This Privacy Policy explains how BodyM collects, uses, discloses, and protects information when you use our websites, mobile applications, tracking tools, community features, AI features, supplement shop, subscriptions, and related services.

By using BodyM, you acknowledge this Privacy Policy. If you do not agree, do not use BodyM.

The information we collect depends on how you use BodyM. It may include information you provide directly, information created through your use of the service, and information from integrations you choose to connect.

• Account information: name, username, email, authentication identifiers, profile settings, membership tier, support messages, and account preferences.
• GLP-1 journey data: medication name, dose label, injection date and time, injection site, side effects, symptoms, severity, weight, height, BMI, goals, meals, supplements, photos, notes, and progress history.
• Community content: posts, comments, likes, replies, reports, display name, avatar, tags, and profile context you choose to show.
• AI Copilot data: questions, conversation history, logs or context included in prompts, AI responses, and feedback about answers.
• Shop and subscription data: products viewed or selected, checkout metadata, billing status, shipping information, discount use, and purchase support requests. Payment card details are processed by payment providers and are not stored by BodyM.
• Device and usage data: IP address, app version, device type, browser, operating system, pages viewed, crashes, diagnostics, approximate location from IP, referring links, cookies, and similar technologies.
• Health integration data: if you connect Apple Health, Google Fit, Health Connect, or similar services, we collect only the categories you authorize and only for product features you enable.

BodyM may process information that could be considered sensitive health, wellness, biometric-adjacent, or consumer health data under some laws. We use this data to provide tracking, personalization, AI summaries, community context you request, reminders, and safety-oriented product experiences.

BodyM does not sell your identifiable health journey data. We do not use Apple Health or similar health integration data for advertising or sell it to data brokers.

Where required, we ask for consent before processing sensitive health or consumer health data, and you can request deletion or withdraw optional permissions through app settings or by contacting us.

• Provide and maintain accounts, authentication, tracking, community, AI, shop, subscriptions, reminders, and support.
• Generate charts, summaries, goal progress, timeline views, AI Copilot answers, clinician-ready exports, and user-requested reports.
• Personalize product experiences, including community filters, supplement pack recommendations, Pro prompts, and onboarding.
• Process checkout, subscriptions, refunds, shipping, fraud prevention, and billing support.
• Moderate community content, investigate abuse, enforce our Terms, and protect user safety.
• Improve reliability, debug crashes, analyze usage, prevent spam, and secure the service.
• Comply with legal obligations and respond to lawful requests.

When you use AI Copilot, we may send your question and relevant context to model infrastructure through our backend or service providers. We design this flow to avoid placing model provider keys in the mobile app.

Do not enter information you do not want processed by AI systems. AI output is educational support and should not be treated as medical advice. We may use safety filters, logging, or review workflows to detect abuse, improve reliability, and route serious risk language to appropriate disclaimers.

Community posts, comments, profile tags, avatars, and interaction counts may be visible to other users or the public depending on the product surface. Do not post information you want to keep private.

Even if you delete content, copies may remain in backups, moderation logs, user notifications, search indexes, or screenshots outside BodyM's control.

We share information only as needed to operate BodyM, fulfill your requests, comply with law, or protect users and the service.

• Service providers: hosting, database, authentication, analytics, crash reporting, support, email, notifications, AI routing, payment processing, shipping, and fulfillment.
• Payment and commerce partners: payment processors such as Stripe, app stores, tax providers, shipping carriers, and product fulfillment partners.
• Healthcare or telehealth partners: only if you choose to use a connected care service, share an export, or authorize a care-related workflow.
• Community users and public viewers: content and profile information you choose to post or make visible.
• Legal, safety, and compliance recipients: when required by law, legal process, fraud prevention, security, or to protect rights and safety.
• Business transfers: if BodyM is involved in a merger, acquisition, financing, reorganization, or sale of assets.

BodyM's general app, community, AI, and supplement shop are wellness and consumer services. Unless we separately state otherwise in a care partner workflow, BodyM is not a HIPAA covered entity or healthcare provider for general app use.

If you use a connected telehealth, clinician, pharmacy, or care team service, that provider may have its own HIPAA Notice of Privacy Practices and additional terms. Those notices govern that provider's handling of protected health information.

If you choose to connect health or device integrations, you control what categories are shared through your device settings. You can revoke access through the relevant platform settings.

BodyM uses health integration data only to provide user-facing tracking, summaries, and related features you request. We do not use this data for third-party advertising.

We may use cookies, local storage, SDKs, pixels, or similar technologies to keep you signed in, remember preferences, understand performance, measure product usage, prevent abuse, and improve the service.

Your browser or device may let you limit cookies or tracking. Some features may not work correctly if these technologies are disabled.

We keep information for as long as needed to provide BodyM, maintain your account, comply with legal obligations, resolve disputes, prevent abuse, support safety, and improve the service.

You may request deletion, but we may retain limited information where required or permitted by law, such as security logs, transaction records, tax records, legal records, backups, and anonymized or aggregated data.

• Access, update, or correct certain account and profile information in the app.
• Delete community content where product controls allow it, or contact us for help.
• Request access, correction, deletion, portability, or restriction of certain personal information where applicable law provides those rights.
• Use in-app account deletion controls where available, including app-store-required deletion paths.
• Withdraw consent for optional integrations such as Apple Health or Google Fit through device settings.
• Opt out of non-essential marketing communications by using unsubscribe links or contacting us.
• Delete your account from the app settings, or contact support@bodym.me if you need help.

Depending on where you live, you may have rights to know, access, correct, delete, obtain a copy of, or appeal decisions about your personal information. Some laws also provide rights related to sensitive or consumer health data.

BodyM does not sell identifiable consumer health data. If we introduce targeted advertising or data sharing that triggers opt-out rights, we will provide appropriate controls.

We may create aggregated or de-identified statistics to understand product quality, community trends, and content needs. We do not attempt to re-identify de-identified data except as permitted by law for security or validation.

We use administrative, technical, and organizational safeguards designed to protect information. No internet or mobile service is perfectly secure, and we cannot guarantee that information will never be accessed, disclosed, altered, or destroyed.

BodyM is not intended for children under 18. We do not knowingly collect personal information from children under 18. If you believe a child has provided information to BodyM, contact us so we can review and delete it as appropriate.

BodyM is operated for users in the United States unless otherwise stated. If you access BodyM from outside the United States, your information may be processed in the United States or other countries where our providers operate.

We may update this Privacy Policy as the product, law, or our data practices change. If changes are material, we will provide notice when required by law and update the date above.

For privacy requests, deletion requests, or questions, contact support@bodym.me.