Last updated: December 8, 2025
Effective Date: December 8, 2025
Beginnity ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use our AI-powered workout coaching service, including our mobile application and website (collectively, the "Service").
We understand that you are trusting us with sensitive health and fitness data. We take this responsibility seriously and are committed to transparency about our data practices.
By using the Service, you consent to the data practices described in this Privacy Policy and our Terms of Service. If you do not agree, please do not use the Service.
For the purposes of applicable data protection laws (including GDPR), the data controller of your personal information is:
EU Representative: As we do not currently have a physical presence in the European Union and do not systematically monitor EU residents on a large scale, we rely on the GDPR Article 27(2)(a) exemption and do not have a designated EU representative at this time. If you are an EU resident with privacy concerns, please contact us directly at privacy@beginnity.com.
When you create an account, we collect:
During onboarding and app usage, we collect:
With your permission, we collect health data from connected wearables:
We automatically collect:
When you connect Apple Health, we access the following HealthKit data types with your explicit permission:
In compliance with Apple's HealthKit guidelines, we make the following commitments:
You can revoke HealthKit access at any time through your iPhone's Settings → Health → Data Access & Devices → Beginnity.
We use your information for the following purposes:
If you are located in the European Economic Area (EEA), UK, or Switzerland, we process your personal data based on the following legal grounds:
For health data from HealthKit and wearables, biomarker uploads, and marketing communications. You can withdraw consent at any time.
To provide the Service, manage your account, process payments, and deliver personalized workout recommendations.
For analytics, service improvement, fraud prevention, and security. We balance our interests against your privacy rights.
To comply with applicable laws, respond to legal requests, and protect our rights.
We do NOT sell your personal data. We never have and never will.
We share your information with the following categories of recipients:
We use third-party services to operate Beginnity. These providers only access data necessary to perform their services and are contractually bound to protect your data:
| Provider | Purpose | Data Accessed |
|---|---|---|
| Vercel | Web hosting & deployment | Server logs, IP addresses |
| Neon | Database hosting | All user data (encrypted at rest) |
| Anthropic | AI workout generation | Recovery metrics, fitness goals (pseudonymized) |
| Polar.sh | Payment processing | Email, billing info (not stored by us) |
| PostHog | Product analytics | Usage events, device info (anonymizable) |
| Resend | Transactional email | Email address, name |
| Cloudflare R2 | File storage | Biomarker uploads (encrypted) |
| Upstash Redis | Rate limiting, session storage | IP addresses (hashed), session IDs |
| HCaptcha | Bot prevention | IP address, browser fingerprint |
When you connect wearable devices (Oura, Whoop, Eight Sleep), we receive data from their APIs. Each provider has their own privacy policy governing their data practices. We do not share your Beginnity data back to these providers.
We may disclose your information if required by law, subpoena, court order, or government request. We will notify you of such requests when legally permitted and will challenge requests we believe are overbroad or unlawful.
We use Anthropic's Claude AI to generate personalized workout recommendations. Here is how your data is processed by AI:
Note: This data is pseudonymized (your user ID is replaced with a random identifier) but is not fully anonymized under GDPR as it could theoretically be re-identified when combined with other data.
Your personal health data is NOT used to train AI models. When using Anthropic's API, data is processed for your request only and is not retained for model training per Anthropic's API data usage policy.
AI-generated workout recommendations are suggestions only. You are not legally or contractually obligated to follow them. You can always request a different workout or modify recommendations to suit your needs.
We implement industry-standard security measures to protect your data:
In the unlikely event of a data breach, we will notify affected users within 72 hours via email. We will also notify relevant supervisory authorities as required by GDPR and other applicable laws.
| Data Type | Retention Period | After Account Deletion |
|---|---|---|
| Account Information | While account is active | Deleted within 30 days |
| Health & Fitness Data | While account is active | Deleted within 30 days |
| Biomarker Uploads | While account is active | Deleted within 30 days |
| Workout History | While account is active | Deleted within 30 days |
| Analytics (Aggregated) | 2 years | Retained (anonymized) |
| Security Logs | 90 days | Retained for security |
| Payment Records | 7 years (legal requirement) | Retained for tax/legal |
| Backups | 30 days rolling | Purged in next backup cycle |
We may retain data longer if required for legal proceedings, regulatory compliance, or legitimate business purposes (e.g., fraud prevention).
Depending on your location, you have the following rights regarding your personal data:
Request a copy of the personal data we hold about you.
Request correction of inaccurate or incomplete data.
Request deletion of your personal data, subject to legal retention requirements.
Receive your data in a structured, machine-readable format (JSON or CSV).
Request that we limit how we use your data in certain circumstances.
Object to processing based on legitimate interests or for direct marketing.
Withdraw consent at any time for processing based on consent (e.g., HealthKit access).
To exercise your rights: Email privacy@beginnity.com with your request. We will respond within 30 days (GDPR) or 45 days (CCPA).
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):
You have the right to know what categories of personal information we collect, the sources, business purposes, and third parties we share it with. This is described in Sections 3, 5, and 7 of this Privacy Policy.
You may request deletion of your personal information. We will comply within 45 days, unless an exception applies (e.g., legal obligations, security, ongoing transactions).
We do not sell personal information. We do not share personal information for cross-context behavioral advertising. Therefore, no opt-out is necessary.
We will not discriminate against you for exercising your privacy rights. You will not receive different pricing or quality of service for making privacy requests.
You may designate an authorized agent to submit requests on your behalf. We will require verification of your identity and the agent's authorization.
Health and fitness data is considered sensitive personal information under CPRA. We use this data only to provide the Service (workout recommendations based on recovery data) and do not use it for purposes requiring a "limit use" opt-out.
If you are located in the European Economic Area (EEA), UK, or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR):
You have the right to lodge a complaint with your local data protection authority if you believe we have violated your privacy rights. A list of EEA authorities is available at edpb.europa.eu.
See Section 6 for our legal bases for processing your data under GDPR.
For processing based on consent (health data, HealthKit access), you can withdraw consent at any time without affecting the lawfulness of prior processing. To withdraw:
We will respond to GDPR data subject requests within 30 days. If we need more time due to complexity, we will notify you within 30 days and may extend by an additional 60 days maximum.
Beginnity is based in the United States. If you access the Service from outside the US, your data will be transferred to and processed in the United States.
For transfers from the EEA/UK/Switzerland to the US, we rely on:
Copies of our Standard Contractual Clauses are available upon request at privacy@beginnity.com.
We apply the same security measures regardless of where your data is processed. All our service providers are contractually required to protect your data per applicable data protection laws.
The Service is not intended for children under 18 years of age. We do not knowingly collect personal information from children under 18.
Age Verification: During account creation, users self-certify that they are at least 18 years old by accepting our Terms of Service. While we do not employ technical age verification systems, we take reasonable measures to prevent access by minors.
If you are a parent or guardian and believe your child has provided us with personal information, please contact us at privacy@beginnity.com. We will immediately delete the account and all associated data, and notify the email address on file.
We may update this Privacy Policy from time to time. When we make material changes, we will:
Your continued use of the Service after the effective date of any changes constitutes acceptance of the updated Privacy Policy. If you disagree with changes, you should stop using the Service and delete your account.
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
Privacy Inquiries & Data Requests:
General Support:
Mailing Address:
Beginnity
Attn: Privacy Team
2286 6th Avenue
San Diego, CA 92101
United States
For GDPR-related requests, we aim to respond within 30 days.
For CCPA-related requests, we aim to respond within 45 days.
By using Beginnity, you acknowledge that you have read and understood this Privacy Policy. This policy should be read together with our Terms of Service.