Privacy Policy
Texas Jurisdiction
QBod LLC is a Texas limited liability company. This Privacy Policy is governed by Texas law. By using our Services, you agree that disputes shall be resolved in Texas state or federal courts.
1. Introduction
QBod LLC ("QBod," "we," "us," or "our") is committed to protecting your privacy while providing personalized fitness and wellness services. This Privacy Policy explains how we collect, use, disclose, and protect your information when you use the QBod mobile application, website, and related services (collectively, the "Services").
BY USING THE SERVICES, YOU CONSENT TO THE COLLECTION, USE, AND DISCLOSURE OF YOUR INFORMATION AS DESCRIBED IN THIS PRIVACY POLICY.
This Privacy Policy operates in conjunction with the QBod Terms of Service, End User License Agreement (EULA), Medical Disclaimer, Security & Data Protection Policy, and AI Transparency Addendum. For technical security controls, see the Security & Data Protection Policy. For AI-specific data processing, see the AI Transparency Addendum.
1.1 Changes to Privacy Policy
QBod may update this Privacy Policy at any time by posting a revised version. Material changes will be communicated via in-app notification or email. Continued use of the Services after changes constitutes acceptance of the updated Privacy Policy.
Texas Data Breach Notification: In the event of a data breach affecting Texas residents, QBod will provide notification in accordance with the Texas Identity Theft Enforcement and Protection Act (Tex. Bus. & Com. Code § 521.053). Notification will be provided without unreasonable delay and will include the nature of the breach, types of information affected, and steps being taken to address the breach.
2. Information We Collect
Information You Provide
- Account Information: Name, email, age, height, weight, biological sex
- Fitness Data: Workout history, exercise preferences, fitness goals, equipment access
- Nutrition Data: Meal logs, dietary restrictions, calorie tracking
- Health Metrics: Data from imported sources (Apple Health, Fitbod, MyFitnessPal), screenshot data from health apps
- Communications: Messages with our AI coach, feedback, support requests
Automatically Collected Information
- Usage Data: App features used, session duration, interaction patterns
- Device Information: Device type, operating system, app version
3. How We Use Your Information
We use your information to:
- Provide personalized fitness and nutrition coaching through our AI system
- Generate customized workout and meal plans
- Track your progress toward fitness goals
- Improve our AI coaching algorithms
- Send you important updates about your account
- Respond to your requests and support needs
4. Data Storage and Security
- All data is encrypted in transit and at rest
- We use industry-standard security measures including TLS/SSL encryption
- Data is stored on secure cloud servers (AWS and Supabase)
- We regularly review and update our security practices
QBod implements reasonable administrative, technical, and physical safeguards to protect your personal information from unauthorized access, use, or disclosure. In the event of a security incident, we will take reasonable steps to investigate and remediate the issue in accordance with applicable law, including compliance with Texas Business & Commerce Code Chapter 521 regarding the security of sensitive personal information.
5. Third-Party Services
We share data only with services essential to app functionality:
- OpenAI: Powers our AI coaching features (anonymized data only)
- Supabase: Database infrastructure
- Amazon Web Services (AWS): Secure cloud storage
- Analytics Providers: Anonymous usage statistics only
We never sell, rent, or trade your personal information to third parties for marketing purposes.
6. AI Processing & Data Use
AI Technology Disclosure
QBod uses OpenAI's GPT-5 artificial intelligence models to power our coaching features. This section explains how your data is processed when you use AI features.
Data Sent to OpenAI
When you interact with our AI coach or use AI-powered features, we send the following information to OpenAI for processing:
Fitness & Health Data:
- Your fitness goals and current physical stats (height, weight, age, biological sex)
- Recent workout history and performance data (exercises, sets, reps, weights)
- Nutrition logs and dietary preferences
- Sleep, stress, and recovery metrics (if provided)
- Progress tracking data and body composition measurements
Conversational Data:
- Questions you ask the AI coach
- Chat history to maintain conversation context
- Feedback on AI recommendations
Context for Personalization:
- Equipment access and workout preferences
- Dietary restrictions and meal planning preferences
- Time constraints and scheduling information
Data Protection Measures
To protect your privacy, we implement these safeguards:
Anonymization:
- We remove or anonymize personal identifiers (name, email, precise location) before sending data to OpenAI
- Your data is processed with a unique identifier that cannot be traced back to your identity
Contractual Protections:
- No Model Training: OpenAI does not use your data to train their AI models per our Data Processing Agreement
- 30-Day Deletion: OpenAI is required to delete your data within 30 days after processing
- Standard Contractual Clauses: EU-approved contract terms ensure GDPR compliance for data transfers
Encryption:
- All data transmission uses TLS 1.3 encryption (industry-standard secure protocol)
- Data is encrypted both in transit and at rest
Third-Party AI Processing Details
OpenAI Service Information:
- Location: OpenAI is based in the United States
- Privacy Policy: OpenAI's Enterprise Privacy Policy governs their data handling
- EU-US Transfers: OpenAI is certified under the EU-US Data Privacy Framework for lawful cross-border data transfers
- Data Residency: Your data may be processed on servers in the United States
Why We Use OpenAI:
OpenAI's GPT-5 models provide state-of-the-art natural language processing and personalization capabilities that enable:
- Conversational AI coaching tailored to your goals
- Intelligent workout and nutrition recommendations
- Real-time analysis of your progress and adaptive planning
Your AI Choices and Control
Opt-In Required:
- AI features require explicit consent during signup
- You must check the "I consent to AI features" box to enable AI coaching
- Without AI consent, core tracking features remain available but AI coaching is disabled
Settings Control:
- Navigate to Settings > AI Features to manage your AI preferences
- Toggle AI features on/off at any time without losing your account or data
What Happens When You Disable AI:
- Stops New Processing: No new data is sent to OpenAI after disabling
- Preserves Your Data: All workout history, goals, and progress remain intact
- Limited Functionality: AI coaching chat and AI-generated workouts become unavailable
- Re-Enable Anytime: You can turn AI features back on whenever you want
Data Deletion Options:
- Disable AI: Stops new processing but keeps historical AI conversation logs in your account
- Delete Chat History: Option to delete specific AI coaching conversations (coming soon)
- Full Account Deletion: Permanently removes all data including AI interactions (Settings > Account > Delete Account)
AI-Specific Data Retention
Our Retention:
- AI Coaching Conversations: Retained while your account is active to provide conversation history
- AI-Generated Plans: Retained as part of your fitness history (workout plans, meal recommendations)
- AI Processing Logs: Technical logs retained for 90 days for service improvement and debugging
- Deleted Account: All AI data permanently deleted within 30 days of account deletion
OpenAI Retention:
- Processing Data: Deleted within 30 days after processing per our Data Processing Agreement
- No Long-Term Storage: OpenAI does not retain your data for training or long-term analysis
Legal Basis for AI Processing (GDPR)
For EU residents, we process your data for AI features under these legal bases:
- Consent (Article 6(1)(a)): Your explicit consent to use AI features, provided during signup
- Legitimate Interest (Article 6(1)(f)): Service improvement, debugging, and security (for technical logs only)
You can withdraw consent at any time by disabling AI features in Settings. Withdrawal does not affect the lawfulness of processing based on consent before withdrawal.
International Data Transfers
EU to US Transfers:
If you are located in the European Union, your data is transferred to the United States for AI processing. We ensure adequate protection through:
- EU-US Data Privacy Framework: OpenAI is certified, providing lawful transfer mechanism
- Standard Contractual Clauses: EU Commission-approved contract terms for data protection
- Adequacy Assessment: We continuously monitor OpenAI's compliance with EU data protection standards
Your Rights Regarding Transfers:
- Request information about safeguards for your data: support@qbod.fit
- Object to transfers (will disable AI features)
- Lodge complaints with your local data protection authority
Transparency and Accountability
What We Monitor:
- AI response quality and accuracy
- User satisfaction with AI coaching
- Compliance with data processing agreements
- Security incidents or data breaches
What We Report:
- Any data breaches involving AI systems: Reported to affected users and authorities within 72 hours (GDPR requirement)
- Annual transparency reports on AI data processing (available upon request)
Your Right to Information:
You can request detailed information about:
- Specific data sent to OpenAI for your account
- AI processing logs for your interactions
- Data Processing Agreement terms with OpenAI
Contact support@qbod.fit with subject line "AI Data Inquiry"
7. Your Rights and Choices
You have the right to:
- Access: Request a copy of all your data
- Correct: Update inaccurate information
- Delete: Request deletion of your account and all associated data
- Export: Download your data in a portable format
- Opt-out: Disable specific features or data collection
To exercise these rights, contact us at support@qbod.fit. We will respond to your data rights requests within 30 days for GDPR requests and 45 days for CCPA requests, as permitted by law. In cases requiring additional time due to complexity or volume, we will notify you and may extend the response period as allowed by applicable law.
8. California Privacy Rights (CCPA)
California residents have additional rights:
- Right to know what personal information we collect
- Right to delete personal information
- Right to opt-out of sale of personal information (we do not sell your data)
- Right to non-discrimination for exercising privacy rights
To submit a CCPA request, email: support@qbod.fit
9. Washington Consumer Health Data Privacy Rights
If you are a Washington resident, you have additional rights under the My Health My Data Act:
- Right to know what health data we collect
- Right to access your health data
- Right to delete your health data
- Right to withdraw consent for health data processing
- Right to opt-out of health data sharing
10. Data Retention
We retain your data for as long as:
- Your account is active
- Necessary to provide our services
- Required by law
You can request deletion at any time through Settings. Upon account deletion request, we will permanently delete your data within 30 days, except where retention is required by law or for legitimate business purposes (e.g., resolving disputes, enforcing agreements, complying with legal obligations). Backup copies may persist for up to 90 days before automatic deletion from backup systems.
11. Children's Privacy
QBod is not intended for users under 18 years of age. We do not knowingly collect information from children under 18. If we learn we have collected information from a child under 18, we will delete it immediately.
12. Legal Basis for Processing (EU/GDPR)
For users in the European Union, we process your personal data under these legal bases:
- Consent: When you provide explicit consent for AI coaching, analytics, or marketing communications
- Contract Performance: To provide fitness services, subscription management, and core app functionality
- Legitimate Interest: For app improvement, security, fraud prevention, and customer support
- Legal Obligation: When required by applicable law or regulation
You may withdraw consent at any time without affecting the lawfulness of processing based on consent before withdrawal.
13. Additional Rights for EU Residents
If you are located in the European Union, you have additional rights under the General Data Protection Regulation (GDPR):
Enhanced Data Subject Rights:
- Right to Restrict Processing: Limit how we process your data in certain circumstances
- Right to Object: Opt out of processing based on legitimate interests or for direct marketing
- Right to Data Portability: Receive your data in a structured, machine-readable format
- Right to Lodge Complaints: File complaints with your local supervisory authority
Supervisory Authority Contact:
You can contact your local data protection authority if you have concerns about our data processing. A list of EU supervisory authorities is available at: https://edpb.europa.eu/about-edpb/about-edpb/members_en
Exercising EU Rights:
To exercise any of these rights, contact us at: support@qbod.fit
We will respond within 30 days as required by GDPR.
14. International Data Transfers
Data Processing Locations:
Your data may be transferred to and processed in countries outside your region, including:
- United States (AWS, OpenAI)
- Other countries where our service providers operate
Safeguards for EU Data:
For EU residents, we ensure adequate protection through:
- EU-US Data Privacy Framework: For transfers to certified US companies
- Standard Contractual Clauses: EU-approved contract terms for data protection
- Adequacy Decisions: Transfers only to countries with EU-recognized adequate protection
Your Rights Regarding Transfers:
You can request information about safeguards for your data transfers by contacting support@qbod.fit
15. Cookies and Tracking Technology
Essential Cookies Only:
QBod uses only essential cookies necessary for app functionality:
- Authentication Cookies: Keep you securely logged in
- Preference Cookies: Remember your app settings and language preferences
- Session Cookies: Maintain your app session and security
No Tracking or Advertising Cookies:
We do not use:
- Third-party advertising cookies
- Social media tracking pixels
- Cross-site tracking technology
- Analytics cookies (unless you consent)
Managing Cookies:
- EU residents can manage cookie preferences through device settings
- Essential cookies cannot be disabled as they are necessary for app functionality
- You can clear cookies through your device browser settings
16. Limitation of Liability
The Services are provided on an "AS IS" and "AS AVAILABLE" basis without warranties of any kind, either express or implied, to the maximum extent permitted by applicable law. To the maximum extent permitted by Texas law, QBod's total liability for any claims arising from or related to this Privacy Policy or your use of the Services shall not exceed the amount you paid to QBod in the twelve (12) months preceding the claim, or $100 USD, whichever is greater.
QBod shall not be liable for any failure or delay in performance due to circumstances beyond our reasonable control, including but not limited to: acts of God, natural disasters, infrastructure failures, internet outages, cyberattacks, or any other similar events. QBod reserves the right to modify, suspend, or discontinue any aspect of the Services at any time, with reasonable advance notice (minimum 30 days) for material changes that significantly affect your ability to use the Services.
Except as expressly stated in this Privacy Policy, QBod makes no warranties or representations about the accuracy, reliability, completeness, or timeliness of the Services, content, or data. All implied warranties, including but not limited to merchantability, fitness for a particular purpose, and non-infringement, are hereby disclaimed to the maximum extent permitted by law. This limitation of liability shall be governed by and construed in accordance with Texas law.
17. Contact Us
For questions, requests, or concerns about this Privacy Policy or your personal data:
Email: support@qbod.fit
Mailing Address: QBod LLC, Texas, USA
Subject Line Guidelines:
- For GDPR Inquiries: Use subject line "GDPR Request"
- For CCPA Requests: Use subject line "CCPA Request"
- For Washington Requests: Use subject line "Washington Health Data Request"
- For General Privacy Questions: Use subject line "Privacy Question"
18. Acknowledgment
BY USING THE SERVICES, YOU ACKNOWLEDGE THAT:
- You have read and understood this Privacy Policy
- You consent to the collection, use, and disclosure of your information as described
- You understand your privacy rights and how to exercise them
- You consent to international data transfers (including to the United States)
- You understand QBod's use of AI processing and third-party services
- You agree to the limitations of liability and disclaimers described herein
- You consent to the jurisdiction of Texas courts for any disputes arising from this Privacy Policy