Version April 2026
Beoflow is an online health and fitness platform that centralizes third-party biomonitoring services and devices. It does this via the website app.beoflow.com and the Beoflow mobile application(hereinafter referred to as the “Service”). As used in this Privacy Policy, the words “Beoflow,” “us,” “our,” or “we” means Beoflow B.V. providing the Service to you.
To provide its Service, Beoflow collects and analyzes specific user data as described in this Privacy Policy. Beoflow also incorporates AI-Powered Features as a core component of the Service; the collection and processing of data in connection with those features is described in this Privacy Policy.
We believe you should have control over your data. This Privacy Policy explains how we collect, use, share, and protect your personal data, as well as the privacy controls we offer to help you manage your data. If you do not agree with this Privacy Policy, you should not use our Service. We recommend that you read this policy carefully before using the Service and check this policy regularly for changes and amendments. If you have any questions about this Privacy Policy, please feel free to contact us at [email protected].
By registering with Beoflow and using Beoflow’s Service, you agree that Beoflow acts as a data controller as Beoflow decides how to collect, process, and use your personal data as set out in this Privacy Policy. Please be aware that users may withdraw consent; however, non-acceptance of this policy or withdrawal of consent may result in you being unable to use the Service.
You directly provide Beoflow with most of the data we collect. We collect data in three primary ways:
Furthermore, we also collect and process data when you interact with AI-Powered Features, including the AI chat interface or other AI-driven interactions within the Service as further described in Section 7 .
Personal identification data such as, but not limited to, the user's name, email address, and demographic information, including age, gender, and country of origin. Please note that a record of any updates or changes made to this data will be retained. For further information relating to how this data is processed please see Section 5.
Personal health data is collected from third-party peripheral services, such as, but not limited to, heart rate meters, sleep trackers, wearables and other sports devices. This includes health and fitness data collected by supported biomonitors, such as heart rate, respiratory rate, heart rate variability, sleep duration and quality, muscle pain, cadence, power, distance, GPS location and speed. CHI also includes any data provided manually through the Service's forms or automated feedback interactions, e.g. height, weight, fitness level (e.g., professional or recreational), perceived effort, perceived recovery, mental state, logged weights and reps. For further information relating to how this data is processed please see Section 6.
Information our servers and analytics software automatically collect when the user accesses the Service, such as your IP address, browser type, operating system, device information, access times, session data, and usage patterns within the Service. This data is collected for platform analytics, maintenance, and improvement of the Service. The lawful basis for this processing is Beoflow’s legitimate interest in maintaining, securing, and improving the Service. Analytics data is not shared with third parties.
To process your subscription to our Service, we collect billing details (e.g., name, billing address). Payment processing is handled entirely by our third-party payment processor provider. Beoflow does not collect, store, or process full credit card numbers or banking credentials; we only retain secure payment tokens and transaction metadata to manage your subscription.
Device information about the user's mobile device and chosen biotracker integration, including device ID, model, manufacturer, and information about the location of your device.
Information from third parties, such as personal information or network friends if you connect your account to the third party and grant the site permission to access this information.
Personal and other information you may provide when entering contests or giveaways and/or responding to surveys.
In compliance with legal obligations, we are mandated to maintain a comprehensive record of all instances wherein users grant their consent to our Privacy Policy, cookies, Terms of Service, agent access, and biotracker integration.
AI Interaction Data refers to data generated through your use of AI-Powered Features within the Service. This includes any inputs you submit to AI-Powered Features, including messages, images, files or voice messages as well as any outputs generated by AI-Powered Features in response — such as training programmes, recommendations, insights, and chat responses. For further information on how this data is used, please see Section 7.
Beoflow collects and processes the data described in Section 3 in order to provide, operate, and continuously improve the Service.
Beoflow processes personal data on the following legal bases:
Performance of a contract — to provide and operate the Service, including delivering core platform functionality, account management, subscriptions, integrations, and generating personalised training insights, performance tracking, and recovery analysis
Consent — for the processing of health data, enabling AI-powered functionality, and (where applicable) certain communications
Legitimate interests — to maintain, secure, and improve the performance, reliability, and user experience of the platform
Legal obligations — to comply with applicable laws and regulatory requirements
Where processing is based on your consent, such consent is obtained during onboarding and can be withdrawn at any time.
Different categories of data may support multiple aspects of the Service. Where necessary, data may be used across the purposes described above, provided such use remains necessary and compatible with the context in which the data was collected.
When you connect third-party services, you authorise those providers to share your data with Beoflow. These providers operate as independent data controllers under their own terms and are responsible for ensuring that they have a valid legal basis to collect and share your data.
Beoflow does not control the specific data fields transmitted by these providers. Once data is received, Beoflow acts as an independent data controller and processes such data solely in accordance with the purposes described in this policy.
Due to the nature of such integrations, the specific data fields received may vary over time. Beoflow processes such data only to the extent necessary and proportionate for the purposes described above and may limit or disregard data that is not required.
We use the PI Data we collect about you for the following specific purposes, always ensuring we have a valid lawful basis to do so:
We use your PI to deliver the core functionality of our platform. This includes:
Account Management: Creating, authenticating, and maintaining your Beoflow account.
Transactions: Processing your subscriptions, managing payments, and issuing refunds through our secure payment providers.
Connectivity: Enabling the secure sync between Beoflow and your chosen third-party biotracker integrations.
Social Features: Enabling user-to-user communications, if you choose to interact with others on the platform.
We use your PI to make the platform tailored to your specific needs. This includes:
Personalized Insights: Offering new products, services, and health recommendations uniquely relevant to you.
AI-Powered Features (As detailed in Section 7): Utilizing your data to contextualize AI-generated training programmes and interactive chat responses.
We continuously analyze how our community uses Beoflow to improve the platform. This includes:
Analytics and Operations: Monitoring usage patterns, troubleshooting bugs, and increasing the overall technical efficiency of the Service.
Research and Development: Compiling anonymous, aggregated statistical data to identify general health trends across our user base (ensuring no individual user can ever be identified).
Feedback: Contacting you to request feedback about your use of the site and the service.
We use your PI to keep you informed. This includes:
Service Notifications: Sending you essential administrative emails regarding your account, orders, or updates to our Terms and Conditions and this Privacy Policy.
Customer Support: Responding to your product inquiries, resolving disputes, and providing technical assistance.
Marketing (Subject to your consent): Delivering targeted advertising, newsletters, coupons, and promotional information. (Note: You can opt out of marketing communications at any time. Please see Section 10 for details).
We use your PI to maintain a safe, secure, and legally compliant environment. This includes:
Trust and Safety: Preventing fraudulent transactions, monitoring against account theft, and protecting against criminal activity on the platform.
Legal Compliance: Assisting law enforcement, responding to valid legal requests (such as subpoenas), and enforcing our Terms and Conditions.
Your health and biometric data are highly sensitive, and we process them strictly based on your explicit consent. The core functionality of Beoflow relies on collecting your CHI through authorized integrations with third-party peripherals (e.g., wearables, heart rate monitors) and manually logged entries in particular for workouts and sleep/recovery logging.
We use your CHI exclusively for the following purposes:
We use your synced and logged biometric data from third-party peripherals on your Beoflow platform. This includes:
Calculating Health Metrics: Processing your heart rate, sleep quality, and activity data to generate real-time, tailored insights into your individual health and fitness profile.
Visualizing Progress: Allowing you to track your historical data, view performance trends, and monitor your recovery over time.
We use your CHI to make Beoflow actively work for you, rather than just acting as a passive dashboard. This includes:
Tailored Recommendations: Generating personalized fitness recommendations, training adjustments, and recovery guidance based on your unique biometric profile.
AI-Powered Insights: Feeding your CHI into our AI-Powered Features (as detailed in Section 7) to deliver highly customized training programmes and interactive coaching responses. (Please note: These insights are for general fitness and wellness purposes and do not constitute medical advice).
We utilize health data to understand broader fitness trends and improve the app for everyone, while strictly protecting your individual privacy. This includes:
Aggregated Research: Compiling completely anonymized and aggregated data to conduct platform-wide analysis, scientific research, and potential publications. This data cannot be traced back to you and contains no personally identifiable information.
Algorithm Improvement: Analyzing anonymized CHI alongside usage data to refine our tracking algorithms, fix bugs, and improve the overall quality of the Service.
To ensure your absolute privacy:
No health data for advertising: We will never use your CHI to serve you targeted advertisements, nor will we sell this data to third-party ad networks or data brokers.
No unconsented sharing: Your CHI is strictly for your personal viewing unless you proactively use our features to share it with a coach, trainer, or healthcare professional (see Section 8.1.2).
Beoflow uses artificial intelligence as a core component of the Service. AI-Powered Features process your data to deliver personalised health and fitness outputs, including training programmes, insights, recommendations, and interactive chat responses.
AI-Powered Features may process your CHI, PI, and AI Interaction Data as defined in Section 3 of this Policy. This includes data you submit directly, data synced from third-party integrations, and data generated through your use of the Service over time. Previous interactions with AI-Powered Features may be used to inform and personalise subsequent responses and recommendations.
Data is processed by AI-Powered Features to deliver the core functionality of the Service. Because Beoflow is fundamentally built as an AI-driven platform, our AI-Powered Features are not an optional add-on; they are the core engine that surfaces your metrics, insights, and recommendations.
The lawful basis for this processing is the performance of the contract between you and Beoflow. Health and fitness data is classified as special category data under the GDPR, which requires a separate lawful basis beyond the standard contractual relationship. For this reason, during onboarding you are asked to provide explicit consent specifically for the processing of your health data by AI-Powered Features. This consent is separate from and in addition to your acceptance of the Terms and Conditions and this Privacy Policy. You have the absolute right to withdraw this explicit consent at any time. However, because the AI processing is inextricably linked to the core functionality of Beoflow, it is not technically possible to provide our Service without it. Therefore, withdrawing your consent for AI processing will result in the deactivation and deletion of your account (as detailed in Section 12).
To provide a continuous and contextual coaching experience, our AI-Powered Features need memory, but we adhere strictly to data minimization principles:
Ongoing context: AI Interaction Data (including chat history and onboarding inputs) is retained so the AI remembers your past preferences and progress.
Your right to erase: You have the right to clear your AI chat history or delete specific AI interactions within your user dashboard without deleting your overarching Beoflow account.
Account deletion: If you choose to permanently delete your Beoflow account, all associated AI Interaction Data is permanently erased in accordance with our retention policy (see Section 12).
We are committed to transparency regarding the capabilities and limitations of our AI systems:
Not medical advice: The AI-Powered Features are designed exclusively for general fitness, wellness, and lifestyle tracking. The AI is not a medical device, nor is it a substitute for professional medical advice, diagnosis, or treatment.
User discretion: While we strive for high accuracy, AI systems can occasionally generate incomplete or inaccurate fitness advice. We encourage you to use your own judgment, listen to your body, and consult a qualified healthcare professional before beginning any new training programme suggested by the AI.
Beoflow does not sell, rent, or trade your PI or CHI to third parties. Your data is intended solely for your personal viewing. However, to provide, secure, and improve our Service, we engage trusted third-party service providers (acting as data processors) who may be given access to your data under strict confidentiality and security agreements (Data Processing Agreements)
At Beoflow, we use secure third-party payment processors, such as Stripe, to handle all transactions. When you make a purchase, the payment processor collects and processes your personal data (name, email address, billing address) and financial information. This information is used solely for processing your payment, preventing fraud, and ensuring transaction security. Beoflow does not store your credit card or bank account information; it is securely transmitted directly to the payment processor. We encourage you to review your payment processor's privacy policy to understand how they handle your data.
Beoflow uses third-party email and support tools to manage customer service enquiries and support requests. These tools process personal information such as your name and email address for the purpose of providing you with customer support and resolving issues. Where relevant to a support case, Beoflow support staff may also access and process your CHI or other data held within the Service. If you voluntarily include CHI or other personal data in a support communication, that data will be processed through these third-party tools. Beoflow does not share your data with third parties for purposes beyond those described in this Privacy Policy.
To manage our financial records and transactions, we use third-party accounting software, such as Moneybird. These processors collect and process basic information like your name and email address. This information is used strictly for accounting purposes, including invoicing and financial reporting, and is never shared by these processors for any other purposes
We provide users with the option to integrate third-party services, such as Google Calendar, for seamless synchronization of events. When you actively choose to connect such a service, relevant data (such as event titles, times, dates, and locations) is shared between the platforms to enable this functionality. This data is used solely for ensuring your calendars are kept in sync. As these are external platforms, we recommend reviewing their respective privacy policies (e.g., Google's privacy policy) to understand how they handle your data once transferred.
To power AI-Powered Features within the Service, Beoflow uses a third-party AI infrastructure provider (“AI Infrastructure Provider”). The AI Infrastructure Provider acts as a data processor on Beoflow’s behalf, using open-source AI models to process your CHI, relevant PI, and any information submitted to AI-Powered Features solely for the purpose of generating AI outputs in response to your use of the Service.
When AI-Powered Features are used, Beoflow transmits only the strictly necessary relevant data securely to the AI Infrastructure Provider for processing. Once processing is complete, the output is returned to Beoflow.
Beoflow does not use your individual data to train AI models at any point, , and our AI Infrastructure Provider is contractually strictly prohibited from retaining your data or using it to train their own models. Beoflow may analyse AI-driven interactions for the purpose of improving the quality and relevance of the Service. Insights derived from this analysis are conceptual in nature — they are used to identify general patterns and inform improvements to the Service, not to extract or replicate individual user data. These insights are defined internally and then implemented into Beoflow’s knowledge systems. Individual user data is not shared at any stage of this process.
The AI Infrastructure Provider is based outside the European Economic Area (EEA). Beoflow ensures that any transfer of personal data to the AI Infrastructure Provider is carried out in compliance with applicable data protection law, including through the use of appropriate safeguards such as Standard Contractual Clauses and supplemental security measures to protect your data in transit and at rest.
We take the security of your Personal Information and Consumer Health Information very seriously. We implement industry-standard technical and organizational measures to ensure your data is processed securely and protected against unauthorized access, loss, or alteration.
Your data is securely stored on dedicated 3rd party hosted servers. To protect your information, we utilize a robust combination of security protocols, including:
Encryption: All data is encrypted in transit (using TLS/HTTPS protocols) between your devices and our servers, and encrypted at rest within our databases.
Access Controls: Strict, role-based access controls and authentication processes ensure that only authorized Beoflow personnel (under strict non-disclosure agreements) can access back-end infrastructure.
Continuous Monitoring: We regularly review our data collection, storage, and processing practices to guard against unauthorized system access.
While we strive to use commercially acceptable means to protect your personal data, no method of transmission over the internet or electronic storage is 100% secure.
In the event of a personal data breach, we will notify the relevant supervisory data protection authority within 72 hours of becoming aware of the incident, as required by the GDPR.
If the breach poses a high risk to your personal rights and freedoms (e.g., if unencrypted health data or passwords are compromised), we will communicate the breach to you directly and without undue delay, providing guidance on how to protect yourself.
We want to keep you informed about new features, promotions, and tips to get the most out of Beoflow, but only if you want to hear from us.
Upon account creation, you have the choice to explicitly opt-in to receive promotional communications. If you consent, we may use your basic Personal Information (PI) - such as your stated fitness interests, subscription status, or general platform usage - to tailor the marketing emails and in-app notifications we send you, ensuring they are relevant to your goals.
We draw a strict line when it comes to your sensitive biometric data: We do not use your CHI Data to profile you for targeted marketing. Furthermore, we will never sell, rent, or share your personal data with third-party advertising networks or data brokers.
You have the absolute right to change your mind and object to marketing communications at any time. You can easily opt out by:
Clicking the "unsubscribe" link located at the bottom of any promotional email we send.
Updating your push notification and email preferences directly within your Beoflow app settings.
(Please note: Even if you opt out of promotional marketing, we will still send you essential, non-promotional administrative messages regarding your account, subscription changes, or critical security updates).
Beoflow would like to make sure you are fully aware of all your data protection rights. Every user is entitled to the following:
Privacy Policies of Connected Services – The Beoflow website contains links to other websites and services. Our Privacy Policy applies only to our website and service. If you follow a link to another website, we advise you to read their privacy policy and terms of service.
If you believe Beoflow is processing your personal data in violation of the General Data Protection Regulation (GDPR), you have the right to lodge a complaint with a supervisory authority. You may contact the Data Protection Authority in your habitual residence, your place of work, or the place of the alleged infringement. For Beoflow, our lead supervisory authority is the Dutch Data Protection Authority (Autoriteit Persoonsgegevens).
We adhere to the GDPR principle of storage limitation, ensuring we only retain your Personal Information (PI) and Consumer Health Information (CHI) for as long as is strictly necessary to provide the Beoflow Service or as required by law.
Your data is retained for the term of your subscription to the Service so you can continually access your historical fitness metrics, recovery trends, and AI insights.
You do not need to delete your account to change how your data is processed. You have granular control over your data within the Beoflow app:
AI Features: You have the right to withdraw your explicit consent for the processing of your health data by our AI at any time. Because Beoflow's core service relies entirely on this AI infrastructure to function, withdrawing this consent means we can no longer provide the Service to you. You can initiate this withdrawal by requesting Account Deletion within your app settings, which will trigger the 30-day erasure process outlined below. (Note: You retain granular control over other aspects of your data)
Biometric Syncing: You can disconnect any third-party wearable or integration at any time to stop the flow of new CHI into Beoflow.
Processing Preferences: You may configure which categories of device data Beoflow processes and displays on your behalf. This includes the ability to enable or disable specific data types, and to substitute one data source for another (for example, selecting heart rate data from a Garmin device in place of data from a Polar device). These preferences can be updated at any time through your account settings and may be applied to both previously processed data and future data processing cycles.
Marketing: You can opt out of promotional emails at any time without affecting your service.12.3 The Account Deletion Process
If you choose to leave us entirely, you may request the permanent deletion of your Beoflow account at any time through the app.
Verification: When you submit a deletion request, you will receive a confirmation email to verify your intent.
30-Day Grace Period: Once confirmed, your account enters a 30-day grace period. During this time, your account is deactivated, and your profile is hidden.
Reactivation: If you change your mind during the grace period, you can simply log back into the app. You will be prompted to enter your password to verify your identity and restore your account.
Permanent Erasure: If your account is not reactivated within the 30-day window, it will be permanently deleted. At that point, your PI and all associated identifiers will be permanently erased from our servers or irreversibly anonymized (meaning the data can never again be linked to you).
Even after account deletion, we may be legally required to retain specific, limited data segments. For example, we retain financial transaction metadata (such as payment records and subscription history) for a longer period as strictly required by applicable tax, accounting, and consumer protection laws, or to resolve ongoing legal disputes. This retained data is isolated and used solely for these compliance purposes.
Beoflow keeps its Privacy Policy under regular review and places any updates on this web page. This Privacy Policy was last updated on March 2026.
Our Service does not intend to collect data from website visitors or application users who are under 16 years of age. We strongly advise parents to be involved in the online activities of their children to prevent data from being collected without parental awareness.
Because our platform processes sensitive health data and relies on AI-Powered Features, we do not accept parental consent as a substitute for the age requirement. You must be 16 or older to use Beoflow. While we implement age-screening measures, we cannot perfectly verify the exact age of every visitor. If it comes to our attention that a child under the age of 16 has provided us with personal information, we will take immediate steps to permanently delete this data from our servers as quickly as possible. If you are a parent or guardian and believe your child has created an account, please contact us at [email protected].
If you have any questions about Beoflow's Privacy Policy, the data we hold on you, or you would like to exercise any of your data protection rights, please do not hesitate to contact us via the email [email protected]
Address:
Beoflow B.V.
Dalhuysenstraat 10-50
8448 EW, Heerenveen
The Netherlands
For purposes of data protection laws, Beoflow B.V. is the data controller and representative in the European Economic Area.
