Privacy Policy - Body Mode

1. Who We Are

Body Mode is an AI-powered health and wellness planning application developed and operated by Viperdam ("we", "us", or "our"). For the purposes of the General Data Protection Regulation (GDPR), Viperdam acts as the Data Controller for personal data collected through the Body Mode mobile application.

Company: Viperdam
App Package: com.viperdam.bodymodeplanner
Contact: viperotterdam@gmail.com
Website: bodymode.netlify.app
Jurisdiction: Netherlands

2. Data We Collect

We collect the following categories of data when you use Body Mode:

2.1 Personal Profile Data

Name, email address, and date of birth (for age verification and account management)
Gender, height, weight, and body measurements (for plan personalization)
Dietary preferences, food restrictions, and fitness goals
Medical conditions you voluntarily disclose (e.g., diabetes, hypertension — used only to adapt your plan)

2.2 Health & Fitness Metrics

Heart rate, HRV (heart rate variability), SpO₂, and resting heart rate — for recovery scoring and plan intensity calibration
Sleep data — duration, quality, sleep/wake times — for next-day energy and activity planning
Body weight and body fat percentage — for calorie and composition tracking
Step count, distance, and active calories — for daily activity accounting
Exercise sessions and workout types — to avoid duplicate scheduling
Basal metabolic rate (BMR) and VO₂ max — for calorie and fitness level calculations
Respiratory rate and body temperature — for recovery and state detection
Blood glucose — for meal timing and metabolic recommendations
Menstruation cycle data — for cycle-aware plan adaptation
Hydration logs — for daily water intake tracking
Nutrition logs — food items, calories, macronutrients, and micronutrients

2.3 Food & Meal Data

Meal photos and videos you take for AI food analysis
Voice recordings of food descriptions for voice-based food logging
Manually entered food items and portion sizes
Fridge/pantry scan images used to generate recipes
Shopping list items generated or manually entered

2.4 Location Data

Precise GPS coordinates (foreground and background — see Section 5)
Approximate location (coarse) for general context
Detected environment type (home, work, gym, outdoors, transit)

2.5 Device & Technical Data

Device model, OS version, and app version
Crash logs and diagnostic data
Performance metrics (screen load times, API response times)
Firebase installation ID and advertising ID (Google Advertising ID)
Time zone, language, and regional settings

2.6 Usage & Interaction Data

In-app feature usage (which screens you visit, which features you use)
AI coach conversation history (stored locally on your device)
Plan items you complete, skip, or modify

2.7 Subscription & Purchase Data

Subscription status (active, expired, free tier)
Purchase history via Google Play Billing (handled by Google — we only receive subscription status confirmation, not full payment details)

3. How We Use Your Data

Purpose	Data Used	Legal Basis (GDPR)
Generate your personalized daily wellness plan	Health metrics, sleep, activity, profile, location, food history	Consent (Art. 6(1)(a), Art. 9(2)(a))
AI food recognition and nutrition analysis	Food photos, videos, voice recordings	Consent (Art. 6(1)(a))
Automatic sleep detection	Location (background), motion, device charging state, time	Consent (Art. 6(1)(a))
Floating overlay reminders	Scheduled plan items, time of day	Consent (Art. 6(1)(a))
AI Coach — contextual health guidance	Health history, plan history, user profile	Consent (Art. 6(1)(a))
Body scan & progress analysis	Body photos you submit, body metrics	Consent (Art. 6(1)(a))
Crash reporting & bug fixing	Crash logs, device info, error traces	Legitimate interest (Art. 6(1)(f))
App performance monitoring	Screen load times, API latencies	Legitimate interest (Art. 6(1)(f))
Displaying personalized advertisements	Advertising ID, general usage patterns	Consent (Art. 6(1)(a))
Account management & authentication	Email, Firebase UID	Contract performance (Art. 6(1)(b))
Subscription management	Purchase history (via Google Play Billing)	Contract performance (Art. 6(1)(b))

4. Google Health Connect

Google Health Connect Policy Disclosure Body Mode integrates with Google Health Connect to read health data from your device's health data repository. This section describes exactly what we access, why, and how we protect it.

4.1 Why We Use Health Connect

Health Connect allows Body Mode to read health data from other fitness apps on your device (such as Samsung Health, Fitbit, Garmin, etc.) in a unified, privacy-respecting way, without requiring you to grant access to each app individually. This data powers our core feature: a fully automated, AI-generated daily wellness plan that adapts to your real-time biological state.

4.2 Health Connect Data Types We Access

Data Type	Why We Read It	Sent to Gemini AI?
Heart Rate	Calculate physical recovery score; adjust workout intensity in your plan	Yes
HRV (Heart Rate Variability)	Estimate stress and neural load; prevent high-intensity activities on low-recovery days	Yes
SpO₂ (Blood Oxygen)	Detect fatigue or altitude-related performance drops	Yes
Resting Heart Rate	Long-term cardiovascular fitness tracking	Yes
Sleep (duration, quality, stages)	Core plan input: sleep quality drives next-day energy targets and activity level	Yes
Body Weight & Body Fat %	Calorie target calculation and body composition tracking	Yes
Steps & Distance	Activity accounting to avoid over-exercising in the plan	Yes
Active Calories Burned	Energy balance calculation for nutrition planning	Yes
Exercise Sessions	Avoid duplicate workout scheduling; recognise completed workouts	Yes
Nutrition / Food (if available)	Cross-reference logged intake against plan targets	Yes
Menstruation / Cycle Data	Cycle-aware plan adaptation (reduce intensity during certain phases)	Yes
Hydration	Water intake tracking against daily hydration goal	Yes
BMR (Basal Metabolic Rate)	Precise calorie deficit/surplus calculation	Yes
VO₂ Max	Fitness level classification for workout intensity calibration	Yes
Respiratory Rate	Recovery metric for plan adaptation	Yes
Blood Glucose	Metabolic context for meal timing recommendations	Yes
Body Temperature	Illness/hormonal detection for plan adaptation	Yes

4.3 Health Connect Data Restrictions

In compliance with Google's Health Connect Developer Policy, we confirm that:

We only use Health Connect data for the user-facing wellness planning features described above
We do not use Health Connect data for advertising targeting
We do not sell or transfer Health Connect data to data brokers
We do not use Health Connect data for credit scoring, insurance, employment, or similar purposes
Health Connect data sent to the Gemini API is used solely to generate your personalized plan and is governed by Google's Gemini API Terms and Privacy Policy
We request the Health Connect data types used by the wellness, nutrition, hydration, activity, sleep, recovery, and body-metric features the user enables
You can revoke Health Connect access at any time from Android Settings → Apps → Health Connect → App Permissions

4.4 Writing to Health Connect

Body Mode also writes the following data types back to Health Connect, so other health apps can access your Body Mode-logged data:

Food/nutrition entries you log through the app
Hydration entries you log through the app
Exercise sessions you log or that Body Mode detects
Sleep sessions detected by Body Mode's automatic sleep detection
Body weight entries you log through the app
Step entries you log through the app

5. Location Data & Background Access

Important — Background Location Disclosure Body Mode collects location data even when the app is closed or not in use. This section explains exactly why and how you can control it.

5.1 Why Body Mode Uses Background Location

Background location is a core part of Body Mode's context-aware AI planning system. Specifically, we use background location to:

Automatic sleep detection: Monitor your return to known home locations at night to detect sleep onset without requiring you to tap anything. This happens exactly when your phone is pocketed and the screen is off, making background access essential.
Environment awareness: Detect whether you are at home, at work, at a gym, or outdoors. This prevents the system from scheduling an outdoor jog when you are currently driving, or adapts your plan when you are traveling.
Real-time plan adaptation: When your location context changes unexpectedly (e.g., you arrive at the gym ahead of schedule), your plan can update proactively.

5.2 How We Protect Your Location Data

Location data is processed on-device wherever possible
Only summarised context (e.g., "at home", "outdoors") — not raw GPS coordinates — is typically sent to the Gemini API
When you enable weather-aware or place-aware features, raw GPS coordinates may be sent over HTTPS to Open-Meteo for weather lookup and to BigDataCloud for reverse geocoding so the app can show local weather and location names
Location history is stored locally on your device and is not transmitted to our servers
We never share precise GPS coordinates with advertising networks

5.3 Controlling Location Access

You can change location permissions at any time:

Android: Settings → Apps → Body Mode → Permissions → Location → Choose "Only while using" or "Deny"
If you deny background location, sleep auto-detection and context-aware planning will fall back to manual input mode

6. Camera, Photos, Videos & Voice

6.1 Camera, Photos & Videos

When you use AI food recognition, body scan, shopping scan, or fridge scanning features, you may take a photo or video within the app or choose one from your gallery. Body Mode shows an in-app disclosure before opening the system gallery picker. Media files are:

Accessed only when you actively capture or select a specific photo or video
Sent over an encrypted HTTPS connection to the Google Gemini File API for AI analysis
Used only to generate your nutrition results or body analysis report
Not stored permanently on our servers after the Gemini File API processes them (Gemini File API retains uploaded files for up to 48 hours by default before deletion)
Not scanned from your library in the background
Never used for advertising, facial recognition, or identity matching

6.2 Voice & Audio

Body Mode offers a voice-based food logging feature. When you use it:

Your voice recording is sent to the Google Gemini API for transcription and food identification
The audio is processed in real-time and is not stored on our servers after analysis
You control the microphone permission — you can deny it and use text input instead

7. Device Permissions You Grant Us

Body Mode requests the following Android permissions. All optional permissions can be denied without preventing core app functionality (though some features will be limited).

Permission	Why We Need It	Required?
Camera	Take food photos/videos for AI nutrition analysis; body scan; fridge scan	Optional
Microphone	Voice-based food logging	Optional
Selected Photos/Videos / Legacy External Storage	Open the system picker so you can select photos or videos for food, fridge, shopping, meal, or body progress analysis. Legacy storage permissions are used only on older Android versions.	Optional
Location (Foreground — Precise)	Detect current environment (gym, home, outdoors) to adapt your plan	Optional
Location (Background — "Allow all the time")	Automatic sleep detection; proactive plan adaptation when location context changes	Optional
Activity Recognition	Detect physical activity type (walking, running, cycling) automatically	Optional
Motion / Activity Sensors	Detect stillness, movement, and activity context for automatic sleep detection and wellness planning	Optional
Post Notifications	Send reminders for meals, hydration, and scheduled plan items	Optional
Health Connect	Read and write selected health, fitness, nutrition, hydration, sleep, weight, body composition, activity, distance, calorie, and heart-rate data (see Section 4)	Optional
Calendar	Read event times and, if you allow full schedule context, event titles and locations so plans can avoid meetings, travel, and focus windows. Calendar write access is reserved for user-approved calendar-linked planning workflows.	Optional
Draw Over Other Apps (SYSTEM_ALERT_WINDOW)	Display floating overlay reminders at scheduled times, even when you're using another app. Overlay access is optional and is not used to collect data from other apps.	Optional
Schedule Exact Alarms	Ensure user-enabled meal, hydration, workout, sleep, wrap-up, overlay, and plan notifications fire at the scheduled time	Optional
Battery Optimization Exemption	Improve reliability for user-enabled reminders, overlays, and automatic sleep detection when the app is closed or not in active use	Optional
Foreground Service	Keep sleep detection active in the background during the night detection window	Required for sleep detection feature
Internet	Connect to Gemini AI for plan generation and food analysis	Required for AI features
Vibrate	Haptic feedback on reminders and interactions	Optional

You can revoke any permission at any time through: Android Settings → Apps → Body Mode → Permissions

8. Third-Party Services & Data Sharing

We never sell your personal health data. Data is only shared with the third-party services listed below, solely to deliver the app's features.

8.1 Google Gemini API (AI Processing)

Body Mode uses the Google Gemini API (operated by Google LLC) as its core AI engine. When you use any AI feature (plan generation, food analysis, AI coach, body scan, shopping list), the following data is sent to Gemini:

Your health metrics (from Health Connect or manually entered): heart rate, sleep, weight, HRV, SpO₂, steps, calories, etc.
Your profile data: age, gender, height, weight, goals, dietary preferences
Food photos, videos, and/or voice recordings (for food analysis features)
Approximate location context (e.g., "at gym", "outdoors") for plan adaptation
Conversation history from the AI coach session (for contextual responses)

This data is sent solely to generate your personalized results. Gemini processes it according to Google's Gemini API Terms and Google's Privacy Policy. By default, Google does not use your data sent via the API to train Gemini models.

Model used: gemini-flash-latest (primary), gemini-3-flash-preview (fallback)

8.2 Firebase (Google LLC)

We use the following Firebase services:

Firebase Authentication: Manages your account login using your email address and a Firebase user ID
Firebase Firestore: Optionally stores your plan history, profile, and progress data in the cloud for cross-device sync
Firebase Analytics: Anonymized usage analytics to understand how features are used
Firebase Performance Monitoring: App load time and API latency measurements
Firebase Crashlytics: Crash reports and error traces to help us fix bugs

Firebase is governed by Google's Firebase Privacy Policy.

8.3 Sentry (Functional Software, Inc.)

We use Sentry for real-time error monitoring and crash reporting. When the app crashes or encounters an error, Sentry receives:

Error message and stack trace
Device OS version and app version
An anonymized device identifier

Sentry does not receive your health data, photos, or location. Governed by Sentry's Privacy Policy.

8.4 Google AdMob (Advertising)

The free tier of Body Mode displays ads served by Google AdMob. AdMob may collect and use:

Your Google Advertising ID (GAID) for ad personalization
General usage context (not health-specific data)
Device information for ad targeting

You can opt out of personalized ads in Android Settings → Google → Ads → "Opt out of Ads Personalization". Governed by Google's Ads Privacy Policy. Health data is never shared with AdMob.

8.5 Google Play Billing

Subscription payments are processed exclusively by Google Play Billing. We receive only a confirmation of your subscription status. Your full payment details (card number, etc.) are handled by Google and are never visible to us. Governed by Google's Payments Privacy Notice.

8.6 Netlify

Our web application and backend serverless functions are hosted on Netlify. Netlify may process server logs and request metadata in accordance with their Privacy Policy. No health data is stored on Netlify servers.

8.7 Weather & Geocoding Providers

When location-based features are enabled, Body Mode sends raw GPS coordinates over HTTPS to the following processors solely to return weather and place context inside the app:

Open-Meteo — current weather lookup for weather-aware planning
BigDataCloud — reverse geocoding for city/locality names

These providers do not receive your health data from Body Mode for this feature.

8.8 No Other Third-Party Sharing

We do not share your personal data with:

Data brokers or data aggregators
Insurance companies, employers, or financial institutions
Research organizations (without your explicit, separate consent)
Any third parties for marketing on their behalf

9. Data Storage, Retention & Security

9.1 Where Your Data Lives

Data Type	Storage Location	Shared with AI?
Daily plan, food logs, activity history	Local device + optional Firestore	Yes (for plan gen)
User profile & goals	Local device + optional Firestore	Yes (for plan gen)
Food photos / body scan photos	Not stored after analysis	Yes (transient)
Voice recordings	Not stored after analysis	Yes (transient)
AI Coach conversation	Local device only	Yes (session only)
Crash reports	Sentry servers (90 days)	No
Analytics events	Firebase (anonymized, 14 months)	No
Location data	Local device + transient weather/geocoding requests	Context only

9.2 Retention Periods

Profile & health data: Retained until you delete your account or clear app data
Food photos / videos: Not retained beyond the immediate AI processing session (deleted within minutes)
Voice recordings: Not retained beyond the immediate processing session
Crash logs (Sentry): 90 days, then automatically deleted
Firebase Analytics: 14 months (Google's default retention period)
Firestore cloud data: Until you delete your account or request deletion

9.3 Security Measures

All data transmitted over the internet uses TLS 1.2+ encryption (HTTPS)
Local device storage uses Android's built-in encrypted storage (AsyncStorage with Expo SecureStore for sensitive values)
API keys are stored server-side in Netlify environment variables — never exposed in the app bundle
Firebase Security Rules restrict Firestore access to authenticated users only
We undergo regular dependency audits to address security vulnerabilities

10. Advertising

The free tier of Body Mode is supported by advertising served via Google AdMob. Premium subscribers (Body Mode Pro) do not see advertisements.

Ads are not targeted using your health data or Health Connect data
AdMob may use your device's advertising ID and general usage signals for ad personalization
You can opt out of personalized ads at any time without losing access to the app
In regions where consent is required (e.g., EU under GDPR), we display an ad consent dialog before showing personalized ads

11. Children's Privacy

Body Mode is designed for users aged 16 and older. We do not knowingly collect personal data from children under 16 (or under 13 in jurisdictions where GDPR's children's provision does not apply, such as certain US states). If a parent or guardian believes we have inadvertently collected data from a child under the applicable age, please contact us at viperotterdam@gmail.com and we will delete the data promptly.

12. Your Rights (GDPR & Global)

As a user, and particularly under the GDPR (applicable because Body Mode operates under Netherlands law), you have the following rights regarding your personal data:

Right	What It Means	How to Exercise It
Right of Access (Art. 15)	Receive a copy of all personal data we hold about you	Email viperotterdam@gmail.com
Right to Rectification (Art. 16)	Correct inaccurate data in your profile	Edit directly in the app (Profile screen)
Right to Erasure (Art. 17)	Delete all your data and account permanently	In-app: Settings → Account → Delete Account; or email us
Right to Data Portability (Art. 20)	Receive your data in a machine-readable format (JSON/CSV)	Email viperotterdam@gmail.com — we respond within 30 days
Right to Restrict Processing (Art. 18)	Temporarily stop us processing your data while a dispute is resolved	Email viperotterdam@gmail.com
Right to Object (Art. 21)	Object to processing based on legitimate interests (e.g., analytics)	Email viperotterdam@gmail.com
Right to Withdraw Consent	Withdraw consent for any feature at any time without penalty	App Settings → Privacy Controls; or device permission settings
Right to Lodge a Complaint	Complain to the Dutch data protection authority (AP)	autoriteitpersoonsgegevens.nl

We respond to all verified requests within 30 days. Complex requests may take up to 90 days (we will notify you).

13. Account & Data Deletion

You have the right to delete your Body Mode account and all associated data at any time. Deletion is permanent and cannot be undone.

13.1 How to Delete Your Account

Open Body Mode → go to Settings
Tap Account → Delete Account
Confirm deletion

Alternatively, email viperotterdam@gmail.com with subject "Account Deletion Request". We will process your request within 30 days.

You can also submit a deletion request at: bodymode.netlify.app/delete-data

13.2 What Deletion Removes

Your Firebase account and authentication credentials
All Firestore cloud data (plan history, profile, logs)
All local app data when you uninstall the app
Crash logs older than 90 days are already deleted automatically; newer logs are anonymized
Firebase Analytics data cannot be retroactively deleted from aggregated analytics (it is anonymized and cannot be linked back to you after account deletion)

13.3 Health Connect Data

Deleting your Body Mode account does not delete data already written to Health Connect (e.g., sleep sessions, food logs). To remove that data, open Android's Health Connect app → Browse Data → find "Body Mode" entries → delete them individually or clear all Body Mode data.

14. Medical Disclaimer

Not Medical Advice Body Mode provides general health and wellness tracking tools and AI-generated recommendations. It is not a medical device and does not provide medical advice, diagnosis, or treatment. The information provided by Body Mode is for general wellness and informational purposes only.

Always consult a qualified healthcare professional before making significant changes to your diet, exercise routine, or health management, especially if you have a pre-existing medical condition. In case of a medical emergency, contact emergency services immediately.

15. International Data Transfers

Body Mode is operated from the Netherlands (European Union). When data is sent to third-party services such as Google Gemini API, Firebase, Sentry, or Netlify, it may be transferred to and processed in the United States or other countries outside the EU/EEA.

We rely on the following safeguards for such transfers:

Google LLC participates in the EU-U.S. Data Privacy Framework and uses Standard Contractual Clauses (SCCs) for GDPR-compliant transfers
Sentry (Functional Software, Inc.) uses Standard Contractual Clauses for EU-U.S. transfers
Netlify uses Standard Contractual Clauses for EU-U.S. transfers

16. Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices, new features, or legal requirements. When we make material changes:

We update the "Last Updated" date at the top of this page
We notify you through an in-app notification for significant changes
For changes that affect how we process health data, we will request fresh consent where required by law

Continued use of Body Mode after the effective date of a revised policy constitutes acceptance of those changes.

17. Contact Us

For privacy questions, data requests, or complaints:

Email: viperotterdam@gmail.com
Data Deletion: viperotterdam@gmail.com, in-app Settings → Delete Account, or bodymode.netlify.app/delete-data
Website: bodymode.netlify.app
Dutch Data Protection Authority (AP): autoriteitpersoonsgegevens.nl

We commit to responding to all privacy enquiries within 30 days.