Last updated: Saturday 21 March 2026
This Privacy Policy applies to Bodacious Club, our iOS mobile application (our "App") and our WhatsApp messaging service (together, our "Services"). In the below policy, we inform you about the scope of the processing of your Personal Data.
In principle, we will only use your personal data in accordance with the applicable data protection laws, in particular the UK's Data Protection Act ("DPA") and the EU counterpart the General Data Protection Regulation ("GDPR").
Personal Data is any information relating to personal or material circumstances that relates to an identified or identifiable individual. This includes, for example, your name, date of birth, e-mail address, postal address, or telephone number as well as online identifiers such as your IP address and device ID.
Special category data is Personal Data that needs more protection because it is sensitive. This includes Personal Data that, among others, concerns your health. In order to lawfully process Special Category Data, it is necessary to consent to the processing.
"Processing" means any operation or set of operations which is performed upon Personal Data, whether or not by automatic means. The term is broad and covers virtually any handling of data.
The responsible party within the meaning of the DPA and the GDPR is Bodacious Club Ltd of 71-75 Shelton Street, Covent Garden, London, United Kingdom, WC2H 9JQ ("Bodacious Club", "we", "us", or "our"). If you have any questions or if you wish to exercise your rights, please email fithappens@bodacious.club.
The App can be downloaded from the Apple "App Store" (Apple Inc.). Downloading may require prior registration with the App Store and/or installation of the Apple store software. As far as we are aware, Apple collects and processes device identifiers, IP addresses, location information, and it cannot be excluded that Apple also transmits the information to a server in a third country. We cannot influence which personal data Apple processes. The responsible party here is Apple as the operator of the Apple App Store.
Apple may collect information from and about the device(s) you use to access the App, including hardware and software information such as IP address, device ID and type, device-specific and App settings and properties, App crashes, advertising IDs (AAID), information about your wireless and mobile network connection such as your service provider and signal strength; information about device sensors such as accelerometer, gyroscope, and compass.
We may request permission to access your Internet Connection and Network, health data from Apple Health, and camera and gallery access. The legal basis is our legitimate interest and the provision of contractual or pre-contractual measures. You can deny access via your device settings; our App may not function as intended.
We offer an optional WhatsApp messaging service that allows you to communicate with our AI coaches (Boddy and Bodessa) via WhatsApp. When you use this service, we process your phone number, the content of your messages, delivery and read receipts, and message timestamps. This data is transmitted via Meta's WhatsApp Business Platform. By initiating a conversation with us on WhatsApp, you consent to Meta processing your data in accordance with Meta's Privacy Policy (https://www.whatsapp.com/legal/privacy-policy) and to our processing of your messages and phone number to provide the service. The legal basis is your consent and the fulfilment of the user contract.
When you use our App, you will receive push messages from us, even if you are not currently using our App. These are messages we send as part of contract performance. You can adjust or stop receiving push messages via your device settings. Where you consent to push messages, consent is the legal basis.
When you take out a subscription, we (RevenueCat on our behalf) may collect: Apple User ID, email address, payment confirmation from the payment data collected by RevenueCat, and device IP and serial number to link history to the device.
We use the Google Firebase developer App and related features: Firebase Analytics, Firebase Crashlytics, and Firebase Cloud Messaging for push notifications. By integrating Google services, Google may collect and process information (including personal data), potentially on servers outside the EEA. We cannot influence which data Google collects and processes. Firebase's key security and privacy information can be found here. The legal basis is the implementation of the user contract for the App.
The App uses Crashlytics to log crashes. No personal data is transmitted. Only real-time crash reports with precise details of code locations and device information are sent to improve stability. The legal basis is our legitimate interest. In Settings under data services, you can choose whether to send crash reports.
Our App uses Google Analytics for Firebase, which uses tracking technologies to track your use of our App (e.g., number of users and sessions, session duration, OS, device model, region, first start, app execution and updates). Firebase Analytics uses your device's advertising ID, an App instance ID, and an IP address shortened before processing. You can object by disabling usage statistics in your device settings (Reset Advertising ID). The basis for processing is our legitimate interest and your consent.
Our App uses PostHog, a product analytics platform hosted in the European Union (eu.i.posthog.com), to understand how users interact with our App. PostHog collects usage events (e.g., screens viewed, features used), app lifecycle events (e.g., app opened, app backgrounded), and basic device information (device model, OS version, app version). PostHog uses your anonymised user ID to link events but does not collect personally identifiable information beyond what is described. The legal basis is our legitimate interest in improving our App.
Our App uses Sentry, an error monitoring service hosted in the European Union (de.sentry.io), to detect and fix crashes and performance issues. Sentry collects crash reports, error stack traces, performance data, and basic device information (device model, OS version). No personally identifiable information is intentionally transmitted. The legal basis is our legitimate interest in maintaining the stability and performance of our App.
Our App uses AppsFlyer, a mobile attribution and analytics platform, to measure the effectiveness of marketing campaigns and understand how users discover our App. AppsFlyer may collect device identifiers, install and attribution data, and campaign information. Where required by Apple's App Tracking Transparency framework, your explicit consent is obtained before any cross-app tracking occurs. You can withdraw consent at any time via your device settings. The legal basis is our legitimate interest and, where applicable, your consent.
Personal data is processed depending on the contact method. In addition to your name and email address, IP address or phone number, we usually collect the context of your message, which may include Personal Data. The personal data collected when you contact us is used to process your request; the legal basis is your consent.
We only process as much Personal Data as necessary to perform our services. We rely on the processing of certain Personal Data to fulfil our contractual obligations to you or to carry out pre-contractual measures.
If you register, we will request mandatory and non-mandatory data per the registration form including your name and email address. Entry is encrypted. Your data remains stored as long as registration lasts or as needed to fulfil the contract, enforce rights, for legitimate interests, or where legally required (e.g. tax retention). You may also sign up using Google or Apple Single Sign-On. By registering via connect functions, you agree to Google's/Apple's terms and consent to transfer of certain data to us. Legal basis: your consent and the establishment and implementation of the user contract.
As a registered user, you can create a user profile. Details may include your goals, diet restrictions, weight, height, name, email, date of birth, activity level, gender, and location. You can change the information any time. You have choices about your profile and whether to include sensitive information or make it public. Do not post Personal Data you wouldn't want available. Legal basis: establishment and implementation of the user contract.
If you use our dieting features, we process the Personal Data you voluntarily provide. Some may be "special" or "sensitive" (e.g., health data). By choosing to provide this data, you consent to our processing. You don't have to provide Personal Data or Special Category Data. We also process your chats and communications with our AI using the services of OpenAI and Google Gemini to provide our services. This includes messages sent via our App and via our WhatsApp messaging service. Legal basis: fulfilment of the user contract and your consent.
We share some users' information with service providers and partners who assist us in operating our App. You share information with other users when you voluntarily disclose it on the service. Be careful with your information. We also collect information about your activities on our App (e.g., date/time you logged in, features used, searches, pages shown, content clicked) and how you interact with other users (e.g., who you connect with, time/date of exchanges). Legal basis: fulfilment of the user contract and your consent.
For managing and analysing in-app purchases, we use RevenueCat. You consent to collection of data by the App and its transmission to RevenueCat. If you do not want third-party storage of provided data, refrain from using the App.
We process data for administrative tasks, business organisation, and legal obligations such as archiving. We process the same data we process to provide contractual services. Processing bases: legal obligations and our legitimate interest.
By using our Services, you consent to us contacting you by email, phone, SMS, WhatsApp, or push notification for purposes related to our Services, including coaching, accountability check-ins, feedback requests, service updates, reminders, and progress summaries. We process your contact details (email address and/or phone number) for this purpose. The legal basis is your consent and our legitimate interest in providing and improving our Services. You may opt out of non-essential communications at any time by contacting us at fithappens@bodacious.club or by adjusting your notification preferences within the App.
As our App uses the services of OpenAI and Google Gemini we have, in accordance with the upcoming EU AI Act, taken steps: (i) assessed risks (Limited risk), (ii) raised awareness, (iii) designed our App on ethical principles, (iv) assigned responsibility to our CEO, (v) continue to develop and keep it up-to-date, and (vi) established formal governance.
We retain your Personal Data only for as long as necessary to fulfil the purposes for which it was collected or as required by law. Account and profile data is retained for the duration of your account and deleted within 90 days of account deletion, unless we are required by law to retain it (e.g. for tax or accounting purposes, typically up to 7 years). Chat and messaging data (including WhatsApp messages processed by our AI) is retained for up to 12 months to provide continuity of coaching and then automatically deleted. Analytics and crash data collected by third-party services (Firebase, PostHog, Sentry, AppsFlyer) is retained in accordance with those providers' own retention policies. Subscription and payment data managed by RevenueCat is retained as long as necessary for billing, refund, and legal compliance purposes. If you request deletion of your data, we will erase it within 30 days except where retention is required by law.
We will not disclose your Personal Data to third parties unless necessary for service performance, you have consented, or disclosure is permitted by law. We may disclose Personal Data in connection with law enforcement, fraud prevention, or other legal proceedings; as required by law or regulation; if Bodacious Club is sold or merged; or if disclosure is necessary to protect Bodacious Club.
We may transfer your Personal Data to other companies as necessary for the purposes described. Some of our third-party service providers are based outside the UK and EEA, in particular in the United States: Google LLC (Firebase, Google Gemini, Google Analytics), OpenAI LLC, Meta Platforms Inc. (WhatsApp Business Platform), AppsFlyer Inc., and RevenueCat Inc. Where we transfer Personal Data outside the UK and EEA, we ensure appropriate safeguards are in place, including the use of Standard Contractual Clauses (SCCs) approved by the European Commission and the UK's International Data Transfer Agreement (IDTA), or reliance on an adequacy decision where applicable. We put contractual arrangements in place and reasonable technical/organisational measures to protect Personal Data we transfer.
We only process the Personal Data necessary to use our services and take great care to ensure your privacy and confidentiality. Nonetheless, data breaches can occur. Upon becoming aware of a data breach, we will notify affected individuals as expeditiously as possible and describe the actions being taken.
You can exercise the following rights: Right to information, Right to rectification, Right to deletion, Right to data portability, Right of objection, Right to withdraw consent, Right to complain to a supervisory authority, Right not to be subject to a decision based solely on automated processing. To exercise any of your rights, please email us at fithappens@bodacious.club. We will respond to your request within 30 days. You may also delete your account and all associated data directly from the App by navigating to Settings and selecting "Delete Account".
If you believe the information we hold is inaccurate or we are no longer entitled to use it and want to request rectification, deletion, or object to processing, please contact us.
To make a Data Subject Access Request, inform us in writing. We will respond as soon as reasonably possible. If we cannot respond within thirty (30) days, we will inform you within thirty (30) days of when we will respond. If we are unable to provide Personal Data or make a requested correction, we will generally inform you of the reasons (except where not required to do so).
We do not request Personal Data from minors and children; we do not use automated decision-making including profiling; and we do not sell your Personal Data.
You have the right to complain about our processing of Personal Data to a supervisory authority. In the UK this is the Information Commissioner's Office (ICO). We would appreciate the opportunity to address your concerns before you contact the ICO.
This Privacy Policy was last updated on Saturday 21st of March 2026, and is the current and valid version. From time to time changes or revisions may be necessary. If you feel the above is not sufficient or if you have any queries regarding the collection, processing, or use of your Personal Data, we're looking forward to hearing from you. We will reply as soon as possible and consider any suggestions.