Privacy Policy
Effective Date: March 4, 2026
Boolean Bliss LLC ("we," "us," or "our") operates the Body First mobile application (the "App") and the Body First website at bodyfirst.app (the "Website," collectively the "Services"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Services.
By using our Services, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use our Services.
1. Information We Collect
Information You Provide Directly
- Onboarding Data: When you set up your profile in the App, you may provide health and wellness goals, medication interests (e.g., which GLP-1 medications you are researching), and personal concerns (e.g., cost, side effects, needles, doctor conversations, qualification, effectiveness, judgment, commitment).
- Contact Information: If you submit a contact form or subscribe to our newsletter on the Website, you may provide your name and email address.
- Account Information: Email address and display name used to create and manage your account.
Information Collected Automatically
- Device Information: Device type, operating system, unique device identifiers, and mobile network information.
- Usage Data: Features accessed, screens viewed, session duration, and in-app interactions.
- Coarse Location: Approximate, city-level location to provide regionally relevant content. We do not collect precise GPS-level location.
- Log Data: IP address, browser type (for the Website), access times, and referring URLs.
- Purchase Information: Subscription status, transaction identifiers, and billing periods are processed through our subscription management provider. We do not directly collect or store your payment card details.
2. How We Use Your Information
We use the information we collect for the following purposes:
- Provide and personalize the Services: Deliver content relevant to your medication interests and wellness goals.
- Process subscriptions: Manage your subscription status and provide access to premium features.
- Communicate with you: Respond to inquiries, send service-related notices, and deliver newsletter content you have requested.
- Improve our Services: Analyze usage patterns to improve app functionality, content quality, and user experience.
- Ensure security: Detect and prevent fraud, abuse, and technical issues.
- Comply with legal obligations: Meet applicable legal requirements and respond to lawful requests.
We do not use your health-related onboarding data for advertising, third-party data mining, or any purpose unrelated to providing the Services.
3. Third-Party Service Providers
We use the following third-party service providers to operate our Services. Each provider processes data only as necessary to perform their function and is contractually required to protect your information:
- Supabase: Cloud database and backend infrastructure. Stores account data, onboarding preferences, and website lead submissions. Supabase maintains SOC 2 Type II compliance and encrypts data at rest and in transit.
- RevenueCat: Subscription management and in-app purchase processing. Receives transaction identifiers and subscription status from Apple App Store and Google Play Store. RevenueCat does not receive your health data or onboarding preferences.
- Analytics Tools: We may use anonymized analytics services to understand how users interact with the App and Website. These services collect aggregated, non-personally-identifiable usage data.
4. Data Sharing and Disclosure
- We do not sell your personal information to third parties.
- We do not share your health-related data with advertisers, data brokers, or any third parties for their own marketing purposes.
- We do not send personal data to third-party AI systems for processing. If this changes in the future, we will update this policy and obtain your explicit consent before any such sharing occurs.
- Service Providers: We share data with the service providers listed in Section 3 solely to operate and improve the Services.
- Legal Requirements: We may disclose information if required by law, regulation, legal process, or governmental request.
- Business Transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change.
5. Data Retention and Deletion
We retain your personal data for as long as your account is active or as needed to provide the Services. If you delete your account, we will permanently delete your personal data within 30 days, except where retention is required by law (e.g., transaction records for tax compliance).
Account Deletion: You can delete your account at any time through the App settings. Account deletion is permanent and cannot be reversed. All associated personal data — including onboarding preferences, usage history, and contact information — will be permanently removed from our systems.
You may also request account deletion by contacting us at abhinay@recreateapp.com. We will process deletion requests within 30 days.
6. Your Rights
Depending on your location, you may have the following rights regarding your personal data:
- Access: Request a copy of the personal data we hold about you.
- Correction: Request that we correct inaccurate or incomplete data.
- Deletion: Request that we delete your personal data (see Section 5).
- Data Portability: Request a machine-readable copy of your data.
- Withdraw Consent: Where processing is based on consent, you may withdraw it at any time.
- Opt-Out of Communications: Unsubscribe from marketing emails at any time using the link in each email.
To exercise any of these rights, contact us at abhinay@recreateapp.com. We will respond within 30 days (or sooner where required by applicable law).
7. California Residents (CCPA/CPRA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):
- Right to Know: You may request details about the categories and specific pieces of personal information we have collected, the sources of collection, the purposes for collection, and the categories of third parties with whom we share it.
- Right to Delete: You may request deletion of your personal information, subject to certain exceptions.
- Right to Opt-Out of Sale/Sharing: We do not sell or share your personal information for cross-context behavioral advertising. No opt-out action is required.
- Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA/CPRA rights.
To submit a CCPA/CPRA request, contact us at abhinay@recreateapp.com.
8. European Economic Area and United Kingdom Residents (GDPR)
If you are located in the EEA or UK, the following applies:
- Legal Basis for Processing: We process your data based on: (a) your consent (onboarding preferences, newsletter), (b) contractual necessity (providing the Services you requested), and (c) legitimate interests (analytics, security, service improvement).
- International Data Transfers: Your data may be transferred to and processed in the United States. We ensure appropriate safeguards are in place, including standard contractual clauses where required.
- Supervisory Authority: You have the right to lodge a complaint with your local data protection authority if you believe your data has been processed unlawfully.
- Additional Rights: In addition to the rights in Section 6, you may have the right to restrict processing and to object to processing based on legitimate interests.
9. Children's Privacy
Our Services are intended for adults aged 18 and older. We do not knowingly collect personal information from children under the age of 13. If we become aware that we have collected personal information from a child under 13, we will take immediate steps to delete that information from our servers.
If you are a parent or guardian and believe your child has provided us with personal information, please contact us at abhinay@recreateapp.com so we can take appropriate action.
10. Data Security
We implement appropriate technical and organizational measures to protect your personal data, including:
- All data transmitted between your device and our servers is encrypted using TLS (Transport Layer Security).
- Data at rest is encrypted using industry-standard AES-256 encryption.
- Our database provider (Supabase) maintains SOC 2 Type II compliance.
- Access to personal data is restricted to authorized personnel on a need-to-know basis.
While we strive to protect your information, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.
11. App Tracking and Advertising
Body First does not engage in cross-app tracking. We do not use your data to track you across other companies' apps or websites for advertising purposes. We do not display third-party advertisements in the App or on the Website.
Our analytics are limited to aggregated, anonymized usage data within our own Services. Apple's App Tracking Transparency (ATT) permission is not required for our current data practices.
12. Apple App Store Privacy Labels
The following table reflects the data collection declarations we make in Apple App Store Connect. These labels describe what data the Body First app collects, whether it is linked to your identity, and whether it is used for tracking.
| Category | Data Type | Collected | Linked to You | Used for Tracking | Purpose |
|---|---|---|---|---|---|
| Contact Info | Name | Yes | Yes | No | App functionality |
| Email Address | Yes | Yes | No | App functionality | |
| Health & Fitness | Health | Yes | Yes | No | App functionality (onboarding personalization) |
| Location | Coarse Location | Yes | No | No | App functionality (regional content) |
| Identifiers | Device ID | Yes | No | No | Analytics |
| Usage Data | Product Interaction | Yes | No | No | Analytics, app functionality |
| Purchases | Purchase History | Yes | Yes | No | App functionality (subscription management) |
| Diagnostics | Performance Data | Yes | No | No | App functionality |
Data not collected: Precise location, financial information (payment card details), sensitive information, contacts, photos, audio, video, browsing history, search history, or any other data types not listed above.
No data is used for tracking. We do not track you across apps or websites owned by other companies for the purposes of advertising or advertising measurement.
13. Medical Disclaimer
Body First provides educational and informational content only. We are not a medical device and do not provide medical advice, diagnosis, or treatment. We do not collect, store, or process clinical health records or protected health information (PHI) as defined under HIPAA.
The onboarding data we collect (health goals, medication interests, concerns) is used solely to personalize your educational content experience. This data does not constitute a medical record and is not shared with healthcare providers.
Always consult your physician or other qualified healthcare provider with any questions about a medical condition or medication.
14. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. When we make material changes, we will notify you by posting the updated policy on this page with a new effective date and, where appropriate, through an in-app notification or email.
Your continued use of the Services after any changes indicates your acceptance of the updated policy. We encourage you to review this page periodically.
15. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
- Boolean Bliss LLC
- Email: abhinay@recreateapp.com
- Website: bodyfirst.app/get-started