BP Active
Privacy Policy
Last updated: February 12, 2026

Controller Information
BP Active is operated by:
Heartery ApS
A company incorporated in Denmark
Registered address: A.C.Meyers Vænget 78 2450 Copenhagen Denmark
CVR number: 44831880
Email: it@heartery.com
For purposes of EU and UK data protection law, we are the data controller.

Scope
This Privacy Policy applies to the BP Active mobile application and related services.

Information We Collect
A. Information You Provide
• Name and email address (if account is created)
• Age or year of birth
• Fitness level and training preferences
• Exercise limitations or physical considerations
• Customer support communications
B. Device and Technical Data
• Device type and operating system
• App usage data
• Crash logs and diagnostics
• IP address (for security and fraud prevention)
C. Motion and Activity Data
With your explicit permission, the App may access motion and activity data from:
• Apple Health (HealthKit)
• Google Fit
• Device motion sensors
This may include activity metrics such as movement frequency or duration.

We do not collect blood pressure readings.
We do not access medical records.
We do not provide medical monitoring.
Motion and activity data are used solely to personalize workout programming.
Sensitive health-related data is processed only with explicit consent where required by law.

Legal Basis for Processing
EU / EEA and UK:
We process data under:
• Article 6(1)(b) GDPR - contract performance
• Article 6(1)(f) GDPR - legitimate interests
• Article 6(1)(c) GDPR - legal obligation
• Article 9(2)(a) GDPR - explicit consent for health-related data

United States:
We process personal data for legitimate business purposes and contract fulfillment.
We do not sell personal information. California residents may exercise rights under CCPA/CPRA.

Canada:
Processing complies with PIPEDA.

Australia:
Processing complies with the Privacy Act 1988.

Sharing of Data
We may share information with:
• Cloud infrastructure providers
• Analytics providers
• Customer support tools
• Legal authorities if required
All processors act under written agreements and appropriate safeguards.
We do not sell personal data.
We do not use health data for advertising.

International Transfers
Data may be processed outside the EU/EEA.
We use Standard Contractual Clauses or equivalent safeguards.

Data Retention
We retain data only as long as necessary for service delivery, legal compliance, and dispute resolution. Users may request deletion at any time

Your Rights
Depending on jurisdiction, you may have the right to:
• Access your data
• Correct inaccuracies
• Request deletion
• Withdraw consent
• Request portability
• Object to processing
• Opt out of sale (where applicable)
Requests: it@heartery.ai

Data Security
We implement technical and organizational safeguards. No system is completely secure.

Children
Not intended for users under 16

Changes
We may update this policy. Continued use constitutes acceptance

Contact
Heartery ApS
A.C.Meyers Vænget 78, 2450 Copenhagen Denmark
Email: it@heartery.ai
Made on
Tilda