or opt-out via www.aboutads.info or www.youronlinechoices.eu (for EU residents). We do not respond to “Do Not Track” signals, as there is no industry consensus on their meaning.

 

 

13. International Transfers

MyBya is based in Pennsylvania, USA, and your Personal Information may be processed and stored in the United States or other countries where we or our service providers operate. These jurisdictions may have different data protection laws than your country. We implement safeguards (e.g., standard contractual clauses) to ensure your data is protected in accordance with this Privacy Policy.

 

 

14. How We Protect Your Information

We use industry-standard security measures (e.g., encryption, firewalls, SSL/HTTPS) to protect your Personal Information. However, no method of transmission or storage is 100% secure, and we cannot guarantee absolute security. You are responsible for safeguarding your password and notifying us at privacy@mybya.com of any unauthorized access. We will notify you of any data breaches as required by law.

 

 

15. Children’s Privacy

Our Services are not intended for users under 13. We do not knowingly collect Personal Information from children under 13 (or the equivalent age in your jurisdiction). If we learn we have collected such information, we will delete it promptly. Parents or guardians can contact us at info@mybya.com to request deletion of a minor’s data.

 

 

16. Third-Party Links

Our Services may contain links to third-party websites or services, which have their own privacy policies. We are not responsible for their practices or content. Review their policies before sharing information.

 

 

17. Changes to This Privacy Policy

We may update this Privacy Policy periodically. Significant changes will be communicated via email, on our website, or through the Services. Your continued use of the Services after changes signifies your acceptance of the updated policy.

 

 

18. Contact Us

For questions, concerns, or to exercise your privacy rights, contact us at:

Email: info@mybya.com

bottom of page