Privacy Policy
Last updated: 28 June 2026
The short version: We never sell your data. We never show you ads. Your health information is private and belongs entirely to you. We collect only what we need to run the service — nothing more. BodyPing is not a medical service and does not process your health data for clinical purposes.
1. What data we collect
We collect information you provide directly:
- Account information: name, email address, and password (stored as a bcrypt hash — we never store plain-text passwords)
- Health log data: everything you enter into the Pain Log and Migraine Log forms — pain scores, symptom selections, trigger choices, medication notes, and free-text notes
- Payment information: we do not store card numbers or bank details. Payments are processed by PayPal. We store transaction IDs and amounts for accounting.
- Usage data: last login date. We do not use analytics tracking scripts or third-party cookies.
2. How we use your data
Lawful basis (GDPR Article 6): We process your personal data on the following legal bases:
- Contract performance (Article 6(1)(b)): Processing your account and health logs is necessary to deliver the BodyPing service.
- Legitimate interests (Article 6(1)(f)): Security logging and fraud prevention.
- Legal obligation (Article 6(1)(c)): Retaining payment records for 7 years for tax compliance.
Specifically, we use your data to:
- To provide and maintain the BodyPing service
- To send you password reset emails and account notifications
- To process subscription payments via PayPal
- To generate the reports and share links you request
- To respond to support messages you send us
We do not use your health data to train AI models, run advertising, or share with third parties.
3. How your health data is NOT used — important
BodyPing is a personal record-keeping tool, not a medical service
Your health data is used exclusively to display your own logs back to you, generate your personal reports, and allow you to share those reports with people you choose. It is not used for any clinical, diagnostic, or analytical purpose by BodyPing.
We do not analyse your symptoms, draw medical conclusions from your data, or make any health recommendations based on what you log. The dashboards and patterns shown in the app are statistical summaries of your own entries — they are not clinical assessments and should not be treated as such.
Your health data is specifically never used to:
- Provide medical advice, diagnosis, or treatment recommendations
- Train artificial intelligence or machine learning models
- Profile you for advertising or commercial purposes
- Share with pharmaceutical companies, insurance companies, or any health industry third party
- Sell or licence to any organisation for any purpose
- Benchmark or compare you against other users
4. Who we share your data with
- PayPal: for payment processing. PayPal's privacy policy governs their use of your payment data.
- Your hosting provider: our servers are hosted by a cPanel hosting provider. Your data is stored on their infrastructure under our account.
- Anyone you choose to share with: when you generate a share link, the data in that report becomes accessible to anyone with the link and PIN until it expires. This is entirely your decision, made at your own discretion. BodyPing is not responsible for how a shared report is read, used, or acted upon by the recipient.
We do not sell data to any third party, ever.
5. Data retention
- Your account and health data are retained while your account is active.
- If you delete your account, your health log data and personal information are permanently deleted from our database within 30 days. This action is irreversible.
- Payment records are retained for 7 years as required for tax purposes.
6. Your rights
You have the right to:
- Access: request a copy of all data we hold about you
- Export: download your health data as CSV from within the app at any time
- Correct: update your name or email from your account page
- Delete: request deletion of your account and all associated data
- Object: object to processing of your data in certain circumstances
To exercise any of these rights, contact us at hello@bodyping.com. We will respond within 30 days.
7. Security
- Passwords are stored as bcrypt hashes (never plain text)
- All connections use HTTPS/TLS encryption
- Sessions use secure, HTTP-only cookies
- Database queries use prepared statements to prevent injection
- Admin access is protected by a separate authentication layer
8. Cookies
We use one session cookie to keep you logged in. We do not use tracking cookies, advertising cookies, or analytics cookies. No third-party scripts are loaded on the member pages of the application.
9. Children's privacy
BodyPing was originally built for a 12-year-old and is designed to be usable by children and young people with parental involvement. Accounts for users under 13 must be created and managed by a parent or legal guardian. We do not knowingly collect data from children under 13 without appropriate parental consent. If you believe we have inadvertently collected data from a child under 13 without consent, please contact us immediately and we will delete it.
10. Your responsibility when using BodyPing
By using BodyPing you acknowledge and accept that:
- You are responsible for the accuracy of the information you enter. BodyPing does not verify, correct, or validate your entries.
- Any reports you generate reflect only what you have logged. Their usefulness depends entirely on the consistency and accuracy of your records.
- Sharing a BodyPing report with a healthcare professional is your decision, made voluntarily and at your own discretion. BodyPing is not responsible for how shared reports are interpreted or used by any third party, including doctors, nurses, or other clinicians.
- BodyPing logs are a personal record-keeping aid. They are not a substitute for professional medical assessment, diagnosis, or treatment.
- Any medical decision you make — whether or not it is informed by your BodyPing records — is made entirely at your own risk and on your own responsibility.
Not a replacement for medical care
Using BodyPing does not replace, reduce, or delay the need for qualified medical care. If you are concerned about your health, consult a registered healthcare professional. If you are experiencing a medical emergency, stop using this app and call your local emergency services immediately.
11. Changes to this policy
We will notify you by email before making significant changes to this policy. The updated date at the top of this page shows when it was last revised.
12. Contact
Data protection questions: hello@bodyping.com