Privacy Policy

Effective date: 19 April 2026

This Privacy Policy explains how Rati Apps (“we”, “us”, or “our”) collects, uses, stores, and shares information when you use the BodyBoost AI mobile application (the “App”) and related services that reference this policy (together, the “Services”).

By using the Services, you acknowledge this Privacy Policy. If you do not agree, please do not use the Services.

1. Data controller

The controller responsible for personal data processed in connection with the Services is:

Privacy and data-protection enquiries: info@ratiapps.com
Product support: support@ratiapps.com
General contact: contact@ratiapps.com
Business enquiries: business@ratiapps.com
Phone: +31 6 18318010

2. Scope

This policy applies to personal data processed when you install, access, or use the App, create or manage an account (if available), communicate with us, and use in-app features that involve the processing of information on our systems or on systems acting on our behalf.

The App may be distributed through third-party platforms (for example Apple App Store or Google Play). Those platforms may process personal data under their own policies (such as account, payment, or device data). Where applicable, their terms and privacy notices also apply to their processing.

3. Categories of personal data we process

The data we process depends on how you use the Services and which features you enable. We may process the following categories:

3.1 Account and profile data

If the App supports accounts or profiles, we may process identifiers such as your email address, display name, authentication tokens, subscription or entitlement status, and preferences you set in the App.

3.2 Content you provide in the App

We process information you submit or generate while using the App, which may include text inputs, goals, notes, feedback messages, and other content needed to operate features you choose to use.

3.3 Health, fitness, and wellness-related information

If you choose to provide it, the App may process information related to your health, fitness, or wellness (for example measurements, activity levels, nutrition-related inputs, or similar data types supported by the product). Some of this information can qualify as special-category data under the GDPR. We only process such data where permitted by law and as described in Section 5.

3.4 Technical, usage, and diagnostics data

We may process technical information such as device model, operating system version, app version, language settings, time zone, IP address, crash logs, performance diagnostics, and aggregated usage events (for example feature usage and session duration) to operate, secure, and improve the Services.

3.5 Communications

If you contact us, we process the information you provide (such as your email address and message content) and related metadata needed to respond and maintain correspondence records where appropriate.

3.6 Purchases and billing references

If you purchase paid features, payment processing is typically handled by the platform provider (Apple/Google) or a payment processor. We may receive limited transaction references (for example purchase receipts, subscription status, and customer identifiers) to validate access to paid features.

4. Sources of personal data

We collect personal data:

• directly from you when you use the App or contact us;
• automatically through the App and our infrastructure when you use the Services;
• from platform providers where necessary to deliver purchases, notifications, or platform-integrated features; and
• from service providers we use strictly as instructed by us (see Section 7).

5. Purposes, legal bases, and special-category data (GDPR / EEA and UK)

Where the GDPR applies, we process personal data on the following legal bases, depending on the processing activity:

• Contract (Article 6(1)(b) GDPR): to provide the Services you request, authenticate you, deliver in-app functionality, handle support requests related to the Services, and manage subscriptions or entitlements linked to your use of the App.
• Legitimate interests (Article 6(1)(f) GDPR): to secure the Services, prevent abuse and fraud, troubleshoot and improve reliability, analyse aggregated usage to understand product performance, communicate service-related notices, and defend legal claims. We balance these interests against your rights and provide ways to object where applicable (see Section 10).
• Consent (Article 6(1)(a) GDPR): where we rely on consent (for example optional analytics beyond what is strictly necessary, certain marketing communications where required, or optional integrations you explicitly enable). You may withdraw consent at any time without affecting the lawfulness of processing before withdrawal.
• Legal obligation (Article 6(1)(c) GDPR): where we must comply with applicable law, regulatory requests, tax, accounting, or law-enforcement requirements.

If we process special-category data (such as certain health-related information under Article 9 GDPR), we do so only where a permitted condition applies, including where you have given explicit consent through a clear affirmative action in the App or in connection with a specific feature, or where another Article 9 condition applies under applicable law. If a feature requires consent and you do not provide it, we will not process data for that feature in a consent-based manner.

6. AI-assisted features

Parts of the Services may use machine-learning or AI-assisted functionality to generate suggestions, summaries, coaching-style outputs, or other responses based on inputs you provide and contextual information needed to operate the feature.

• We use such functionality to deliver the in-app experience and to improve product safety and quality, subject to this policy and applicable law.
• Unless we expressly tell you otherwise in the App, you should not submit information you are not comfortable being processed for the purpose of generating outputs.
• Outputs may be probabilistic and can be inaccurate. They are not a substitute for professional medical, nutritional, or therapeutic advice unless explicitly stated and supported by appropriate regulated services.

7. Recipients, processors, and disclosure

We may share personal data with service providers that process data on our behalf (“processors”), such as hosting providers, infrastructure vendors, customer-support tooling, email delivery services, analytics providers (where permitted), and security monitoring services. We impose contractual obligations on processors requiring them to protect personal data and process it only on our documented instructions.

We may disclose personal data if required to do so by law, court order, or a lawful request by public authorities, or if we reasonably believe disclosure is necessary to protect the rights, safety, and security of users, Rati Apps, or the public.

We do not sell your personal data, and we do not share personal data with third parties for their independent marketing purposes unless you have agreed or applicable law permits such sharing in a specific context.

If Rati Apps is involved in a merger, acquisition, financing, reorganisation, bankruptcy, or sale of assets, personal data may be transferred as part of that transaction, subject to appropriate confidentiality and data-protection safeguards.

8. International transfers

We may process and store personal data in the European Economic Area (EEA) and in other countries where we or our service providers operate. If we transfer personal data from the EEA, UK, or Switzerland to countries not recognised as providing an adequate level of data protection, we implement appropriate safeguards required by applicable law (such as the EU Standard Contractual Clauses, UK Addendum, or equivalent mechanisms), unless a derogation applies.

9. Retention

We retain personal data only for as long as necessary for the purposes described in this policy, unless a longer retention period is required or permitted by law. Retention criteria include whether data is still needed to provide the Services, resolve disputes, enforce agreements, comply with legal obligations, and maintain security backups in accordance with our internal schedules.

When retention periods expire, we delete or anonymise personal data where feasible, unless limited retention is required for legitimate legal or security reasons.

10. Your privacy rights

Depending on your location, you may have rights regarding your personal data. If you are located in the EEA, UK, or Switzerland, you may have the following rights under applicable data-protection law (subject to conditions and exemptions):

• Access: request a copy of the personal data we hold about you.
• Rectification: request correction of inaccurate or incomplete data.
• Erasure: request deletion of personal data in certain circumstances.
• Restriction: request restriction of processing in certain circumstances.
• Objection: object to processing based on legitimate interests, including profiling that falls under those rules.
• Data portability: receive certain personal data in a structured, commonly used, machine-readable format where technically feasible.
• Withdraw consent: where processing is based on consent.
• Lodge a complaint with a supervisory authority.

To exercise your rights, contact us at info@ratiapps.com. We may need to verify your identity before responding. If you are in the EEA and you believe our processing infringes the GDPR, you may lodge a complaint with your local supervisory authority. In the Netherlands, the supervisory authority is the Dutch Data Protection Authority (Autoriteit Persoonsgegevens): https://www.autoriteitpersoonsgegevens.nl/.

If you are located in other regions (including certain US states), you may have additional rights under local law (for example access, deletion, correction, or opt-out rights). Contact us at info@ratiapps.com and we will respond in line with applicable requirements.

11. Security

We implement appropriate technical and organisational measures designed to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access. No method of transmission or storage is completely secure; we work to maintain reasonable safeguards consistent with industry practice.

12. Children

The Services are not directed to children under the age at which parental consent is required in their jurisdiction for the processing described here. We do not knowingly collect personal data from children in a manner that violates applicable law. If you believe we have collected personal data from a child inappropriately, contact us at support@ratiapps.com and we will take appropriate steps.

13. Marketing

If we send promotional communications where required by law, we will obtain consent or rely on another permitted basis. You can opt out of promotional emails using the unsubscribe mechanism provided in those messages, where applicable.

14. Automated decision-making

We do not use solely automated decision-making that produces legal effects concerning you or similarly significantly affects you, unless we specifically disclose otherwise in the App and provide any information required by law for such processing.

15. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. We will post the updated version in the App (or otherwise make it available) and update the “Effective date” above. If changes are material, we will provide additional notice where required by law (for example an in-app notification).

16. Contact

For questions about this Privacy Policy or our privacy practices, contact info@ratiapps.com. For help using the App, contact support@ratiapps.com.

BodyBoost AI is a product of Rati Apps. This policy is written in English as the authoritative version for international users and store disclosures.