1. Introduction
Brohdi ("we", "our", "us") is committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, store, and share your personal information in compliance with the UK Data Protection Act 2018 and the General Data Protection Regulation (GDPR).
2. Data We Collect
We collect personal information to provide our services effectively, including:
a) Personal Information:
- Name, date of birth, email, phone number, country, language, timezone
- Profile photo
- Two-factor authentication and account settings
- Membership and coaching account information
b) Health and Fitness Information (Special Category Data):
- Physical measurements, exercise and nutrition data, and medical history
- Derived health scores (e.g., readiness, wellbeing, or sleep scores)
c) App Activity Data:
Workout logs, nutrition entries, check-ins, and messaging
d) Payment Information:
Payments are processed by Stripe; Brohdi does not store card details
e) Third-Party Data (if connected by the user):
Fitness and health apps (Apple Health, Google Fit, etc.)
3. How We Use Your Data
We use your personal information to:
- Provide and manage your account and access to Brohdi services
- Enable messaging with coaches and other members
- Personalise workouts, nutrition plans, and app experience
- Process payments via Stripe
- Analyse usage for service improvement
- Comply with legal obligations
- Notify users of service updates and new features
4. Coaches and Data Access
Coaches are independent businesses using Brohdi as a platform. Coaches can view their clients' data within the app only; they cannot export or delete it. Brohdi ultimately controls all personal data; coaches act as authorised users.
5. Sharing Your Data
We may share personal information with:
- Coaches: if you're a client working with a coach
- Essential service providers under strict data processing agreements:
- Stripe (payment processing)
- AWS & Neon (hosting and infrastructure)
- Railway (messaging infrastructure)
- Legal or regulatory authorities: if required
- Sub-processors / Integrations: Users may connect third-party health apps; these are listed in your account and access is revocable
We maintain a sub-processor registry and ensure all partners meet GDPR/UK GDPR standards. We do not sell or trade your personal information.
6. Data Retention
- Active accounts: data retained while you use the app
- Deleted/inactive accounts: data retained for 12 months, then permanently deleted
- Payment records: retained 7 years for compliance
- Backups: maintained according to disaster recovery procedures
7. Your Rights
Under GDPR and UK GDPR, you have the right to:
- Access your personal data
- Correct inaccurate or incomplete data
- Request deletion of your data
- Restrict or object to processing
- Withdraw consent
- Access automated health score calculations and underlying data
All requests must go through Brohdi support.
8. Security
We implement technical and organisational measures to protect your data:
- Password hashing
- Secure servers and encrypted transmission
- Role-based access controls
- Restricted staff access
9. Marketing and Notifications
You may receive updates, promotions, or announcements. Notifications can be disabled in app settings.
10. International Transfers
Your data is stored in the UK and EU regions (AWS). We ensure adequate protection under GDPR and UK GDPR.
11. Versioning & Policy Updates
Updates to this policy will be communicated via in-app notifications, email, and website notices. The latest version is always available at brohdi.com/privacy. Continued use after updates constitutes acceptance.
12. Data Breach Notification
Relevant authorities will be notified within 72 hours of a qualifying breach. Affected users will be informed without undue delay if their rights or freedoms are at high risk. All incidents are logged, investigated, and used to improve security.