Privacy Policy

Last updated: 14 February 2026

1. Introduction

ActivityScore ("we", "us", "our") is committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, store, and share your information when you use the ActivityScore mobile application and website (together, the "Service").

We are the data controller for the purposes of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This policy has been prepared in accordance with UK data protection law.

2. Information We Collect

2.1 Information You Provide

  • Account Information: Name, email address, and password when you create an account.
  • Waitlist Information: Email address when you sign up for our waitlist.
  • Activity Data: Exercise type, duration, time, and calories when you manually log activities.
  • Profile Information: Optional details such as age, weight, height, and fitness goals.

2.2 Information Collected Automatically

  • Health & Fitness Data: With your explicit consent, we sync data from Apple Health, Google Fit, Fitbit, and other connected services, including steps, sleep duration, and calorie data.
  • Usage Data: How you interact with the Service, including features used, time spent, and app performance data.
  • Device Information: Device type, operating system, unique device identifiers, and mobile network information.

2.3 Cookies and Similar Technologies

Our website uses strictly necessary cookies and, with your consent, analytics cookies to understand how visitors use our site. You can manage cookie preferences through your browser settings. We do not use advertising or tracking cookies.

3. Lawful Basis for Processing

Under UK GDPR, we process your personal data on the following lawful bases:

  • Contract: Processing necessary to provide you with the Service (Article 6(1)(b)).
  • Consent: Where you have given explicit consent, particularly for health data processing and marketing communications (Articles 6(1)(a) and 9(2)(a)).
  • Legitimate Interests: To improve our Service, ensure security, and prevent fraud (Article 6(1)(f)).
  • Legal Obligation: Where processing is required to comply with applicable UK law (Article 6(1)(c)).

4. Special Category Data

Health and fitness data is classified as special category data under UK GDPR. We only process this data with your explicit consent, which you provide when connecting health services to ActivityScore. You can withdraw this consent at any time by disconnecting the health service in your app settings.

5. How We Use Your Information

We use your personal data to:

  • Calculate and display your ActivityScore based on sleep, steps, sunlight, and nutrition data.
  • Provide personalised insights and recommendations to help you improve your health.
  • Enable features such as challenges, exercise tracking, and progress monitoring.
  • Send you service-related communications (account verification, updates, security alerts).
  • Send marketing communications where you have opted in (you can unsubscribe at any time).
  • Analyse aggregated, anonymised data to improve the Service.

6. Data Sharing and Disclosure

We do not sell your personal data. We may share data with:

  • Service Providers: Trusted third parties who help us operate the Service (hosting, email delivery, analytics), bound by data processing agreements.
  • Health Platform Providers: Apple Health, Google Fit, or Fitbit when you choose to sync data, in accordance with their respective privacy policies.
  • Legal Requirements: Where required by law, court order, or to protect our legal rights.

We do not transfer personal data outside the UK unless adequate safeguards are in place, such as Standard Contractual Clauses or an adequacy decision by the UK Secretary of State.

7. Data Retention

We retain your personal data only for as long as necessary to provide the Service and fulfil the purposes described in this policy:

  • Account data: Retained while your account is active and for 30 days after deletion request.
  • Health & activity data: Retained while your account is active. Deleted within 30 days of account deletion.
  • Waitlist data: Retained until the Service launches or you unsubscribe, whichever is earlier.
  • Usage analytics: Aggregated and anonymised data may be retained indefinitely for service improvement.

8. Your Rights Under UK GDPR

You have the following rights:

  • Right of Access: Request a copy of your personal data (Subject Access Request).
  • Right to Rectification: Request correction of inaccurate data.
  • Right to Erasure: Request deletion of your personal data ("right to be forgotten").
  • Right to Restrict Processing: Request that we limit how we use your data.
  • Right to Data Portability: Receive your data in a structured, machine-readable format.
  • Right to Object: Object to processing based on legitimate interests or for direct marketing.
  • Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent.

To exercise any of these rights, please contact us at privacy@activityscore.co.uk. We will respond within one month of receiving your request, as required by UK GDPR.

9. Data Security

We implement appropriate technical and organisational measures to protect your personal data, including:

  • Encryption of data in transit (TLS) and at rest.
  • Secure authentication and access controls.
  • Regular security assessments and monitoring.
  • Staff training on data protection and confidentiality obligations.

10. Children's Privacy

The Service is not intended for children under 13 years of age. We do not knowingly collect personal data from children under 13. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via email or an in-app notification. The "Last updated" date at the top of this page indicates when the policy was last revised.

12. Complaints

If you are unhappy with how we handle your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

13. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us: