Privacy Policy

Date of creation: September 15, 2025

Introduction

Limitless, acting as data controller, places great importance on the protection of your personal data and is committed to complying with applicable data protection laws in Belgium, including Regulation (EU) 2016/679 or General Data Protection Regulation (hereinafter "GDPR").

This policy aims to provide you with the information required under the GDPR and to reassure you that Limitless manages and protects your data in compliance with existing legislation.

What data do we collect?

In the course of our activities, we collect and use your personal data to provide services tailored to your needs.

Category
Identification and contact data
Details
• Account information: first name, last name, phone number, gender, email address, password, date of birth, ID card number, VAT number
• Profile information
• Communications: information provided to customer support (phone number, messages sent, emails, and other communications).
Health data
• Health status
• Test results: blood test results
• Information and reports generated by the AI tool.
Financial and transactional data
• Bank account number.
Direct marketing data
• Contact details and information for managing the business relationship (requests for documentation or information, source of request, exchanges, and comments).
• Preferences regarding the receipt of commercial communications.
Service usage data
• Device information: device type, unique device identifiers, mobile network information.
Cookies and similar technologies
• Browsing information: IP address, browser type, operating system, entry/exit pages, path data, dates and times of visits (if consent to cookies is given).
→ See our Cookie Policy for more information.
Contact and communication data
• Contact and exchange data: date/time of messages, message content, date/time of calls.
• Online chat usage: date/time, message content, voice messages, and files sent.

For what purposes do we use your data?

Limitless processes your personal data for the following purposes. For each purpose, we indicate the legal basis for processing, as well as the retention period (or the criteria used to determine it).

Purpose of processing
Legal basis
Retention period
Creation and management of a member account
Contract performance
5 years after account closure
Analysis and reporting (blood test reports)
Contract performance and, where required, your consent
Until the end of the legal retention period or withdrawal of consent
Generation of personalized recommendations
Contract performance
5 years after account closure
Well-being recommendations (nutrition, sleep, physical activity)
Contract performance
5 years after platform use ends
Customer relationship management and inquiries
Legitimate interest in managing our relationship with you
Duration necessary to process your request
Billing management
Legal obligation
10 years after contract termination
Satisfaction surveys and other questionnaires
Legitimate interest in understanding your satisfaction
Duration necessary for the survey
Direct marketing operations
Your consent for electronic communications
Until consent is withdrawn or you object
Complaint and dispute management
Contract performance and legal obligations
Until the expiration of all legal remedies
Handling GDPR rights requests
Legal obligation
Up to 5 years after your request
Management of cookies and trackers
Consent when required; legitimate interest in providing a functional site
Cookie choices retained for 6 months
Service support and security
Legitimate interest in ensuring support and security
Up to 5 years after platform use

International data transfers

Your personal data is not transferred outside the European Union.

Your data protection rights

In accordance with the GDPR and applicable regulations, you have the following rights:

Right
Description
Right to information
To be informed of the collection and use of your data.
Right to access
To obtain a copy of your personal data.
Right to rectification
To request correction of inaccurate or incomplete data.
Right to erasure
To request deletion of your data in certain cases.
Right to restriction of processing
To request limitation of processing in certain cases.
Right to data portability
To receive your data in a structured format or request its transfer to a third party, under certain conditions.
Right to object
To object to the processing of your data, including for marketing purposes.
Right to withdraw consent
To withdraw your consent at any time where processing is based on it.
Right to lodge a complaint
With a competent supervisory authority.

To exercise these rights, please contact us at: contact@limitless.today

How do we secure your data?

Limitless implements strict technical and organizational measures to protect your personal data against unauthorized access, loss, or disclosure.

  • Technology partners: Supabase (database), Vercel (web hosting), Brevo (email delivery), Crisp (customer support), and Stripe (payments).
  • All providers comply with GDPR and act as data processors.
  • Encryption: TLS encryption in transit and encryption at rest according to each provider’s standards.
  • Restricted access: Only authorized team members can access data, using multi-factor authentication and least-privilege policies.
  • Secure payments: We never store your banking information. Payments are tokenized and handled exclusively by Stripe (PCI DSS certified).
  • Continuous protection: Security mechanisms include request rate limiting, DDoS protection, access logging, and monitoring.

Who are the recipients of your personal data?

Your personal data may be shared with:

  • Limitless’ subcontractors involved in data processing;
  • Authorized Limitless personnel, on a need-to-know basis;
  • External healthcare professionals and biological analysis laboratories, when necessary

Cookies

We use cookies to track activity on our services and store certain information. Cookies are small files containing a limited amount of data (which may include a unique identifier).

You can configure your browser to refuse all cookies or to notify you when a cookie is being sent. You can also set your preferences directly through our cookie management platform.

For more information, please see our Cookie Policy.

Changes to this Privacy Policy

We may update our Privacy Policy to reflect changes in legislation, regulation, or our data processing practices. We will inform you of any updates by publishing the revised Privacy Policy on this page and updating the effective date at the top of the document.

Contact Us

If you have any questions regarding this Privacy Policy or our data practices, please contact us at: contact@limitless.today

Have a question? Reach out anytime, we’d love to hear from you.
Get in touch
Contact us
2025 © Limitless
Privacy policy
Cookies policy
Terms of use
Terms & conditions
Linkedin Icon