Privacy Policy

Enermiq App (SaaS)

1. Controller

Enermiq Oy (Business ID: 2849170-2)

Email: info@enermiq.com

This Privacy Policy explains how Enermiq Oy ("Enermiq", "we") processes personal data when a user interacts with the Enermiq App and related online services, including integrations with wearable devices.

Enermiq's principle is to minimise the use of directly identifying personal data and to focus on pseudonymous performance profiles, rather than identifying individual users.

2. Purpose of processing personal data

We process personal data in the Enermiq App for the following purposes:

• Providing and maintaining the service

• creating and managing user accounts (anonymous email accounts are permitted)
• enabling login, security and core functionality

• Building and analysing performance profiles

• evaluating recovery, load and performance capacity
• generating personalised insights, dashboards and analytical outputs

• Integrating wearable and laboratory data

• retrieving data from services the user has authorised (e.g., wearable devices)
• combining such data with questionnaires and information manually entered by the user

• Product development and internal analytics

• improving algorithms and the service
• using pseudonymised and/or aggregated data to develop models

• Compliance with legal obligations and prevention of misuse

3. Categories of personal data processed

Enermiq processes the following categories of data.

3.1 Account and contact data

• Email address
• Password hash or authentication credentials
• Account settings and user preferences

These data are required to create and secure the account and to communicate about the service.

3.2 Pseudonymous profile data

Performance analysis is primarily based on pseudonymous identifiers and simple demographic parameters, such as:

• Internal user ID (random or system-generated)
• Year of birth
• Birth quarter (Q1–Q4)
• Gender
• Start year of using the app or participating in a programme
• Other parameters that do not enable direct identification (e.g., training level)

3.3 Wellness, training and performance data

Data processed may include, for example:

• Sleep duration and sleep stages
• Heart rate, heart rate variability and resting heart rate
• Steps, energy expenditure and activity levels
• Stress and other wellness metrics
• Training data (duration, type, intensity)
• Laboratory test results when provided by the user
• Questionnaire responses about symptoms, wellbeing or recovery

Processing wearable data always requires the user's explicit consent in the respective service.

3.4 Technical and system log data

• IP address and device details
• Login timestamps and key actions
• Error logs and performance measurements

4. Pseudonymisation and separation of data

Enermiq's principle is that we do not need a user's real-world identity to analyse performance.

• Direct identifiers (such as email) are stored separately from analytical datasets.
• Performance models rely on year of birth, birth quarter, gender and other parameters, not names.
• Access to any data linking account data and analytical data is strictly limited.
• Product development uses aggregated or pseudonymised data whenever possible.

5. Sources of data

Data is collected from:

• The user directly

• during account creation and use of the app
• through questionnaires or manually entered data

• Connected wearable services

• Data use is based on the user's consent and granted permissions

• Laboratory services and documents provided by the user

6. Data sharing and transfers

Enermiq does not sell personal data.

Data may be processed or shared in the following circumstances:

1. Service providers (processors)
   We use trusted providers for infrastructure, hosting and analytics. They process data only based on our instructions.
2. Wearable partners
   When a user connects Enermiq to a wearable device, that partner acts as a separate controller for its own service.
3. Legal obligations
   Data may be disclosed if required by law.

Where data is transferred outside the EU/EEA, we apply appropriate safeguards (e.g., standard contractual clauses) when required by law.

7. Data security

We apply appropriate technical and organisational safeguards to protect personal data, including:

• access control and authentication
• encryption of data in transit and at rest where appropriate
• separation of account data from analytical data
• backups and system monitoring

Access to personal data is restricted to Enermiq personnel who require it for their duties and who are bound by confidentiality.

8. Data retention

Personal data is retained only as long as necessary for the purposes described in this notice or as required by law.

• Account data is retained for as long as the account is active and for a reasonable period thereafter.
• Performance and analytical data are retained for as long as the service is provided, or until the data is pseudonymised or anonymised.
• Upon a deletion request, we erase or pseudonymise personal data to the extent permitted by law.

9. Data subject rights

Users have the following rights under applicable data protection laws (such as GDPR):

• Right of access to personal data
• Right to rectification of inaccurate data
• Right to request erasure in certain situations
• Right to restrict processing
• Right to data portability
• Right to object to processing, including profiling, in certain cases
• Right to withdraw consent (e.g., for wearable integrations)

To exercise these rights, contact us at info@enermiq.com. We may need to verify your identity.

Users also have the right to lodge a complaint with a supervisory authority.

10. Other services and separate privacy notices

Please note that Feeleon (feeleon.fi) and other Enermiq Oy products may process data for different purposes and have separate privacy notices.

11. Changes to this Privacy Notice

We may update this Privacy Notice if the service changes or if required by law. The latest version is available within the Enermiq App or on our website.