← Back to home

Last updated: 15 January 2026

BodyFit | Social Privacy Policy

As Orlikon LLC, within the services we provide via the BodyFit | Social app and the bodyfit.social domain, we process user data in compliance with KVKK, GDPR, and Apple App Store guidelines. This policy explains what data we collect, how we use it, and your rights.

Data we collect

While using the app, data you provide or that is generated during usage is collected in the categories below. We aim to avoid collecting unnecessary data.

  • Identity and profile: First name, last name, date of birth, profile photo, optional verification details.
  • Contact: Email address, phone number (if any), and support requests.
  • Activity: Workout logs, missions, league participation, badges, and in-app interactions.
  • Device and diagnostics: Device model, operating system, language/region, and error logs.
  • Payments: Transaction identifiers created via Apple In-App Purchase (we do not store credit/debit card details).

Purposes of processing

Personal data is processed for the purposes below based on legal grounds under KVKK Art. 5/2 and GDPR Article 6:

  • Creating and managing accounts and providing services.
  • Running league, scoring, badging, and reward processes.
  • Community safety and prevention of abuse.
  • Important system notifications and product updates (legitimate interest).
  • Anonymized diagnostics and error analysis to improve performance.

Tracking and advertising policy

BodyFit | Social does not track users across apps or websites. Collected data is not used for third-party advertising, marketing, or behavioral tracking, and is not shared for such purposes.

Sharing of data

Personal data is only shared in the limited cases below:

  • With your explicit consent, limited sharing with partner gyms only for organizing events, leagues, and rewards.
  • With providers we use for payment, infrastructure, and consulting services as required contractually.
  • Legally binding requests from authorized public authorities.

Data storage

Data is stored securely on infrastructures compliant with ISO 27001.

In-app data usage

Some collected data is associated with your user account (e.g., profile and league data). Diagnostics and performance data is used anonymously or de-identified and cannot be linked to an individual user.

Your rights

Under KVKK Art. 11 and GDPR, you have the following rights:

  • Access, correct, and delete personal data.
  • Restrict processing or object to it.
  • Withdraw consent.
  • Request data portability.
  • Lodge a complaint with the relevant data protection authority.

Children's privacy

BodyFit | Social is not intended for children under 13. We do not knowingly collect personal data from users under 13.

Data retention periods

Core profile and league history is stored as long as your account is active. When an account is closed, data is deleted within 90 days. Financial records may be retained for 10 years as required by law. Anonymous analytics data cannot be linked to identity.

For privacy requests, contact us at contact@bodyfit.social. Requests are answered within 30 days at the latest.