Privacy Policy
Effective Date: February 19, 2026
BodyBioLog ("we," "us," or "our") operates the BodyBioLog mobile application (the "App"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our App.
1. Information We Collect
a. Account Information
When you create an account, we collect your name, email address, and encrypted password. If you are assigned a role (client or coach), we store that designation.
b. Health & Wellness Data
With your consent, we collect and store health-related data you provide or that is synced from connected devices, including but not limited to:
- Nutrition data (meals, macros, calories, dietary preferences)
- Body metrics (weight, body composition)
- Sleep data (hours, quality scores, deep/REM sleep)
- Heart data (HRV, resting heart rate, average heart rate)
- Activity data (steps, active calories, workout logs, GPS routes)
- Recovery and readiness scores
- Lab results and biomarkers
- Protocol items (supplements, medications, dosages)
- Progress photos
c. Wearable Device Data
If you connect a wearable device (Oura Ring, WHOOP, Apple Watch, Garmin, or similar), we access data from those platforms via their APIs using tokens you provide. We store this data to display your metrics within the App. We do not share your wearable tokens with any third party.
d. Apple Health / Health Connect
On iOS, we may request access to Apple HealthKit data. On Android, we may request access to Health Connect data. This data is read on-device and stored in your account. We do not sell or share HealthKit or Health Connect data with third parties for advertising or data mining purposes, in compliance with Apple and Google policies.
e. Communications
Messages exchanged between clients and coaches within the App are stored on our servers to provide the messaging feature. We do not read your messages for advertising purposes.
f. Photos
If you upload progress photos or workout photos, they are stored securely using Supabase Storage. Photos are associated with your account and are only visible to you and your assigned coach (if applicable).
2. How We Use Your Information
We use the information we collect to:
- Provide, maintain, and improve the App
- Display your health metrics, trends, and progress
- Enable coach-client communication and protocol management
- Generate AI-powered nutrition insights and recommendations
- Sync and display data from your connected wearable devices
- Send in-app reminders for protocol items
- Respond to your requests and provide customer support
3. Third-Party Services
We use the following third-party services to operate the App:
- Supabase — Database, authentication, and file storage. Your data is stored in Supabase's infrastructure with row-level security policies.
- OpenAI — AI-powered nutrition analysis. When you use the AI Nutrition Coach feature, meal descriptions and/or photos may be sent to OpenAI's API for analysis. OpenAI's data usage policy applies to this processing. No personally identifiable information (name, email) is sent with these requests.
- Oura — If you connect your Oura Ring, we access Oura's API using your Personal Access Token to retrieve your health metrics.
- Open Food Facts — Barcode scanning uses the Open Food Facts public database to look up nutritional information.
4. Data Storage & Security
Your data is stored using Supabase with row-level security (RLS) policies that ensure users can only access their own data. Sensitive data such as wearable tokens is stored in the database and cached locally on your device using AsyncStorage for performance.
We use industry-standard security measures to protect your data. However, no method of electronic storage is 100% secure, and we cannot guarantee absolute security.
5. Data Retention
We retain your data for as long as your account is active. If you delete your account, we will delete your personal data within 30 days, except where retention is required by law. Cached data on your device can be cleared by uninstalling the App.
6. Your Rights
Depending on your jurisdiction, you may have the following rights:
- Access — Request a copy of your personal data
- Correction — Request correction of inaccurate data
- Deletion — Request deletion of your account and data
- Portability — Request your data in a machine-readable format
- Opt-Out — Disconnect wearable devices or revoke permissions at any time
To exercise any of these rights, contact us at the email listed below.
7. California Privacy Rights (CCPA)
If you are a California resident, you have the right to know what personal information we collect, request deletion of your data, and opt out of the sale of personal information. We do not sell your personal information to third parties.
8. European Privacy Rights (GDPR)
If you are located in the European Economic Area, our legal basis for processing your data is your consent (which you provide when creating an account and connecting devices) and the performance of our contract with you. You have the right to withdraw consent at any time by disconnecting devices or deleting your account.
9. Children's Privacy
The App is not intended for use by children under the age of 16. We do not knowingly collect personal information from children under 16. If we discover that we have collected data from a child under 16, we will delete it promptly.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of any changes by updating the "Effective Date" at the top of this page and, where appropriate, through in-app notification.
11. Contact Us
If you have questions about this Privacy Policy or wish to exercise your data rights, contact us at:
Email: privacy@bodybiolog.com