Privacy Policy

1. Information We Collect

We collect information you provide directly to us when you create an account or use Broco:

Account information — your name, email address, and password (stored as a bcrypt hash).
Health data — steps, sleep, heart rate, active energy, and other metrics you log manually or sync from Apple Health.
Meal data — food entries and calorie information you record.
Usage data — pages visited, features used, and timestamps (stored server-side in logs, not sold).

2. How We Use Your Information

We use the information we collect to:

Provide, maintain, and improve Broco's features.
Generate your personal health reports and streaks.
Send transactional emails (e.g., password reset links). We do not send marketing emails without your explicit consent.
Diagnose bugs and monitor application performance.

3. Data Storage and Security

Your data is stored in MongoDB Atlas (AWS, ap-south-1 region). We use bcrypt to hash passwords and TLS in transit for all API calls. We do not store your Apple Health credentials — sync is performed locally on your device.

While we implement reasonable security measures, no system is 100% secure. Please use a strong, unique password for your Broco account.

4. Data Sharing

We do not sell, trade, or rent your personal information. We may share data only in these limited cases:

Service providers — infrastructure providers (MongoDB Atlas, hosting) that process data on our behalf under strict agreements.
Legal requirements — if required by law, court order, or to protect the rights and safety of our users.

5. Your Rights

You have the right to:

Access the personal data we hold about you.
Request correction of inaccurate data.
Request deletion of your account and associated data.
Export your health data in a machine-readable format.

To exercise any of these rights, email us at [email protected]. We will respond within 30 days.

6. Cookies

Broco uses a single session cookie for authentication. We do not use tracking cookies or third-party advertising cookies. See our Cookie Settings page for details.

7. Children's Privacy

Broco is not directed at children under 13. We do not knowingly collect personal information from anyone under 13. If you believe we have inadvertently collected such information, please contact us and we will delete it promptly.

8. Changes to This Policy

We may update this policy from time to time. We will notify you of material changes by updating the "Last updated" date above. Continued use of Broco after changes constitutes acceptance of the updated policy.

9. Contact

Questions about this policy? Reach us at our contact page or directly at [email protected].