1. Who We Are

My Body Optimise ("we", "us", "our") is a personal tracking application operated by My Body Optimisation Ltd, a company registered in England and Wales (company number 17307712), with registered office at 2A Connaught Avenue, London, E4 7AA, United Kingdom. We are the data controller for the personal data processed through the My Body Optimise application.

If you have any questions about this Privacy Policy or how we handle your data, please contact us at: admin@mybodyoptimise.com

Special Category Data Notice: My Body Optimise processes health and body metrics data, which is classified as Special Category Data under Article 9 of the UK General Data Protection Regulation (UK GDPR). We only process this data with your explicit consent, which you give when you create an account and begin entering data.

2. What Data We Collect

We collect only the data you actively provide to us. We do not collect data passively in the background.

Data Type Examples Why We Collect It Apple / Google Category
Contact Information Email address Account registration, authentication, password reset Contact Info — Linked to You
Health & Fitness Data Weight, body fat %, custom body measurements Body metrics tracking and progress visualisation Health & Fitness — Linked to You
User Content Peptide records, dosing logs, injection history, protocol details, reconstitution notes Core app functionality — tracking and logging User Content — Linked to You
Account Data Account creation date, last login Account management and security Identifiers — Linked to You

Data Stored Only on Your Device

Some features use your device's hardware but keep the resulting data on your device — it is never uploaded to our servers or linked to your account:

Feature What It Accesses Where It Is Stored
Progress Photos Camera and photo library (only when you add a photo) Stored locally on your device only. Never uploaded, and deleted when you remove them or delete the app.
Apple Health Read-only access to sleep, steps, weight, resting heart rate and HRV (only if you connect it) Read on-device to calculate your Optimisation Score and trends. We do not store copies of your raw Apple Health records on our servers.
Face ID / biometric app lock Face ID / Touch ID (optional) Handled entirely by iOS. The app only receives a pass/fail result and never accesses your biometric data.
Dose reminders Local notifications Scheduled on your device from your protocols. No reminder data is sent to us.
Label scanning Camera (only when you scan a vial or pen label) Text is recognised on your device using on-device OCR. The label image is not uploaded.

Subscriptions and Payments

If you subscribe to Pro, your purchase is processed entirely by Apple (App Store). We never see or store your card or payment details. We use RevenueCat to tell us whether your subscription is active so we can unlock Pro features; this is limited to your subscription status and an anonymous identifier — not payment information.

AI Assistant (Optimise AI)

Optimise AI is an optional educational assistant. When you send it a message, that message and a short summary of your active protocols and adherence are sent to our AI provider, Anthropic (Claude), purely to generate an educational reply, which is returned to you. We send only that protocol summary — no email, no name, and no raw Apple Health records. Anthropic processes the request on our behalf under its commercial API terms and does not use it to train its models. If you never open the assistant, none of your data is sent to Anthropic.

What We Do Not Collect

3. Lawful Basis for Processing

Under UK GDPR we must have a lawful basis for processing your personal data. We rely on the following:

Data Lawful Basis UK GDPR Article
Email address (account) Contract performance — necessary to provide the service you have signed up for Article 6(1)(b)
Health & Fitness data, Dosing logs, Body metrics Explicit consent — you voluntarily enter this data and consent to its processing Article 6(1)(a) & Article 9(2)(a)
Account security logs Legitimate interests — protecting the security of user accounts Article 6(1)(f)

You may withdraw your consent for health data processing at any time by deleting your account. Withdrawal does not affect the lawfulness of processing before withdrawal.

4. How We Use Your Data

What We Do Not Do With Your Data

5. Data Sharing and Third Parties

We use a small number of trusted third-party service providers to operate My Body Optimise. These providers act as data processors on our behalf and are contractually bound to handle your data only as instructed by us and in accordance with UK GDPR.

Provider Purpose Data Shared
Supabase (database & hosting) Encrypted application hosting and data storage (UK / EU region) All user account and app data
Supabase Auth Secure login and password management Email address, hashed credentials
Apple (App Store) Processing subscription purchases and payments Your payment is handled by Apple; we never receive your card or payment details
RevenueCat Managing subscription entitlements (whether your Pro subscription is active) Subscription status and an anonymous app user ID — no payment details
Anthropic (Claude) Generating replies for the optional Optimise AI assistant (only when you use it) Your message and a short summary of your active protocols — no name, email or raw health records; not used for training

We do not share your data with any other third parties except where required by law (e.g. in response to a valid court order or request from a UK law enforcement authority).

International Data Transfers

Where your data is processed outside the United Kingdom, we ensure appropriate safeguards are in place as required by UK GDPR Chapter V, including reliance on UK adequacy regulations or standard contractual clauses.

6. Data Retention

We retain your personal data for as long as your account is active. If you delete your account, all personal data associated with your account will be permanently and irreversibly deleted from our systems within 30 days, except where:

7. Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, disclosure, alteration, or destruction. These include:

No transmission of data over the internet can be guaranteed to be completely secure. While we take all reasonable steps to protect your data, we cannot guarantee absolute security.

8. Your Rights Under UK GDPR

As a data subject under UK GDPR you have the following rights:

Right What It Means
Right of Access Request a copy of the personal data we hold about you (a Subject Access Request).
Right to Rectification Ask us to correct inaccurate or incomplete personal data.
Right to Erasure Ask us to delete your personal data ("right to be forgotten"). You can exercise this by deleting your account.
Right to Restrict Processing Ask us to limit how we use your data in certain circumstances.
Right to Data Portability Receive your personal data in a structured, commonly used, machine-readable format.
Right to Object Object to processing based on legitimate interests.
Right to Withdraw Consent Withdraw consent for health data processing at any time. This does not affect prior lawful processing.
Rights re: Automated Decisions My Body Optimise does not use automated decision-making or profiling that produces legal or similarly significant effects.

To exercise any of these rights, email us at admin@mybodyoptimise.com. We will respond within one calendar month as required by UK GDPR.

Right to Complain

If you are unhappy with how we handle your personal data, you have the right to lodge a complaint with the UK supervisory authority: the Information Commissioner's Office (ICO).

9. Cookies and Tracking Technologies

My Body Optimise uses only strictly necessary cookies required for the application to function — specifically, session and authentication cookies that allow you to stay logged in. These are not optional and do not require consent under the Privacy and Electronic Communications Regulations (PECR) and the Data Protection Act 2018.

We do not use advertising cookies, analytics cookies, or any third-party tracking technologies. We do not serve targeted advertisements.

10. Children's Privacy

My Body Optimise is strictly intended for users aged 18 and over. We do not knowingly collect personal data from anyone under the age of 18. If you believe a person under 18 has provided us with personal data, please contact us immediately at admin@mybodyoptimise.com and we will promptly delete the data.

My Body Optimise is rated 17+ on the Apple App Store and Mature 17+ on Google Play.

11. Apple App Store & Google Play Disclosures

Apple App Store — App Privacy Details

Google Play — Data Safety Section

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date at the top of this page and, where appropriate, notify you by email. Continued use of My Body Optimise following notice of changes constitutes acceptance of the updated policy.

13. Contact Us

For any privacy-related questions, Subject Access Requests, or to exercise your rights: