Privacy Policy

**Effective Date:** September 2, 2025  
**Last Updated:** September 2, 2025

### 1. Introduction
Welcome to Body Byte, your comprehensive fitness and wellness companion. We are committed to protecting your privacy and being transparent about how we collect, use, and protect your personal information. This Privacy Policy explains our data practices for the Body Byte mobile application ("Body Byte"), our website at bodybyte.ai, and related services (collectively, the "Service").

**Who We Are:** Body Byte is a fitness application that provides users with tools to log and analyze nutritional data, record physical exercise, track body metrics, and monitor their progress over time. It offers features like personalized workout plans, nutrition tracking, progress monitoring, and wellness coaching to help users achieve their health and fitness goals.

**Scope of This Policy:** This policy applies to all users of Body Byte's services, including free trial users (7-day standard trial and 14-day promotional trial), monthly and annual subscribers, and website visitors.

**Your Rights:** Reading this Privacy Notice will help you understand your privacy rights and choices. If you do not agree with our policies and practices, please do not use our Services.

### 2. Information We Collect
We collect information to provide you with personalized fitness experiences and improve our services. This information comes from what you provide, what we collect automatically, and what we receive from third-party sources.

#### 2.1 Information You Provide Directly
When you register, use our Services, or contact us, you may provide us with the following personal information:
*   **Account and Profile Information:** names, email addresses, usernames, mailing addresses, phone numbers, contact preferences, and passwords. You may also optionally provide a profile photo.
*   **Health and Fitness Data:** Date of birth, age, gender, height, weight, body measurements, fitness experience level, fitness goals (e.g., weight loss, muscle gain), workout preferences, exercise limitations, and physical activity data (e.g., exercises performed, sets, reps, weights, duration, frequency).
*   **Nutrition and Wellness Data:** Dietary preferences and restrictions, meal logs, hydration levels, sleep metrics, and stress levels.
*   **Sensitive Information:** With your consent, we may process sensitive information such as health data, biometric data, and information revealing race or ethnic origin.
*   **Subscription and Payment Information:** Subscription plan details, billing addresses, debit/credit card numbers, and transaction history. All payment data is handled by our processor, Chargebee.
*   **Communication Data:** Information from support tickets, app feedback, community forum posts, and marketing preferences.

#### 2.2 Information Collected Automatically
When you use our Services, we automatically collect certain technical and usage information:
*   **Log and Usage Data:** IP address, browser and device characteristics, operating system, language preferences, referring URLs, and information about your activity in the Services (e.g., features used, pages viewed, searches).
*   **Device and Technical Information:** Device type, model, operating system, mobile device identifiers (like IDFA or Android ID), app version, network connection type, and screen resolution.
*   **Location Data:** With your permission, we may collect precise or imprecise location data from your device using GPS and other technologies to support features like outdoor workout tracking. You can disable this in your device settings.

#### 2.3 Information from Third-Party Integrations and Other Sources
We may collect data from other sources to enhance our services:
*   **Health Platform Connections:** With your consent, we connect with services like Apple HealthKit, Google Fit/Health Connect, and Samsung Health to sync data such as steps, heart rate, sleep, and workouts.
*   **Wearable Devices and Fitness Equipment:** We may integrate with data from wearables (Fitbit, Garmin, Polar, Apple Watch), connected gym equipment, and smart scales.
*   **Social and External Services:** If you connect your social media account (e.g., Facebook, X) or other third-party apps (e.g., MyFitnessPal, Strava), we will receive profile information based on your privacy settings on those platforms.
*   **Public and Marketing Sources:** We may obtain information from public databases, marketing partners, and data providers for purposes of targeted advertising and service personalization.

### 3. How We Use Your Information
We process your information to provide, improve, and administer our Services for a variety of reasons.

#### 3.1 Core Fitness and Wellness Services
*   **AI-Powered Personalization:** Generate personalized workout plans and nutrition guidance using our AI models based on your goals and progress.
*   **Progress Tracking and Analysis:** Monitor your fitness journey, track biometric changes, analyze recovery patterns, and provide detailed insights.
*   **Injury Prevention and Habit Formation:** Identify overtraining risks, suggest modifications, and support the development of consistent health habits.

#### 3.2 Service Administration and Support
*   **Account Management:** Facilitate account creation, authentication, and management.
*   **Subscription Management:** Process payments, manage trial periods, and control access to premium features.
*   **Customer Support:** Respond to your inquiries, request feedback, and solve potential issues with the Service.
*   **User-to-User Communications:** Enable communication between users if you choose to use such features.

#### 3.3 Product Development, Security, and Legal Compliance
*   **App Improvement and Research:** Analyze usage trends to enhance features, improve our AI algorithms with aggregated, anonymized data, and optimize app performance.
*   **Safety and Security:** Protect our Services through fraud monitoring, content moderation, and prevention of unauthorized access.
*   **Legal and Vital Interests:** Comply with legal obligations, respond to lawful requests, and protect the vital interests of any individual, such as preventing harm.

### 4. Artificial Intelligence-Based Products
Our Services include features powered by artificial intelligence and machine learning ("AI Products"), such as predictive analytics, automation, insights, and image analysis. We provide these tools through third-party service providers, including Amazon Web Services (AWS) AI, ElevenLabs, DeepSeek, Google Cloud AI, Hugging Face, and OpenAI. Your input and personal information will be shared with these providers to enable your use of our AI Products.

### 5. Legal Basis for Processing
We only process your personal information when we have a valid legal reason to do so under applicable law.

*   **Performance of a Contract:** We process data necessary to fulfill our contractual obligations to you, such as providing the core features of your subscription.
*   **Legitimate Interests:** We process information to improve our services, prevent fraud, and ensure security, provided these interests do not outweigh your rights and freedoms.
*   **Consent:** For specific purposes like marketing communications, location tracking, processing sensitive data, and non-essential cookies, we rely on your consent, which you can withdraw at any time.
*   **Legal Obligations:** We may process your information to comply with laws, tax requirements, or regulatory obligations.
*   **Vital Interests:** We may process data to protect your safety or the safety of others, such as in situations involving potential threats.
*   **Canadian Residents:** For users in Canada, we may process your information with your express or implied consent. In some exceptional cases, we may be legally permitted to process your information without consent (e.g., for fraud detection or to identify an injured person).

### 6. Information Sharing and Disclosure
We do not sell your personal information. We may share your data in the following specific situations and with the following categories of third parties who perform services for us:
*   **Essential Service Providers:**
    *   **Cloud Infrastructure & Data Storage:** AWS, Google Cloud
    *   **AI Platforms:** OpenAI, Google Cloud AI, AWS AI, and others
    *   **Data Analytics & Performance Monitoring:** Google Analytics, Mixpanel
    *   **Payment Processing:** Stripe, Apple Pay, Google Pay, Chargebee
    *   **Communication & Customer Support:** Zendesk, Intercom, Firebase, OneSignal
*   **Health and Fitness Integration Partners:** We share data with platforms like Apple HealthKit, Google Health Connect, and wearable device manufacturers only with your explicit consent.
*   **Business Transfers:** In the event of a merger, sale of company assets, or acquisition, your information may be transferred. We will provide notice and ensure continued privacy protection.
*   **Legal and Safety Requirements:** We may disclose information to comply with legal processes, protect our rights and user safety, prevent fraud, and respond to emergencies.
*   **Anonymized Research Data:** We may share aggregated, anonymized data for academic, public health, or industry research. No personally identifiable information is shared for these purposes.
*   **Other Users:** When you share personal information in public areas of the Services (e.g., community forums), it may be viewed by all users.

### 7. Data Retention and Security
#### 7.1 How Long We Keep Your Data
We keep your information only for as long as necessary to fulfill the purposes outlined in this policy unless a longer period is required by law.
*   **Active Account Data:** Retained while your account is active. No purpose will require keeping your personal information for longer than 24 months past the termination of your account.
*   **Anonymized Data:** Once your account is terminated, we may anonymize your information and store it in backup archives for analysis or research until deletion is possible.
*   **Payment Information:** Retained for the period required by financial regulations (e.g., 7 years).

#### 7.2 Data Security Measures
We have implemented appropriate technical and organizational security measures to protect your personal information.
*   **Encryption:** All data is encrypted in transit (TLS 1.3) and at rest (AES-256).
*   **Access Controls:** We use role-based access controls and multi-factor authentication for employees.
*   **Infrastructure Security:** Our cloud infrastructure is SOC 2 compliant and undergoes regular audits.
*   **Incident Response:** We have 24/7 monitoring and a rapid response plan for security threats.
However, no electronic transmission or storage technology is 100% secure, so we cannot guarantee absolute security.

### 8. Your Privacy Rights and Controls
You have rights that allow you greater access to and control over your personal information.

#### 8.1 In-App Privacy Controls
*   **Profile and Data Management:** Update your personal information, goals, and communication preferences.
*   **Data Sharing and Location:** Control integrations with health platforms and enable/disable GPS tracking.
*   **Analytics Opt-Out:** In some cases, you may be able to disable usage analytics and crash reporting.

#### 8.2 Regional Privacy Rights
Depending on your location, you may have the following rights:
*   **GDPR (EU/EEA/UK) and other Regions (Switzerland, Canada):** You have the right to access, rectify, or erase your personal information; restrict or object to processing; and data portability. You also have the right to withdraw consent and lodge a complaint with your local data protection authority.
*   **US State Residents (e.g., California, Colorado, Virginia):** You have the right to know what personal information is collected, to access, correct, and delete your data, and to opt out of the "sale" or "sharing" of your data for targeted advertising. California's "Shine The Light" law permits residents to request information about disclosures for direct marketing purposes.

#### 8.3 How to Exercise Your Rights
The easiest way to exercise your rights is by logging into your account settings, submitting a data subject access request via our website, or contacting us at `[email protected]`. We will verify your identity before processing your request and act upon it in accordance with applicable laws. You may also be able to designate an authorized agent to make a request on your behalf.

#### 8.4 Controls for Do-Not-Track Features
Most web browsers include a Do-Not-Track ("DNT") feature. As no uniform technology standard for DNT has been finalized, we do not currently respond to DNT browser signals.

### 9. International Data Transfers
Body Byte operates globally, and our servers are located in the United States. Your information may be transferred to, stored, and processed in countries other than your own. We ensure adequate protection for your data through measures like EU Standard Contractual Clauses and our Binding Corporate Rules (BCRs), which have been recognized by EEA and UK data protection authorities.

### 10. Special Considerations for Health Data
*   **Medical Disclaimer:** Body Byte provides fitness guidance, not medical advice, diagnosis, or treatment. Always consult a healthcare professional for medical concerns. Body Byte is not a "covered entity" under HIPAA.
*   **Consent Management:** We obtain granular, explicit consent for collecting and sharing different types of health data. You can revoke these permissions at any time through your account settings.

### 11. Children's Privacy
Our Services are designed for users who are at least 18 years of age. We do not knowingly collect data from or market to children under 18. If we learn that we have collected personal information from a user under this age, we will deactivate the account and take reasonable measures to delete the data.

### 12. Cookies and Tracking Technologies
We use cookies, pixels, and similar technologies to maintain security, save preferences, and for analytics and advertising.
*   **Types of Cookies:** We use essential, analytics, preference, and marketing cookies.
*   **Control Options:** You can manage your preferences through your browser settings, device settings (e.g., iOS App Tracking Transparency), and our in-app settings. We may also share information with Google Analytics; to opt out, visit their opt-out page.

### 13. Updates to This Privacy Policy
We may update this Privacy Policy from time to time. The updated version will be indicated by a revised "Last Updated" date. For material changes, we may notify you by posting a notice or sending a notification. We encourage you to review this policy frequently.

### 14. Contact Information and Support
If you have questions or comments about this policy, you may contact our Data Protection Officer (DPO) or our privacy team.

*   **General Privacy Questions:** `[email protected]`
*   **Data Protection Officer (DPO):** `[email protected]`
*   **Security Concerns:** `[email protected]`
*   **Mailing Address:**
    Body Byte
    Data Protection Officer
    [Company Address]
    [City, State ZIP Code]
    [Country]t)