Privacy Policy

This Privacy Policy explains how BodyPlan Limited (we, us, our) collects and uses your personal data. We are the data controller for the purposes of the UK GDPR and the Data Protection Act 2018. Our registered office is at 71-75 Shelton Street, Covent Garden, London, United Kingdom, WC2H 9JQ. Company number 07893705. BodyPlan is a registered trademark in the UK and USA.

What we collect

• Account details: email, name (if provided).
• Profile and training data: goals, equipment, scheduling, workouts, and body stats you log.
• Usage and technical data: device/browser information, log data, cookies.
• Support communications and feedback.
• Optional images you upload (e.g., progress photos or body photos for AI analysis).
• Body composition estimates derived from photos (e.g., body fat % and muscle mass %).
• Special category data (health-related) only where you choose to provide it (e.g., weight or body composition). We process this with your explicit consent.

How we use your data

• Provide and personalise the service, including AI‑assisted workout planning.
• Process photos you upload for AI body composition estimates.
• Enforce safety rules for AI photo uploads (e.g., quality checks, single-adult requirement).
• Operate your account, authenticate access, and maintain security.
• Analyse usage to improve features and reliability.
• Communicate service updates and respond to support requests.
• Comply with legal obligations and enforce our terms.

Social and public content

• Your profile is private by default. You can choose to make it public in‑app.
• If your profile is public, your public username, avatar, and shared workouts may be visible to other users.
• Likes, comments, and follows are visible to the people who can view the related public content.
• You can delete your comments and remove or hide your public posts at any time.
• Blocking and reporting tools are available in‑app to help keep the community safe.

Lawful bases (UK GDPR)

• Contract: to provide the service you request.
• Legitimate interests: service improvement, security, fraud prevention.
• Consent: for optional features (e.g., special category/health data you choose to enter, certain analytics, or marketing). You can withdraw consent at any time.
• Legal obligation: where required by law or competent authority.

Sharing

We may share data with service providers who process it on our behalf (e.g., AI processing, hosting/storage, analytics) under contracts that protect your data. We will only disclose data to third parties where lawful (e.g., to comply with the law, protect rights, or complete a merger or acquisition). We do not sell personal data.

International transfers

If personal data is transferred outside the UK, we will ensure appropriate safeguards are in place (e.g., UK IDTA/SCCs) in accordance with UK GDPR.

Retention

We keep personal data only as long as necessary for the purposes set out above, and to comply with legal obligations. Unsaved AI analysis uploads may be auto-deleted under our retention policy. If you save a photo to your progress log, or link an analysis to a body stats entry, that photo is not subject to this auto-delete and remains until you delete it. Measurements derived from photos may remain even if the photo is deleted. You can delete your account or certain data at any time in‑app or by contacting us.

Your rights

Under UK GDPR you have rights including access, rectification, erasure, restriction, portability, and objection. You also have rights regarding automated decision‑making where applicable. To exercise these rights, contact us using the details below. You may also complain to the UK Information Commissioner’s Office (ICO).

Contact

BodyPlan Limited, 71-75 Shelton Street, Covent Garden, London, United Kingdom, WC2H 9JQ • Company No. 07893705. For privacy enquiries, contact: privacy@bodyplan.com

Effective date: 2/5/2026