Privacy Policy — Bridal Body

Introduction

Welcome to Bridal Body ("we," "us," "our," or the "App"). This Privacy Policy explains how Soma Welling Ltd collects, uses, stores, shares, and protects your personal information when you use our mobile application and related services (collectively, the "Service").

We are committed to protecting your privacy and handling your data transparently. By using the App, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with this policy, please do not use the Service.

      Summary: We collect only the information necessary to provide you with personalised fitness and nutrition plans for your wedding. Your data is stored securely and never sold to third parties.
    

Data Controller:
Soma Welling Ltd
Email: hello@bridalbody.app
Registered Address: 23 Brim Hill Hampstead Garden Suburb, London, United Kingdom, N2 0HD
Company Number: 16874129

1. Information We Collect

1.1 Information You Provide Directly

Account Information

Full name
Email address
Password (stored securely using encryption — we never store passwords in plain text)
Date of birth
Confirmation that you are 18 years of age or older

Physical and Health Information

Height, weight, and age
Body measurements (waist, hips, thighs, arms)
Activity level and fitness goals
Goal weight
Injuries or physical limitations (e.g., lower back pain, knee issues, shoulder problems, hip pain, ankle/foot issues, wrist/hand problems, neck pain)
Menstrual cycle information (if voluntarily provided via the cycle tracking feature)

Dietary and Nutritional Information

Dietary preferences and restrictions (e.g., vegetarian, vegan, gluten-free, dairy-free, nut-free, low-carb, keto, halal, kosher)
Food and meal logs
Daily calorie and macronutrient tracking data (protein, carbohydrates, fat)
Water intake logs

Wedding Information

Wedding date
Training preferences (number of days per week, preferred workout duration)

Fitness and Training Data

Workout completion history
Exercise history and preferences
Exercise swap selections
Training day and rest day preferences
Daily habit completions
Daily step goal preferences

Progress Data

Weight logs and measurements over time
Progress photos you choose to upload
Weekly check-in responses

AI Coach Conversations

Messages you send to Bridie, our AI fitness and nutrition coach
These conversations are processed to provide personalised guidance and coaching
Conversation history is stored to provide continuity in coaching

Content You Create

Favourited recipes
Customised settings and preferences

1.2 Information Collected Automatically

Usage Data

App usage patterns and feature interactions
Pages and screens viewed
Time spent on features
Workout and meal logging activity

Device Information

Device type and model
Operating system and version
App version
Unique device identifiers

Apple Health Data (with your explicit permission)

Daily step count
We only read step count data from Apple Health
We do not write data to Apple Health
We do not access any other Apple Health categories (heart rate, sleep, etc.)
You can revoke Apple Health access at any time through your device's Settings > Health > Data Access & Devices

1.3 Information from Third-Party Services

Apple Sign-In (if used): When you sign in using Apple, we receive your name and email address (or a private relay email address if you choose to hide your email). We do not receive your Apple ID password.

2. How We Use Your Information

We use your personal information for the following purposes:

Providing the Service

Creating and managing your account
Generating personalised workout programmes based on your wedding date, fitness level, available time, injuries, and training preferences
Calculating appropriate calorie and macronutrient targets for your goals
Providing personalised recipe recommendations based on dietary preferences
Tracking your progress towards your wedding fitness goals
Providing AI-powered fitness and nutrition coaching through Bridie
Delivering personalised weekly check-in analysis based on your actual workout, nutrition, and progress data
Managing your subscription and providing access to premium features

Communication

Sending a welcome email when you create your account
Sending a subscription confirmation email when you start your trial or subscription
Sending important service-related updates (e.g., changes to the Service or this Privacy Policy)
We do not send marketing emails unless you explicitly opt in to receive them

Safety and Wellbeing

Enforcing a minimum calorie floor of 1,500 calories daily to protect user health
Implementing crisis detection protocols in AI coaching conversations to detect signs of disordered eating or mental health distress and provide appropriate support resources
Ensuring AI coaching responses are safe, accurate, and within scope

Improvement and Analytics

Understanding how users interact with the App to improve features and user experience
Identifying and fixing bugs and technical issues
Analysing aggregate, anonymised usage trends

Legal Compliance

Complying with applicable laws and regulations
Responding to legal requests or preventing fraud

3. Legal Basis for Processing (UK GDPR)

We process your personal data under the following legal bases:

Performance of a contract: Providing the Service, managing your account, delivering personalised plans, processing subscriptions
Legitimate interest: Improving the App, ensuring security, analysing usage trends, communicating service updates
Consent: Processing Apple Health data, sending marketing communications (if applicable), processing special category health data
Legal obligation: Complying with tax, accounting, and other legal requirements

Special Category Data: Some of the data we collect (health and fitness data, menstrual cycle data, dietary requirements related to religion) may be considered "special category data" under UK GDPR. We process this data based on your explicit consent, which you provide when you create your account, complete onboarding, and use the relevant features. You may withdraw this consent at any time (see Section 7).

4. How We Share Your Information

We never sell your personal data to third parties.

We share your information only with the following categories of service providers, who process data on our behalf and are bound by data protection agreements:

4.1 Infrastructure and Hosting

Supabase: Database hosting, user authentication, and secure file storage (including progress photos). Data shared: Account information, profile data, workout/nutrition logs, progress photos, AI conversation history. Location: Cloud servers (may include US and EU locations). View Supabase's Privacy Policy at https://supabase.com/privacy

Vercel: Hosting the App's web layer, Privacy Policy, and Terms of Use pages. Data shared: Standard web request data (IP address, device info). Location: Global edge network. View Vercel's Privacy Policy at https://vercel.com/legal/privacy-policy

4.2 AI and Machine Learning

Anthropic (Claude AI): Powers Bridie, our AI fitness and nutrition coach. Data shared: Messages you send to Bridie, along with relevant profile context (name, wedding date, fitness goals) to personalise responses. Important: Anthropic does not use your conversations to train their AI models. Location: United States. View Anthropic's data processor policy at https://support.claude.com/en/articles/9267385-does-anthropic-act-as-a-data-processor-or-controller

4.3 Payments and Subscriptions

RevenueCat: Managing in-app subscriptions, free trials, and purchase verification. Data shared: Subscription status, purchase receipts, anonymous user identifiers. Important: We do not collect or store your payment card details — all payment processing is handled by Apple through the App Store. Location: United States. View RevenueCat's Privacy Policy at https://www.revenuecat.com/privacy/

Apple (App Store): Processing all payments and subscriptions. Apple handles all financial transactions — we receive only confirmation of subscription status. View Apple's Privacy Policy at https://www.apple.com/legal/privacy/en-ww/

4.4 Email Communications

Resend: Sending transactional emails (welcome email, subscription confirmation). Data shared: Email address, first name, wedding date (for personalisation). Location: United States. Privacy Policy

4.5 Other Disclosures

We may also share your information:

If required by law, regulation, or legal process (e.g., court order, subpoena)
To protect the rights, property, or safety of Bridal Body, our users, or others
In connection with a merger, acquisition, or sale of assets (in which case you will be notified)
With your explicit consent

5. Data Storage and Security

We take the security of your data seriously and implement appropriate technical and organisational measures:

Technical Measures

All data is encrypted in transit using TLS/SSL
Data is encrypted at rest on secure servers
Passwords are hashed using industry-standard algorithms and never stored in plain text
Progress photos are stored privately and accessible only to you
Database access is restricted through row-level security policies
API keys and secrets are stored securely and never exposed in client-side code

Organisational Measures

Access to personal data is limited to those who need it to provide the Service
We regularly review and update our security practices
We monitor for security vulnerabilities and apply patches promptly

Limitations: While we strive to protect your data, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security but will notify you and relevant authorities of any data breach in accordance with UK GDPR requirements (within 72 hours where feasible).

6. Data Retention

Account and profile data — Duration of active account
Workout and nutrition logs — Duration of active account
Progress photos — Duration of active account
AI coach conversations — Duration of active account
Subscription data — Account + 7 years (tax records)
Email logs — 12 months from date sent

After Account Deletion: When you delete your account, we will permanently delete all your personal data within 30 days, including workout history, meal logs, progress photos, AI coach conversations, and measurements. Some data may be retained for up to 7 years where required for legal, tax, or accounting obligations, but will be anonymised where possible.

Inactive Accounts: If your account is inactive for 24 months, we may contact you to confirm whether you wish to keep your account. If we receive no response, we may delete your account and associated data.

7. Your Rights Under UK GDPR

As a UK resident, you have the following rights regarding your personal data:

Right of Access: You have the right to request a copy of all personal data we hold about you. You can view most of your data directly within the App (Settings > Profile). For a complete copy, contact us at hello@bridalbody.app.

Right to Rectification: You can correct inaccurate personal data at any time through the App's Settings > Profile page, or by contacting us.

Right to Erasure ("Right to be Forgotten"): You can delete your account at any time by going to Settings > Delete Account within the App. This will permanently remove all your data, including workout history, meal logs, progress photos, and AI coach conversations. You can also request deletion by emailing hello@bridalbody.app.

Right to Restrict Processing: You can request that we limit how we process your data in certain circumstances (e.g., while we verify the accuracy of data you have contested).

Right to Data Portability: You can request a copy of your data in a structured, commonly used, machine-readable format (JSON). Contact us at hello@bridalbody.app to request this.

Right to Object: You can object to the processing of your data where we rely on legitimate interest as the legal basis. You can also object to direct marketing at any time.

Right to Withdraw Consent: Where we process data based on your consent (e.g., Apple Health data, special category health data), you can withdraw consent at any time. For Apple Health: go to your device Settings > Health > Data Access & Devices > Bridal Body. For other data: contact us at hello@bridalbody.app. Withdrawal of consent does not affect the lawfulness of processing carried out before withdrawal.

Right to Lodge a Complaint: If you are unsatisfied with how we handle your data, you have the right to lodge a complaint with the UK Information Commissioner's Office (ICO): Website: ico.org.uk | Phone: 0303 123 1113 | Post: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

Exercising Your Rights: To exercise any of these rights, email us at hello@bridalbody.app. We will respond to your request within 30 days. We may need to verify your identity before processing your request.

8. International Data Transfers

Some of our third-party service providers are based outside the United Kingdom, including in the United States. When your data is transferred internationally, we ensure appropriate safeguards are in place:

Standard Contractual Clauses (SCCs): We rely on the UK International Data Transfer Agreement or Addendum to EU SCCs where applicable
Adequacy Decisions: Where the UK government has determined that a country provides adequate data protection
Service Provider Commitments: Our providers maintain robust data protection practices and certifications

Providers with international transfers: Supabase (US/EU), Anthropic (US), RevenueCat (US), Resend (US), Vercel (Global) — all with Standard Contractual Clauses.

9. Children's Privacy

Bridal Body is designed for adults preparing for their wedding and is not intended for use by anyone under the age of 18. We require all users to confirm they are 18 or older during account creation.

We do not knowingly collect personal information from anyone under 18. If we become aware that we have collected data from a person under 18, we will take immediate steps to delete that information and terminate the account.

If you believe a child under 18 has provided us with personal data, please contact us immediately at hello@bridalbody.app.

10. Cookies and Tracking Technologies

The Bridal Body mobile app does not use browser cookies. However, we may use the following technologies:

Analytics: We may use anonymised analytics to understand app usage patterns. This data is aggregated and cannot be used to identify individual users.

Advertising (if applicable): If we run advertising campaigns, we may use tracking pixels or SDKs to measure campaign effectiveness. These tools may collect whether you installed the App after seeing an ad, anonymous engagement metrics, and device identifiers for advertising.

You can opt out of personalised advertising via iOS Settings > Privacy & Security > Tracking > Disable "Allow Apps to Request to Track" and iOS Settings > Privacy & Security > Apple Advertising > Disable "Personalised Ads".

11. AI Coach (Bridie) — Additional Disclosures

Bridie is an AI-powered fitness and nutrition coach within the App. Important information about Bridie:

What Bridie Is

Bridie provides general fitness and nutrition guidance tailored to your wedding preparation
Bridie's responses are generated by AI (Anthropic's Claude) and personalised using your profile data

What Bridie Is Not

Bridie is not a medical professional, registered dietitian, or certified personal trainer
Bridie does not provide medical advice, diagnoses, or treatment recommendations
Bridie's guidance should not replace professional medical or nutritional advice

Data Processing

When you message Bridie, your message and relevant profile context are sent to Anthropic's Claude AI to generate a response
Anthropic does not use your conversations to train their AI models
Conversation history is retained to provide coaching continuity
You can clear your conversation history at any time within the Coach tab
Messages are limited to 10 per 24-hour period

Safety Measures

Bridie enforces a minimum calorie floor and will never recommend dangerously low calorie targets
Bridie includes crisis detection protocols: if signs of disordered eating, self-harm, or mental health distress are detected, Bridie will provide appropriate support resources (Beat Eating Disorders helpline and Samaritans)
Bridie will not provide advice on topics outside its scope (fitness, nutrition, wellness, wedding preparation, and motivation)

12. Subscription Terms and Auto-Renewal

Free Trial: New users are offered a 7-day free trial of Premium access. You will not be charged during the trial period. You can cancel at any time during the trial without being charged.

Subscription Plans: Premium Monthly and Premium Yearly plans are available. Prices are displayed in your local currency as determined by the Apple App Store in your region and may vary.

Auto-Renewal: Subscriptions automatically renew at the end of each billing period unless cancelled at least 24 hours before the renewal date. Your Apple ID account will be charged for renewal within 24 hours prior to the end of the current period. You can manage and cancel your subscription through your Apple ID settings (Settings > [Your Name] > Subscriptions).

Refunds: Refund requests are handled by Apple in accordance with their refund policies. Contact Apple Support for refund requests.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes:

We will update the "Last Updated" date at the top of this policy
We will notify you within the App or via email if changes are significant
Continued use of the App after changes take effect constitutes acceptance of the updated policy

We encourage you to review this Privacy Policy periodically.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your personal data, please contact us:

Email: hello@bridalbody.app
General Enquiries: hello@bridalbody.app
Data Protection Requests: hello@bridalbody.app

We aim to respond to all privacy-related enquiries within 30 days.

15. Additional Information for Specific Jurisdictions

European Economic Area (EEA)

If you are located in the EEA, you have the same rights as outlined in Section 7, enforceable under the EU General Data Protection Regulation (GDPR). Our lead supervisory authority is the UK Information Commissioner's Office (ICO).

California (USA)

If you are a California resident, you may have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

Right to Know: You can request disclosure of the categories and specific pieces of personal information we collect
Right to Delete: You can request deletion of your personal information
Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights
Right to Opt-Out of Sale: We do not sell your personal information

To exercise these rights, contact us at hello@bridalbody.app.