Privacy Policy
Last updated: 27 May 2026
Broon.fit is operated by Coalface Software Ltd, a company registered in the United Kingdom. This policy explains what personal data we collect, why we collect it, and your rights under UK data protection law (UK GDPR and the Data Protection Act 2018).
Who we are
The data controller for your information is Coalface Software Ltd. If you have questions about this policy or your data, contact us at privacy@broon.fit.
What data we collect
We collect the following types of information:
- Account information — your email address, password (stored in encrypted form), and subscription status.
- Profile information — details you provide during onboarding, such as your name, age, goals, training preferences, and dietary information.
- Health and wellness data — information you log or discuss with Zola, including weight, blood pressure, sleep, nutrition, training sessions, mood, and other metrics you choose to track. This is special category (sensitive) data under UK GDPR.
- Conversation history — messages you send to Zola and responses generated for you, including any images you upload in chat.
- Payment information — we do not store your full card details. Payments are processed by Stripe, which collects billing information on our behalf.
- Technical data — basic usage data such as cookies needed to keep you signed in and run the service securely.
How we use your data
We use your data to:
- Provide the Broon.fit AI health coaching service personalised to you.
- Store and display your logs, progress, and conversation history.
- Process subscriptions and manage your account.
- Improve the product, fix bugs, and keep the service secure.
- Comply with legal obligations where required.
We rely on contract (to deliver the service you signed up for) and consent (for sensitive health data you choose to share) as our legal bases. You can withdraw consent for optional processing at any time by contacting us, though this may limit what the service can do for you.
Your health data is used only for coaching purposes — to help you understand patterns, log progress, and receive tailored guidance. We do not use it for advertising, and we do not sell your data.
Who we share data with
We share data only where necessary to run the service:
- Anthropic — your messages and relevant context are sent to Anthropic's AI models to generate coaching responses. Anthropic processes this data as our processor under their terms and privacy commitments.
- Stripe — handles payment processing and related billing records.
- Infrastructure providers — we use hosting and database services that store encrypted data on secure servers.
We do not sell your personal data. We may disclose information if required by law or to protect our legal rights.
International transfers
Some of our providers (including Anthropic and Stripe) may process data outside the UK. Where this happens, we ensure appropriate safeguards are in place, such as standard contractual clauses or equivalent protections recognised under UK law.
How long we keep your data
We keep your account and health data for as long as your account is active. If you delete your account, we will delete or anonymise your personal data within a reasonable period, except where we must retain certain records for legal, tax, or fraud-prevention purposes (typically up to six years for financial records).
Conversation history and daily logs are retained while your account exists so Zola can provide continuity in your coaching. You can request earlier deletion — see your rights below.
Your rights under UK GDPR
You have the right to:
- Access — request a copy of the personal data we hold about you.
- Rectification — ask us to correct inaccurate data.
- Erasure — ask us to delete your data in certain circumstances ("right to be forgotten").
- Restriction — ask us to limit how we use your data.
- Portability — receive your data in a structured, machine-readable format where applicable.
- Object — object to processing based on legitimate interests in certain cases.
- Withdraw consent — where we rely on consent, you may withdraw it at any time.
To exercise any of these rights, email privacy@broon.fit. We will respond within one month. You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk.
Cookies
We use essential cookies to keep you signed in and maintain session security. These are necessary for the service to work and do not require separate consent. We do not use advertising or third-party tracking cookies. If we introduce optional analytics cookies in future, we will ask for your consent first.
Security
We take reasonable technical and organisational measures to protect your data, including encryption in transit, secure password hashing, and access controls. No online service can guarantee absolute security, but we work to minimise risk.
Children
Broon.fit is not intended for anyone under 18. We do not knowingly collect data from children. If you believe a child has created an account, please contact us and we will delete it.
Changes to this policy
We may update this policy from time to time. We will post the new version on this page and update the date above. Significant changes may also be notified by email where appropriate.
Contact
Coalface Software Ltd — privacy@broon.fit