Privacy Policy

1. Introduction

AppFlows Teknoloji Anonim Şirketi ("BodyMuse", "we", "us" or "our") is a company registered with a registered address at:

Registered Address:
Pınarbaşı Mah. Hürriyet Cad. Akdeniz Üniversitesi Uluğbey AR-GE 2
No: 3 A İç Kapı No: B33
Konyaaltı/Antalya
Postal Code: 07070

We develop and publish applications for mobile devices. We are a data controller and are responsible for the collection, use, disclosure, retention, and protection of your "personal data" (which has the meaning set out in the General Data Protection Regulation (the "Data Protection Laws")).

When you use "BodyMuse" or other apps or our corporate website available at https://bodymuse.app (each being, our "Platform", collectively, the "Platforms"), we may collect, store, and process some data, including personal data. This Privacy Policy ("Privacy Policy") sets out the main principles on which the data collected from you, or that you provide to us, will be processed by us.

This Privacy Policy also aims to remind you about your rights and to provide you with all the elements you need to exercise them. For data protection laws, we are the controller of your personal data. If you have any questions related to this Privacy Policy or our practices around privacy and data protection in general, please don't hesitate to contact us.

If You Do Not Agree:

In such case, you must:

• (a) Delete your account using the functionality found in "Settings" in the App, or contact us and request deletion of your data
• (b) Cancel any subscriptions using the functionality provided by Apple (if you are using iOS) or Google (if you are using Android)
• (c) Delete the App from your devices

2. What Data Do We Collect and Process?

When you visit our Platform, you may provide us with the following types of data:

2.1 Contact Data

This may include your name and your email address. This information will be collected if you communicate with us via email.

2.2 Account Data

If you create an account on our Platforms (including the creation of a BodyMuse ID), you may need to provide your name, email address, phone number, and your photograph. If you use Facebook or Google to log in, they will share profile data, language, location, and publicly available information with us.

2.3 Physical Data

This may include your gender identity, weight, age, date, place and time of birth, zodiac sign, photos (palm, face, etc.), sleep time.

2.4 Correspondence Data

This includes the information you provide when you request support through our Platform, contact us via the email address provided in this Privacy Policy and elsewhere on our website, and your views, opinions, and feedback which you choose to provide in relation to the Platform and our services, including any comment facilities and message boards.

2.5 Session Data

This includes your IP address, your device's unique identifier details, browser details including version, device operating system, geo-location, time zone setting, and time/date of access requests, the amount of data transmitted, and the requesting provider. We may also capture other information about visits to our Platform such as pages viewed and traffic patterns.

2.6 Cookie Data

Cookies are small files which are downloaded to your device when accessing our Platform. Most web browsers automatically accept cookies. Please refer to section 6 (COOKIES AND TRACKERS) below for further details about our use of cookies.

2.7 Preference Data

This includes any information you choose to provide us regarding your preferences.

2.8 Payment Data

Our Platforms include purchases directly in the application (including subscriptions) and/or purchases directly through our website. If you want to make a purchase in the application, you may do this with the help of the payment system provided by Google Play (managed by Google) or the App Store (managed by Apple) and integrated into the apps. Under no circumstances do we collect or process any information related to your payment instruments, such as bank card number, its validity term, or your name as written on it. When you purchase directly through our website, including a subscription, you authorize us to have our payment processor collect this information. We do not store such information on our servers.

3. Body Data Processing

To enable body shape detection and personalized recommendations, we process image data using Apple's ARKit framework (TrueDepth API technologies) on compatible devices.

What We Do NOT Do:

• ❌ Collect, store, or transfer Body Data off your device
• ❌ Use Body Data to identify you personally
• ❌ Use Body Data for authentication, advertising, or marketing
• ❌ Create user profiles based on Body Data
• ❌ Share, sell, or provide Body Data to third parties

By using the app, you grant your explicit informed consent for the on-device processing of Body Data as outlined in this section.

4. How Do We Use Data?

When using BodyMuse, we may collect and process certain data for legitimate and clearly defined purposes:

Data We Collect:

• Basic personal information (age, gender, height, weight) entered manually
• In-app behavior and interactions (favorite categories, completed workouts)
• App usage analytics to improve user experience (collected anonymously)

Legal Bases for Processing:

• Consent: We ask for explicit permission before processing health-related or biometric data
• Contractual necessity: To provide personalized recommendations or subscription features
• Legitimate interest: To improve our services and ensure app stability
• Legal compliance: To meet obligations under data protection regulations

5. Data Retention

By using BodyMuse, you agree that your personal data may be stored in accordance with legal, financial, and operational requirements. We retain data only for as long as necessary to fulfill the purposes for which it was collected.

Retention periods depend on:

• The category of data (e.g., user profile data, subscription data)
• The reason for collection (e.g., to personalize recommendations or enable app features)
• Applicable laws and limitation periods
• The need to comply with legal or financial obligations (e.g., tax or audit compliance)

When retention is no longer necessary, personal data will be securely deleted or anonymized.

6. Cookies and Trackers

We use cookies, other software development kits ("SDKs"), and third-party libraries. Our Platform uses the following categories of cookies:

6.1 Strictly Necessary Cookies

These are cookies that are required for the operation of our Platform (e.g., cookies that enable you to load webpages).

6.2 Analytical/Performance Cookies

These cookies allow us to recognize and count the number of visitors to our Platform and to see how visitors move around our Platform. This helps us improve the way our Platform works.

6.3 Functionality Cookies

These are used to recognize you when you return to our Platform. This enables us to personalize our content for you, remember your preferences (for example, your choice of language or region), etc.

6.4 Tracking ID

• On iOS devices: called an Identifier for Advertising (IDFA)
• On Android devices: called a Google Advertising ID (AAID)

These IDs enable app providers and advertisers to track user activity and target ads at those users.

7. Who Do We Share Your Data With?

BodyMuse does not share your personal data except as consented by you or as described in this Privacy Policy.

We may share certain aggregate or anonymized information with our partners, but only as permitted by law and in ways that do not identify you personally.

8. Where Is Your Information Stored?

We will store your data in Europe where possible. However, there may be circumstances where we need to work with trusted third parties or servers outside the EU to provide our services to you (e.g., servers in the US). By submitting your personal data, you explicitly agree to such transfer, storing, or processing of data outside the EU. We will take all steps reasonably necessary to ensure that this information is treated securely and in accordance with this Privacy Policy.

All information we hold is stored on our secure servers (which we own or license from appropriate third parties). We use industry standard procedures and security standards to prevent unauthorized access to our servers; however, no online service or website can be completely secure, so please protect the data in your possession as well.

9. Third-Party Websites

Our Platform may contain links to third-party websites. If you follow a link to a third-party website, please note that this Privacy Policy does not apply to those websites. We are not responsible or liable for the privacy policies or practices of those websites, so please check their policies before submitting any data to those websites.

10. Security

We take data security seriously. We implement and maintain appropriate technical and organizational measures, including resilient security systems and protocols, to protect the personal data we store. We have put procedures in place to deal with any suspected data security breach and will notify you and the applicable regulator of a suspected breach where the breach may pose a risk to you. Our security procedures mean that we may occasionally request proof of identity before we are able to disclose personal data to you.

Our Security Measures:

• Resilient security systems and protocols
• Procedures to deal with suspected data security breaches
• Notification systems for breaches that may pose risks
• Identity verification procedures before disclosing personal data

11. Accessing Your Personal Data and Your Rights

As a result of us collecting and processing your personal data, you have the following legal rights:

1. Access: To access personal data we hold on you.
2. Rectification: To request us to make any changes to your personal data if it is inaccurate or incomplete.
3. Erasure: To request your personal data be erased where we do not have a compelling reason to continue to process it in certain circumstances.
4. Data Portability: To receive your personal data provided to us as a data controller in a structured, commonly used, and machine-readable format, where our processing of the personal data is based on:
   • Your consent;
   • Our necessity for the performance of a contract to which you are a party;
   • Steps taken at your request prior to entering into a contract with us and the processing is carried out by automated means.
5. Restriction: To object to, or restrict, our processing of your personal data in certain circumstances.
6. Marketing Opt-out: If we use your personal data for direct marketing, you can ask us to stop, and we will comply with your request.
7. Legitimate Interest Objection: If we use your personal data on the basis of having a legitimate interest, you can object to our use of it for those purposes, giving an explanation of your particular situation, and we will consider your objection.
8. Automated Decision-Making: To object to, and not be subject to, a decision which is based solely on automated processing (including profiling) that produces legal effects or could significantly affect you.
9. Consent Withdrawal: If we are processing your personal data with your consent, you can withdraw your consent at any time by contacting us. (Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal.)
10. Complaints: To lodge a complaint with a data protection supervisory body.

12. Our Policies Concerning Children

We do not knowingly collect or solicit any personal data or target interest-based advertising to children, and we do not knowingly allow children to register for or use the Platform. Children should not use our Platform or send us any personal data about themselves at any time. In the event that we learn that we have inadvertently gathered personal data from children, we will take reasonable measures to promptly erase such information from our records. If you believe that we might have information from or about a child, please contact us at bodymuseapp@gmail.com.

13. Contact

BodyMuse's Data Protection Officer

You may contact our Data Protection Officer at bodymuseapp@gmail.com or the address below for further information:

AppFlows Teknoloji Anonim Şirketi
Adres: Pınarbaşı Mah. Hürriyet Cad. Akdeniz Üniversitesi Uluğbey AR-GE 2
No: 3 A İç Kapı No: B33
Konyaaltı/Antalya
Posta Kodu: 07070

14. Changes to This Privacy Policy

Any changes we may make to this Privacy Policy in the future will be posted on this page and, where appropriate, notified to you via electronic communications within our Apps.

This Privacy Policy was last updated on May 24, 2025.