1. Introduction

Welcome to Bodytrack. We respect your privacy and are committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, and protect your information when you use our fitness coaching platform and services.

This policy applies to all users of our services, including those accessing our platform through the "adieubidon" and "bodytrack" brands, across our web applications and mobile apps.

We are the data controller responsible for your personal data. We are committed to complying with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

2. Information We Collect

2.1 Information You Provide

Account Information:

• Name, email address, and password
• Account type (user/client, coach, or admin)
• Profile information and preferences
• Coach certifications and professional information (for coach accounts)

Health and Fitness Data:

• Body measurements and checkup data
• Fitness goals and preferences
• Workout history and training session data
• Progress photos and videos
• Health questionnaires and assessments

Communication Data:

• Messages exchanged between coaches and clients
• Support tickets and correspondence with our team
• Feedback and survey responses

Payment Information:

• Payment method details (processed securely by Stripe)
• Billing address and transaction history
• Subscription and seat purchase information

Content You Upload:

• Photos, videos, and documents
• Workout programs and training plans (for coaches)
• Exercise demonstrations and educational content

2.2 Information We Collect Automatically

Usage Data:

• Pages viewed, features used, and time spent on the platform
• Search queries and interactions with content
• Session information and access times

Device and Technical Information:

• IP address and browser type
• Device type, operating system, and unique device identifiers
• Mobile app version and configuration settings
• Push notification tokens (for mobile devices)

Cookies and Similar Technologies:

• Session cookies for authentication
• Preference cookies for user settings
• Analytics cookies (with your consent)

2.3 Information from Third-Party Services

Google Services:

• Profile information when you sign in with Google OAuth (name, email, profile picture)
• Calendar events when you connect your Google Calendar
• Authorization tokens for Google API access

Payment Processor:

• Transaction confirmations and subscription status from Stripe
• Payment method details (stored securely by Stripe, not on our servers)

3. How We Use Your Information

We use your personal data for the following purposes:

3.1 Service Provision

• Creating and managing your account
• Facilitating the coaching relationship between coaches and clients
• Delivering personalized workout programs and training plans
• Enabling real-time messaging and communication
• Syncing with your Google Calendar for schedule management
• Processing payments and managing subscriptions

3.2 Communication

• Sending transactional emails (account verification, password resets, payment confirmations)
• Notifying you of new messages, upcoming sessions, and important updates
• Sending push notifications for in-app events (with your permission)
• Responding to your support requests and inquiries

3.3 Platform Improvement

• Analyzing usage patterns to improve our services
• Conducting research and development for new features
• Troubleshooting technical issues and bugs
• Ensuring platform security and preventing fraud

3.4 Marketing (with consent)

• Sending promotional offers and updates about new features
• Providing information about our services and partnerships
• Sharing success stories and testimonials (with explicit permission)

3.5 Legal and Compliance

• Complying with legal obligations and regulations
• Enforcing our Terms of Service
• Protecting our rights and the rights of others
• Responding to legal requests and preventing illegal activities

4. Legal Basis for Processing (GDPR)

Under GDPR, we process your personal data based on the following legal grounds:

• Contract Performance: Processing necessary to provide our services and fulfill our contractual obligations to you
• Consent: You have given explicit consent for specific purposes (e.g., marketing communications, Google Calendar access)
• Legitimate Interests: Processing necessary for our legitimate business interests (e.g., platform security, fraud prevention, service improvement), provided these interests are not overridden by your rights
• Legal Obligations: Processing required to comply with legal and regulatory requirements

5. How We Share Your Information

We do not sell your personal data. We may share your information in the following circumstances:

5.1 Within the Platform

• Between Coaches and Clients: When you work with a coach, your profile information, health data, workout history, and messages are shared with your assigned coach to facilitate the coaching relationship
• Admin Access: Platform administrators may access user data for support, moderation, and platform management purposes

5.2 Third-Party Service Providers

• Stripe: Payment processing and subscription management (subject to Stripe's privacy policy)
• Amazon Web Services (AWS): Cloud hosting and file storage for uploaded content (photos, videos, documents)
• Google: Authentication services (OAuth) and calendar integration when you authorize access
• Expo Push Notification Service: Delivering push notifications to mobile devices
• Email Service Provider: Sending transactional and marketing emails

5.3 Legal Requirements

We may disclose your information if required by law, court order, or government regulation, or to protect our rights, property, or safety, or that of our users or the public.

5.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your personal data may be transferred to the acquiring entity, subject to the same privacy protections.

6. International Data Transfers

Our services are primarily operated in the European Union (France). However, some of our service providers (such as AWS) may process data in other jurisdictions, including the United States.

When we transfer personal data outside the European Economic Area (EEA), we ensure appropriate safeguards are in place, such as:

• Standard Contractual Clauses approved by the European Commission
• Adequacy decisions recognizing equivalent data protection standards
• Privacy Shield certification (where applicable)

7. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction:

• Encryption of data in transit using HTTPS/TLS protocols
• Encryption of sensitive data at rest
• Secure password hashing and authentication mechanisms
• Access controls and authentication requirements for our systems
• Regular security audits and vulnerability assessments
• Secure file storage on AWS S3 with signed URLs for controlled access
• Session token management with automatic expiration and cleanup

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

8. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required by law.

Retention Periods:

• Account Data: Retained for the duration of your active account, plus a reasonable period after account closure for legal and administrative purposes
• Health and Fitness Data: Retained while you have an active account or active coaching relationship
• Communication Data: Retained for the duration of your account to maintain conversation history
• Payment Records: Retained for 7 years to comply with tax and financial regulations
• Session Tokens: Automatically deleted through scheduled cleanup tasks after expiration
• Analytics Data: Aggregated and anonymized after 24 months

Upon account deletion, we will delete or anonymize your personal data within 30 days, except where we are legally required to retain certain information.

9. Your Rights Under GDPR

If you are located in the European Economic Area (EEA), you have the following rights regarding your personal data:

9.1 Right of Access

You have the right to obtain confirmation that we are processing your personal data and to request a copy of the data we hold about you.

9.2 Right to Rectification

You can update or correct your personal data through your account settings or by contacting us directly.

9.3 Right to Erasure ("Right to be Forgotten")

You can request deletion of your personal data. We will comply unless we have a legitimate reason to retain the data (e.g., legal obligations, ongoing disputes).

9.4 Right to Restriction of Processing

You can request that we limit the processing of your personal data in certain circumstances.

9.5 Right to Data Portability

You can request a copy of your personal data in a structured, commonly used, machine-readable format to transfer to another service provider.

9.6 Right to Object

You can object to processing of your personal data based on legitimate interests or for direct marketing purposes.

9.7 Right to Withdraw Consent

Where we process your data based on consent, you can withdraw your consent at any time. This will not affect the lawfulness of processing prior to withdrawal.

9.8 Right to Lodge a Complaint

You have the right to lodge a complaint with your local data protection authority if you believe we have violated your data protection rights.

To exercise your rights, please contact us at: service.bodytrack@gmail.com

10. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to provide and improve our services:

10.1 Essential Cookies

Required for authentication, security, and core functionality. These cannot be disabled as they are essential for the service to function.

• Session authentication tokens
• Security and fraud prevention
• Load balancing and performance optimization

10.2 Functional Cookies

Remember your preferences and settings to enhance your experience.

• Language preferences
• User interface customizations
• Recently viewed content

10.3 Analytics Cookies (with consent)

Help us understand how you use our platform to improve the service.

• Usage statistics and metrics
• Feature engagement tracking
• Error and performance monitoring

You can manage cookie preferences through your browser settings. However, disabling essential cookies may limit your ability to use certain features of the platform.

11. Children's Privacy

Our services are not intended for individuals under the age of 16. We do not knowingly collect personal data from children under 16. If you are a parent or guardian and believe your child has provided us with personal data, please contact us immediately, and we will delete such information.

12. Marketing Communications

We may send you marketing emails about new features, promotions, and updates if you have opted in to receive such communications.

You can opt out of marketing emails at any time by:

• Clicking the "unsubscribe" link in any marketing email
• Updating your communication preferences in your account settings
• Contacting us directly at service.bodytrack@gmail.com

Please note that you cannot opt out of transactional emails necessary for the operation of the service (e.g., account verification, payment confirmations, security alerts).

13. Third-Party Links

Our services may contain links to third-party websites or services. We are not responsible for the privacy practices or content of these third-party sites. We encourage you to review the privacy policies of any third-party sites you visit.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes by:

• Posting the updated policy on our website with a new "Last Updated" date
• Sending you an email notification (for significant changes)
• Displaying a prominent notice within the platform

Your continued use of the services after such notification constitutes your acceptance of the updated Privacy Policy. We encourage you to review this policy periodically.

15. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

• Right to know what personal information is collected and how it is used
• Right to delete personal information held by us
• Right to opt-out of the sale of personal information (we do not sell personal information)
• Right to non-discrimination for exercising your CCPA rights

To exercise these rights, please contact us at service.bodytrack@gmail.com with "CCPA Request" in the subject line.

16. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

For data protection inquiries specific to GDPR, please use: service.bodytrack@gmail.com

17. Consent

By using our services, you acknowledge that you have read and understood this Privacy Policy and consent to the collection, use, and disclosure of your personal data as described herein.

For certain types of processing (e.g., marketing communications, Google Calendar integration), we will obtain your explicit consent through opt-in mechanisms within the platform.