Privacy Policy

1. Scope

This Policy explains how BODIQO collects, uses, stores, shares, protects, and retains personal data when you interact with our website, mobile app, client portal, WhatsApp or email channels, coaching services, corporate wellness programs, events and experiences, or other related services.

Where applicable, BODIQO acts as a data fiduciary or similar controller-level role under relevant law. This Policy does not govern third-party websites, apps, gateways, or partner services that operate under their own policies.

2. Who This Policy Covers

This Policy applies to clients, prospective clients, leads, corporate wellness participants, event or experience attendees, website visitors, app users, family members or guardians interacting for a participant, and business contacts engaging with BODIQO for service delivery, scheduling, support, or billing.

3. Categories of Data We May Collect

• Identity and contact details, such as name, phone number, email address, age, city, organisation, designation, and emergency-contact details where relevant.
• Program and profile information, such as goals, training history, preferences, habits, adherence responses, sleep details, lifestyle information, and scheduling preferences.
• Health and safety disclosures that you choose to provide, such as injuries, surgeries, medical conditions, pregnancy or post-partum information, allergies, limitations, medications, discomfort, and blood-work related inputs relevant to your program.
• Service-use information, such as workout logs, meal logs, check-ins, progress notes, attendance, session history, coach comments, support records, and renewal history.
• Media and progress content, such as photos, videos, transformation submissions, event images, recordings, and measurements you upload or provide.
• Payments and billing information, such as invoices, receipts, transaction status, payment confirmations, tax details, and limited payment metadata from payment processors. BODIQO does not store full card numbers, CVVs, or bank credentials.
• Device and usage data, such as IP address, browser type, device identifiers, app version, operating system, crash logs, diagnostics, and usage events.
• Cookies, pixels, and tracking data used on our website or landing pages.
• Data from integrations that you authorise, such as Google Fit, Apple Health / HealthKit, Google Calendar, messaging tools, or corporate coordinators.

Confidentiality Safeguard: Health and safety disclosures are collected solely for safe and effective service delivery, are treated with heightened confidentiality, and are not used for advertising or ad targeting.

4. How We Collect Data

We may collect data directly from you; automatically through your use of our digital properties; from your employer or corporate organiser for a corporate program; from a family member or authorised representative acting for you; from payment processors or scheduling tools; from coaches or team members recording service delivery; or from integrations that you choose to connect.

5. Why We Use Your Data

We may use your data to create and manage accounts; deliver coaching and nutrition services; schedule sessions, calls, workshops, and events; track adherence and progress; provide support; send invoices and receipts; manage renewals and collections; maintain internal records; improve operations and product quality; protect safety; investigate complaints; prevent fraud or misuse; comply with law; enforce our contracts; and communicate service updates, reminders, and selected promotional messages where permitted or consented to.

6. Consent and Legal Bases for Processing

We process personal data on the basis of consent where required, where you voluntarily provide data for a requested service, for the administration and performance of bookings or services, for compliance with law, for fraud prevention and safety, and on other grounds permitted by applicable law.

To the extent the Digital Personal Data Protection Act, 2023 (DPDP Act) and its rules apply to a particular processing activity, this Policy should be read accordingly and as updated from time to time.

You may withdraw consent for consent-based processing by contacting info@bodiqo.com. Withdrawal does not affect processing already carried out before withdrawal and may affect BODIQO’s ability to continue providing the relevant service. Upon valid withdrawal of consent, BODIQO will cease consent-based processing within a reasonable period and take reasonable steps to ensure relevant service providers do the same, except where continued processing is required or authorised by law.

7. Corporate Wellness Programs

If you participate in a corporate wellness program, your employer, organiser, or corporate coordinator may provide us with limited participant information such as your name, work email or phone number, batch allocation, department, attendance slot, or related logistics.

Unless the program setup states otherwise, BODIQO will ordinarily aim to provide attendance, utilisation, and wellness reporting to the corporate customer in aggregated or de-identified form. Participant-level information may be shared only where reasonably necessary for attendance management, scheduling, billing, service delivery, safety follow-up, misconduct handling, compliance, or where this has been specifically disclosed in the corporate program setup.

8. Events and Experiences

If you register for an event or experience, we may process registration details, attendance information, dietary or accessibility preferences, emergency information, payment records, event images, and communications needed to manage the event.

General ambience, group, or stage photography and video may be captured at events and experiences for operational, archival, and promotional purposes. If you object to targeted identifiable promotional use of your image, you should notify us in writing before or at the event. Incidental crowd or ambience capture may still occur.

9. Integrations and Health Data

If you enable integrations, we may receive the data that you authorise those integrations to share. This may include activity, workouts, steps, sleep, health metrics, calendar availability, booking details, or message content required for service delivery.

If you connect Apple Health / HealthKit or similar sources, the data shared through those integrations is used to support coaching, tracking, and related product features and is not used for advertising or ad targeting. You can disable integrations in your device or account settings, or by contacting us.

10. Sharing of Data

We may share your data with internal personnel on a need-to-know basis, including coaches, nutritionists, support, operations, finance, and management.

We may also share data with service providers that support hosting, databases, analytics, CRM, scheduling, communication, payments, customer support, security, and workflow automation. We expect such providers to process personal data only for authorised purposes and with appropriate safeguards.

Where reasonably necessary, we may share data with corporate customers or organisers as described above; venues, travel or logistics partners, or emergency contacts for events and experiences; and professional advisors, auditors, insurers, recovery partners, advocates, mediators, or arbitrators in connection with disputes, collections, safety incidents, claims, or compliance.

We may disclose data to regulators, courts, law-enforcement authorities, government bodies, purchasers, investors, or successor entities where required by law or reasonably necessary for business restructuring, rights protection, safety, or compliance.

BODIQO does not sell personal data as a business model.

11. Cookies, Pixels and Analytics

Our website and landing pages may use cookies, pixels, tags, and similar technologies for session management, analytics, conversion tracking, security, performance measurement, and marketing attribution.

Where required by applicable law, we may present a cookie notice or preference mechanism for non-essential cookies. You can also control cookie preferences through your browser or device settings, although disabling some cookies may affect functionality.

12. Data Retention

We retain personal data only for as long as reasonably necessary for service delivery, account administration, support, renewal management, collections, audit trails, safety review, dispute handling, legal compliance, and financial record-keeping.

As a general baseline, account and service records may be retained for up to 3 years from your last substantive interaction, but certain records may be retained longer where required for tax, litigation, arbitration, fraud prevention, contractual enforcement, insurance, backups, or other legal and operational reasons.

Health and safety data may be retained for the duration of your active program and for up to 3 years thereafter for safety review, dispute handling, and insurance purposes, unless a longer period is required by law.

13. Erasure, Correction and Data Management Requests

Subject to applicable law, you may request access, correction, updating, withdrawal of consent, or erasure of personal data by contacting info@bodiqo.com.

Where BODIQO accepts a valid correction or erasure request and is not required or entitled to retain the data, we will take reasonable steps to correct, erase, or de-identify the relevant personal data from active systems under our control within a reasonable period.

We may also use reasonable efforts to instruct relevant service providers to do the same where technically feasible and contractually appropriate. Some data may continue to exist in backups, system logs, archived records, audit trails, dispute files, or legally required records until ordinary deletion cycles or applicable retention periods expire.

14. Security

We use reasonable administrative, technical, and organisational safeguards to protect data, including access controls, role-based restrictions, secure infrastructure practices, and vendor-management measures.

No system is perfectly secure, and you remain responsible for protecting your device, OTPs, passwords, and access credentials, and for notifying us promptly if you believe there has been unauthorised access related to your account.

15. Data Breach Response

BODIQO maintains incident-response measures to identify, contain, investigate, and remediate suspected personal-data breaches. Where notification is required by applicable law, BODIQO will notify the relevant authority and affected individuals in the manner and within the timelines required by law.

16. Cross-Border Processing

Some vendors or technical systems used by BODIQO may process or store data outside India, depending on infrastructure, product configuration, and service provider location. Where cross-border processing occurs, BODIQO uses contractual, organisational, and operational safeguards that it considers appropriate to the relevant service and legal requirements. BODIQO will not transfer personal data to any country or territory that the Central Government of India has restricted by notification under applicable law.

17. Your Rights

Subject to applicable law, you may have rights to request information about personal data processed by BODIQO, seek correction or updating, request erasure, withdraw consent for consent-based processing, nominate another person where the law permits, and use our grievance process.

We may need to verify your identity, authority, and request scope before acting on a request. Requests are generally handled within a reasonable period and may take longer where the request is complex, technically involved, or requires coordination with service providers.

18. Marketing Communications

BODIQO may send service-related communications such as booking reminders, payment notices, support replies, program updates, and operational messages. We may also send marketing, educational, or promotional communications where permitted by law or based on your consent or prior interaction with us.

You may opt out of non-essential promotional messages using the unsubscribe or opt-out method provided, though essential service communications may still be sent.

19. Children and Minors

BODIQO does not knowingly allow minors to independently purchase services requiring direct contracting without parent or guardian involvement. Where a minor participates, the parent or lawful guardian must provide required consents, supervise the relationship, and ensure accurate health and safety information is supplied.

Where required by applicable law, BODIQO will obtain verifiable parent or guardian consent before processing a minor’s personal data and will not knowingly process such data in a manner prohibited by law, including in a manner likely to cause harm to the minor or involving behavioural monitoring or targeted advertising directed at minors.

20. Third-Party Services

Our services may connect with or rely on third-party tools such as payment gateways, messaging providers, calendar tools, fitness-data integrations, analytics platforms, hosting providers, or partner venues. These third parties may operate under separate terms or privacy policies, and BODIQO is not responsible for their independent practices outside the scope of our own processing.

21. Changes to This Policy

We may update this Policy from time to time to reflect business, product, operational, or legal changes. The latest version will be posted on our website, app, or portal with the updated effective date.

To the extent required by applicable law, BODIQO may also issue updated or supplementary notices for personal data processed prior to the commencement or applicability of relevant data protection legislation.

22. Complaints and Grievance Contact

For privacy requests, complaints, corrections, deletions, consent withdrawal, or other grievance-related issues, please contact:

Where applicable under law, you may also approach the relevant statutory authority or board if you are not satisfied with our response.