Overview

Last updated: [22 January 2026]

This Privacy Policy (the “Policy”) sets out how Digital Wellness Solutions OÜ, operating the BodyBet platform (“BodyBet”, “we”, “us”, or “our”) collects, uses, discloses, stores, and otherwise processes personal data in connection with the operation of its website, mobile applications, and related services (collectively, the “Platform”).

This Policy forms an integral part of the Terms and Conditions of Use (the “Terms”). Capitalised terms not defined in this Policy have the meanings given to them in the Terms.

By accessing or using the Platform, you acknowledge that you have read and understood this Policy. If you do not agree with this Policy, you must not access or use the Platform.

1. DATA CONTROLLER

For the purposes of Regulation (EU) 2016/679 (the General Data Protection Regulation or “GDPR”), the UK GDPR, and other applicable data protection laws, the data controller is:

Digital Wellness Solutions OÜRuunaoja tn 3, 11415 Tallinn, EstoniaEmail: info@bodybet.eu

2. SCOPE OF APPLICATION

This Policy applies to the processing of personal data in connection with:

access to and use of the Platform;

creation and management of user accounts;

participation in Challenges and other interactive features;

communications with BodyBet; and

payments, payouts, and related transactions.

This Policy does not apply to third-party websites, applications, or services that are not owned or controlled by BodyBet, even if they are accessible via links on the Platform.

3. CATEGORIES OF PERSONAL DATA

3.1 Personal Data Provided by Users

BodyBet may process personal data that users voluntarily provide in connection with their use of the Platform, including:

(a) identification and contact details, such as name, email address, and username;

(b) account credentials and preferences, including login information and user settings;

(c) information relating to internal account activity and non-monetary metrics within the user’s account, including records of BB Points earned, used, forfeited, or otherwise reflected in the user’s account, as well as internal engagement and status indicators such as the BB Stage;

(d) communications with BodyBet, including support requests, inquiries, and other correspondence;

(e) challenge-related information, including height, weight, progress updates, and verification materials submitted for the purpose of verifying compliance with challenge rules, such as photographs or video recordings;

(f) identification and verification information provided for the purpose of processing payouts, complying with applicable legal or regulatory requirements, or preventing fraud, which may include copies of government-issued identification documents; and

(g) other content submitted through the Platform, including posts, comments, messages, photographs, and other user-generated content.

Certain categories of personal data may be required in order to access, use, or participate in specific features, challenges, or payout-related processes available on the Platform.

3.2 Personal Data Collected Automatically

When users access or use the Platform, BodyBet may automatically collect certain technical and usage-related data, including:

IP address and approximate location data derived therefrom;

device identifiers, operating system, browser type, and similar technical information; and

usage data, log files, timestamps, and information relating to interactions with the Platform.

Such data is processed for the purposes of ensuring security, maintaining functionality, preventing abuse or unauthorised use, and improving the performance and reliability of the Platform.

3.3 Payment and Transaction Data

Payments and payouts made through the Platform are processed by independent third-party payment service providers.

BodyBet does not store full payment card details. Payment-related personal data is processed by such providers in accordance with their own privacy policies and applicable law.

4. PURPOSES AND LEGAL BASES FOR PROCESSING

BodyBet processes personal data only where a lawful basis exists under applicable data protection laws, including the GDPR, the UK GDPR, and, where applicable, other data protection and privacy laws in the jurisdictions in which users are located.

Personal data may be processed for the following purposes and on the following legal bases:

to create and manage user accounts and provide access to the Platform, on the basis of performance of a contract;

to enable participation in challenges and other interactive features of the Platform, on the basis of performance of a contract;

to process participation fees, payouts, and related transactions, on the basis of performance of a contract and, where applicable, compliance with legal or regulatory obligations;

to provide customer support and communicate with users regarding their accounts or use of the Platform, on the basis of performance of a contract;

to ensure the security, integrity, and proper functioning of the Platform, including fraud prevention and enforcement of the Terms, on the basis of BodyBet’s legitimate interests;

to analyse use of the Platform, calculate internal engagement or participation metrics (such as BB Stage), and improve functionality, integrity, and user experience, on the basis of BodyBet’s legitimate interests and, where required by law, user consent;

to send marketing and promotional communications, where permitted by law and subject to user consent; and

to comply with applicable legal obligations.

Where processing is based on consent, consent may be withdrawn at any time without affecting the lawfulness of processing carried out prior to withdrawal.

Internal engagement or participation indicators, including BB Stage, are used solely for informational, organisational, and platform integrity purposes and do not constitute financial data, automated decision-making with legal effect, or profiling within the meaning of applicable data protection laws.

5. COOKIES AND SIMILAR TECHNOLOGIES

The Platform uses cookies and similar technologies to ensure proper functionality and to enhance user experience.

Cookies are small text files placed on a user’s device when accessing the Platform.

5.1 Categories of Cookies

Strictly necessary cookies, which are essential for the operation and security of the Platform and cannot be disabled;

Analytics cookies, which are used to analyse use of the Platform and improve performance, and are used only with the user’s prior consent; and

Marketing cookies, which are used to measure marketing effectiveness or deliver relevant content, and are used only with the user’s prior consent.

Cookies may be set either by BodyBet or by third-party service providers whose services are used on the Platform.

5.2 Consent and Control

Users are presented with a cookie banner on first access to the Platform, allowing them to accept all cookies, reject non-essential cookies, or manage preferences. Consent may be withdrawn or modified at any time through cookie settings or browser controls.

Further information is available in the Cookie Policy.

6. DISCLOSURE OF PERSONAL DATA

BodyBet may disclose personal data:

to service providers acting on its behalf for hosting, analytics, customer support, marketing, and payment processing, subject to appropriate contractual safeguards;

to verification partners or authorised moderators involved in Challenge integrity and verification, solely for the purpose of administering and verifying Challenges, and subject to appropriate safeguards;

where required to comply with legal obligations or lawful requests by public authorities;

where necessary to protect the rights, property, or safety of BodyBet, users, or others; and

in connection with a merger, acquisition, reorganisation, or sale of assets, subject to applicable data protection laws.

Information disclosed by users in public or community areas of the Platform (where such features are enabled) may be visible to other users.

7. INTERNATIONAL DATA TRANSFERS

Personal data may be transferred to and processed in countries outside the European Economic Area or the United Kingdom.

Where such transfers occur, BodyBet ensures that appropriate safeguards are in place and relies on lawful transfer mechanisms under applicable data protection laws, including adequacy decisions adopted by competent authorities, Standard Contractual Clauses, or other legally recognised transfer mechanisms.

8. DATA RETENTION

Personal data is retained only for as long as necessary for the purposes for which it was collected, including compliance with applicable legal, accounting, regulatory, and contractual obligations.

8.1 Account dataPersonal data relating to user accounts is retained for the duration of the user’s account. Following account closure, such data is retained only to the extent necessary to comply with legal obligations, enforce the Terms, prevent fraud or abuse, or resolve disputes.

8.2 Challenge participation and verification dataPersonal data relating to participation in Challenges, including weigh-in materials, verification videos, photographs, and related metadata, is retained only for as long as necessary to:(a) administer and verify Challenges;(b) resolve disputes, audits, or appeals;(c) enforce the Terms and applicable Challenge rules; and(d) comply with legal or regulatory requirements.

Such data is not retained indefinitely and is deleted or anonymised once it is no longer required for the above purposes.

8.3 BB Points and participation recordsRecords relating to BB Points, Challenge participation, rewards, forfeitures, and payout eligibility are retained for accounting, audit, fraud-prevention, and compliance purposes, and in accordance with applicable statutory limitation periods.

8.4 Transaction and payout dataPayment- and payout-related personal data is retained as required under applicable financial, tax, anti-money laundering, and fraud-prevention laws, as well as to comply with obligations imposed by payment service providers.

8.5 Marketing dataPersonal data processed for marketing or promotional communications is retained until the user withdraws consent or until such data is no longer required for the stated purpose.

8.6 Analytics and technical dataTechnical, usage, and analytics data is retained in aggregated or anonymised form where feasible and for as long as necessary to ensure the security, performance, and reliability of the Platform.

8.7 Legal claimsPersonal data may be retained for longer periods where necessary to establish, exercise, or defend legal claims, or where retention is required by mandatory applicable law.

9. DATA SUBJECT RIGHTS (EU AND UK USERS)

Subject to the conditions and limitations set out in applicable data protection laws, users have the right to:

request access to their personal data;

request rectification of inaccurate or incomplete personal data;

request erasure of personal data;

request restriction of processing or object to the processing of personal data;

receive their personal data in a structured, commonly used, and machine-readable format and, where applicable, request data portability; and

withdraw consent at any time, where processing is based on consent.

Requests to exercise these rights may be submitted to info@bodybet.eu. Users also have the right to lodge a complaint with a competent supervisory authority in their place of residence, place of work, or place of the alleged infringement.

Withdrawal of consent does not affect the lawfulness of processing carried out prior to such withdrawal.

10. PRIVACY RIGHTS OF UNITED STATES USERS

Depending on the user’s state of residence and to the extent applicable under relevant state privacy laws, users in the United States may have the right to request access to, correction of, or deletion of their personal data, and to opt out of certain forms of data processing, such as targeted advertising.

BodyBet does not sell personal data in exchange for monetary consideration. Requests to exercise applicable rights may be submitted to info@bodybet.eu and will be handled in accordance with applicable law.

11. CHILDREN’S DATA

The Platform is intended solely for individuals who are eighteen (18) years of age or older. BodyBet does not knowingly collect or process personal data relating to minors.

If BodyBet becomes aware that personal data of a minor has been collected in violation of this Policy, such data will be deleted without undue delay.

12. SECURITY

BodyBet implements appropriate technical and organisational measures designed to protect personal data against unauthorised or unlawful access, loss, alteration, or misuse, taking into account the nature of the data and the risks associated with its processing. However, no method of transmission or storage can guarantee absolute security.

13. AMENDMENTS

BodyBet may amend this Policy from time to time. Any material changes will be communicated through the Platform or by other appropriate means.

Amendments to this Policy will take effect upon publication, unless stated otherwise. Continued use of the Platform after the effective date of an amended Policy constitutes acceptance of such amendments. If you do not agree with the amended Policy, you should discontinue use of the Platform.

14. CONTACT

Questions regarding this Policy or BodyBet’s data practices may be directed to:

info@bodybet.eu