BodAI is the data controller responsible for your personal data. We are based in Norway and comply with applicable Norwegian and European Union data protection laws.

We collect the following categories of personal data:

3.1 Account & Profile Data

• Email address (required for account creation)
• Display name
• Phone number (optional)
• Profile photo (optional, stored in cloud storage)
• Date of birth
• Gender

3.2 Physical Measurements

• Height
• Weight

3.3 Exercise Preferences

• Fitness level and experience
• Exercise frequency and modalities
• Preferred workout duration and environment
• Target body areas
• Health and fitness goals
• Dietary preferences

3.4 AI Conversation Data

• Chat messages and conversations with our AI assistant
• Questions and responses about health topics
• Selected body parts during consultations

3.5 Generated Content

• Personalized exercise programs
• Questionnaire responses
• Program feedback and modifications

3.6 Payment Information

• Subscription status and plan type
• Stripe customer ID (payment processing identifier)
• Subscription period dates

Note: We do not store your credit card details. All payment processing is handled securely by Stripe.

3.7 Technical & Usage Data

• Device information (type, operating system)
• App usage statistics and interaction data
• Language preferences
• Authentication tokens

We collect the following health-related information to provide personalized fitness guidance:

4.1 Medical Information

• Existing medical conditions
• Current medications
• Past and current injuries
• Family health history

4.2 Physical Health Indicators

• Areas of pain or discomfort
• Sleep patterns
• Fitness level assessments

4.3 Why We Collect Health Data

This health information is essential for us to:

• Generate safe, personalized exercise programs
• Avoid recommending exercises that could aggravate existing conditions
• Provide appropriate modifications for your situation
• Detect potential red flags requiring medical attention

4.4 Your Consent

By providing health information and using our service, you explicitly consent to our processing of this special category data for the purposes described. You may withdraw this consent at any time by deleting your account, though this will affect our ability to provide personalized services.

We use trusted third-party services to operate BodAI. Each processor is bound by data protection agreements and processes data only as instructed by us.

BodAI uses artificial intelligence to provide personalized health and fitness guidance. It's important you understand how this works:

6.1 How AI Processes Your Data

• Chat Conversations: When you chat with our AI assistant, your messages (including any health information you share) are sent to OpenAI for processing.
• Program Generation: Your health profile, questionnaire responses, and preferences are sent to OpenAI to generate personalized exercise programs.
• Educational Content: AI generates explanations about anatomy, exercises, and health topics based on your queries.

6.2 Automated Decision-Making

Our AI assists in generating exercise recommendations, but these are suggestions for educational purposes only. We do not make fully automated decisions that have legal or similarly significant effects on you under GDPR Article 22.

6.3 Human Oversight

Our AI includes safety protocols to detect red flags for serious medical conditions and will recommend consulting healthcare professionals when appropriate. The AI is not a replacement for professional medical advice.

We use your information for the following purposes:

7.1 Service Delivery

• Creating and managing your account
• Generating personalized exercise programs
• Providing AI-powered health and fitness guidance
• Processing subscriptions and payments

7.2 Personalization

• Tailoring exercise recommendations to your fitness level and goals
• Adapting programs based on your health conditions and limitations
• Remembering your preferences across sessions

7.3 Communication

• Sending authentication codes for secure sign-in
• Notifying you about important account changes
• Responding to your inquiries and support requests

7.4 Improvement & Analytics

• Understanding how users interact with our app
• Improving our services and user experience
• Identifying and fixing technical issues

7.5 Legal Compliance

• Complying with applicable laws and regulations
• Protecting against fraudulent or illegal activity
• Enforcing our terms of service

We process your data based on the following legal grounds under GDPR:

We retain your data for specific periods based on its purpose:

When you delete your account, we will erase your personal data within 30 days, except where retention is required by law (e.g., financial records).

We may share your information in the following circumstances:

10.1 Service Providers

With the third-party services listed in Section 5, who process data on our behalf under strict contractual obligations.

10.2 Legal Requirements

When required by law, court order, or governmental authority, or to protect our legal rights.

10.3 Business Transfers

In connection with a merger, acquisition, or sale of assets, where your data may be transferred to the new entity (you would be notified of such transfer).

10.4 With Your Consent

For any other purpose with your explicit consent.

BodAI is based in Norway, within the European Economic Area (EEA). However, some of our service providers operate outside the EEA:

Safeguards for International Transfers

When transferring data outside the EEA, we ensure appropriate safeguards are in place:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Data Processing Agreements with each provider
• Assessment of the legal framework in the recipient country

You may request a copy of the safeguards we use for international transfers by contacting us at privacy@bodai.no.

Under GDPR, you have the following rights regarding your personal data:

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction:

• Encryption: Data is encrypted in transit (TLS/SSL) and at rest
• Authentication: Secure email-based authentication with time-limited codes
• Access Control: Strict access controls limiting who can access data
• Infrastructure: Cloud infrastructure with industry-standard security certifications
• Monitoring: Regular security monitoring and vulnerability assessments

While we strive to protect your data, no method of transmission or storage is 100% secure. If you become aware of any security issues, please contact us immediately at privacy@bodai.no.

We use browser storage technologies to improve your experience:

14.1 Local Storage

• Authentication: Email for sign-in, authentication tokens
• Preferences: Language settings, UI preferences
• Session State: Chat state, viewer state for continuity

14.2 Session Storage

• Temporary authentication flow data
• Temporary chat state during navigation

14.3 Firebase Analytics

We use Firebase Analytics (in production only) which may set cookies to understand app usage. This data is anonymized and used for improving our service.

You can clear local storage through your browser settings, though this may require you to sign in again and reset your preferences.

Our services are not intended for children under 16 years of age. We do not knowingly collect personal data from children under 16.

If you are a parent or guardian and believe your child has provided us with personal data, please contact us at privacy@bodai.no. We will promptly delete such information from our systems.

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors.

When we make material changes, we will:

• Update the "Last Updated" date at the top of this policy
• Notify you via email or in-app notification for significant changes
• Obtain new consent if required for processing activities

We encourage you to review this policy periodically. Continued use of our service after changes constitutes acceptance of the updated policy.

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

We aim to respond to all inquiries within 30 days. For urgent matters related to data security, please indicate this in your subject line.

If you believe that our processing of your personal data infringes data protection laws, you have the right to lodge a complaint with a supervisory authority.

We encourage you to contact us first at privacy@bodai.no so we can try to resolve your concern directly.