Last updated: 09.21.2025

Version: 1.01

This Privacy Policy (“Policy”) describes how we collect and process your data through https://www.behard.co/ website or 75 Days Challenge app available at https://apps.apple.com/us/app/75-days-challenge-tough-soft/id6450723685 (together, the “Site(s)”). The terms “BeHard”, “we”, “us”, “our” and “ourselves” refer to BeHard, Inc., a legal person registered under the laws of the United States of America.

We are committed to safeguarding the privacy of our users. We are not going to misuse your data.

Controller details:

BeHard, Inc.

Registered address: 574 45th Ave, San Francisco

Contact email address: help@behard.co

Categories of personal data we collect

Identity, account, and contact data

This category includes the personal details you provide when creating or managing your account, as well as contact information for communication purposes. We collect your name and surname to personalize your experience, enable social features such as friend invites, and for legal identification purposes. Your email address is used as a login credential, for password recovery, and for both transactional and marketing communications. The password you set secures your account from unauthorized access. Additionally, your phone number is used for sign-up or login processes, such as two-factor authentication and account recovery. We may also collect the names and numbers of your phone contacts to help you find friends or invite others to participate in challenges.

Location and device data

This category includes information related to your device, location, and connectivity to personalize your experience, improve service performance, and enforce geo-restrictions like subscription pricing. We collect your location data to provide time-zone based reminders, detect fraud, and optimize content delivery. We also collect information about your phone carrier for diagnostics, user segmentation, and fraud protection. Device-specific data such as the model, operating system version, language or locale settings, and time zone are collected to improve the user experience, troubleshoot app issues, and ensure compatibility.

User content, activity, and health data

This category encompasses the content you generate and health-related data to track progress and personalize your experience within the service. We collect images and videos that you share to enable community features, track visual progress (such as transformation photos), and create a social feed. Activity data, such as the type, duration, and intensity of your workouts, helps us personalize fitness plans and measure challenge progress. We also gather health-related data such as your weight, height, body mass index (BMI), and body-fat percentage to create customized fitness goals and track physical progress. We collect your daily step count, heart rate, and VO₂ max to provide integrated fitness tracking and health insights. We collect your birthday, gender, and age to provide age-appropriate content, segment demographics, and personalize the user experience. Additionally, we collect details about your meal logs, macro-nutrient intake, and water consumption to offer nutritional recommendations based on your goals. The metadata associated with your progress photos, including timestamps and EXIF data, is collected to prevent tampering and display a historical timeline. Depending on the service you engage with, we may collect other health-related data like sleep data and stress levels to offer tailored guidance or coaching.

Advertising, analytics, and behavioral data

This category includes data used for advertising, marketing campaigns, user behavior analysis, and product improvement. We collect ads identifiers such as mobile advertising IDs (like IDFA and GAID) to track ad installs, measure marketing effectiveness, and retarget users. We also use A/B test cohort assignments to improve the product through controlled experiments. Click-stream and screen-flow events are tracked to understand user behavior, analyze user experience, and gather feature usage statistics. Additionally, session length and first- or last-active timestamps are collected to analyze user engagement and support lifecycle campaigns.

Network and device diagnostics data

This category includes technical data that helps diagnose performance issues, secure the platform, and enhance overall service. We collect your IP address for security purposes, fraud detection, and geolocation. Push-notification tokens are collected to deliver reminders, updates, and progress alerts. Device diagnostics, such as screen resolution, available storage, CPU/memory usage, and crash logs or stack traces, are collected to ensure app compatibility, troubleshoot crashes, and optimize the app’s stability and performance. We also monitor network type (Wi-Fi or cellular) and signal strength to optimize streaming and troubleshoot connectivity issues.

Additional data and communication

This category includes additional data that may be collected for service enhancement, legal compliance, and communication between you and our support team. We collect referral codes to track user referrals and reward system participation. Any communication between you and our customer support team, including inquiries and feedback, is processed to assist you and improve our service.

Sources of personal data

We obtain personal data from such sources:

Data subjects themselves: users of the Sites.
Third-party sources: ad networks and marketing platforms, your devices and connected applications.

What are the purposes and legal bases for processing your personal data?

We collect and utilize your data primarily to provide our services, improve the quality of our services, and continuously enhance them. Additionally, we aim to better understand our customers’ needs and attract new users. Below is a breakdown of how we use your personal data and the legal basis for its processing.

Purpose of processing	Description and examples	Categories of personal data	Lawful basis
To provide our services and administer your account	This includes verifying your identity, email verification, enabling you to access and use our services seamlessly, and addressing any technical issues. We also customize your experience by adjusting content to suit your personal preferences (e.g., personalized meal plans, or tailored workout plans). Additionally, we respond to your requests for customer or technical support, including troubleshooting and helping you with any queries. For this purpose, we may send you notifications related to services performance, security, and updates.	All categories of personal data	Performing our contract with you (Art. 6.1(b) GDPR); explicit consent (Art. 9.2(a) GDPR) if the data relates to a special category of personal data; legitimate interest (Art. 6.1(f) GDPR)
To enhance user experience and personalize content	We customize your experience by tailoring content such as personalized nutrition or fitness plans. For example, you may get access to a nutrition plan containing only vegetarian products or a fitness plan based on your progress.	Health & challenge data (e.g., weight, height, age, workout data)	Consent (Art. 6.1(a) GDPR); explicit consent (Art. 9.2(a) GDPR) for special categories of data.
To improve our services and conduct analytics	We process your data to improve the functionality, usability, and performance of our platform. This includes analyzing user behavior, performing A/B testing, identifying bugs, and enhancing product features.	User content & activity data, behavioral analytics data	Legitimate interest (Art. 6.1(f) GDPR)
To manage advertising and marketing campaigns	We collect data to evaluate and optimize our advertising efforts, including measuring the performance of our ads, retargeting users, and analyzing marketing effectiveness. We use mobile advertising IDs to track ad installs and assess user acquisition costs.	Advertising & analytics data (e.g., ads identifiers, mobile ad ID)	Consent (Art. 6.1(a) GDPR)
To provide customer support and address inquiries	We process your personal data to address any support or service-related inquiries, manage technical issues, and respond to customer feedback. This includes accessing your account to resolve issues and providing personalized assistance based on your interactions with the services.	Identity & account data, communication data	Performing our contract with you (Art. 6.1(b) GDPR); legitimate interest (Art. 6.1(f) GDPR)
To ensure compliance and legal obligations	We may collect and process certain personal data to comply with legal obligations, ensure the safety and security of our platform, and protect the rights of users and the company. This may involve responding to legal requests or ensuring regulatory compliance.	Identity & account data	Legal obligation (Art. 6.1(c) GDPR)
To facilitate referrals and reward programs	We process referral information to allow users to invite friends and share the service’s features. This helps us track and reward referrals while enhancing user engagement.	Identity & account data	Performing our contract with you (Art. 6.1(b) GDPR)

Retention of your information

We will store your information for as long as you have an active account with us. We will delete or anonymise the information collected from you after 2 years of inactivity, unless you explicitly ask us to delete the information earlier.

However, we may need to retain some of your personal data for longer if there is a need for it, for example, in order to comply with our tax, accounting and legal requirements. In this case, the applied legal basis for the processing of your information will be the necessity to comply with a legal obligation.

Third-party access to information

Your personal information may be shared with the following third parties:

analytics and tracking services;
monetisation and subscription management tools;
advertising and marketing platforms;
app distribution and stores;
customer engagement and communication tools;
cloud and hosting services;
video and media streaming services.

The providers listed above process your information based on our instructions only.

In case your personal data is provided to third parties outside the EEA, we will implement appropriate safeguards to protect your personal data, including Standard Contractual Clauses as adopted by the European Commission. Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA.

Other disclosures

In addition to the disclosures for the purposes identified before, we may disclose information about you for the following purposes:

law enforcement, legal process and compliance: if we are required to do so by law, in connection with any legal proceedings or to establish, exercise or defend our legal rights, or in the good-faith belief that such action is necessary to comply with applicable laws, in response to a facially valid court order, judicial or other government subpoena or warrant, or to otherwise cooperate with law enforcement or other governmental agencies. We also reserve the right to disclose personal data or other information that we believe, in good faith, is appropriate or necessary to: (i) take precautions against liability; (ii) protect ourselves or others from fraudulent, abusive, or unlawful uses or activity; (iii) investigate and defend ourselves against any third-party claims or allegations; (iv) protect the security or integrity of our services and any facilities or equipment used to make our services available; or (v) protect our property or other legal rights, enforce our contracts, or protect the rights, property, or safety of others;
change of ownership or other business needs: (i) in case we sell, licence or otherwise assign our company, corporate rights, the Sites or their separate parts or features to third parties; (ii) as part of a transaction, financing, or for other business needs (e.g., if we need to disclose your personal data to the prospective lender or bank, investor or prospective investor, and/or their professional advisers as part of certain due diligence processes, as the case may be); (iii) we may also disclose and otherwise transfer your personal data to an acquirer, successor or assignee as part of any merger, acquisition, debt financing, sale of assets, or similar transaction, as well as in the event of an insolvency, bankruptcy, or receivership in which information is transferred to one or more third parties as one of our business assets and only if the recipient of the information commits to a privacy policy that has terms substantially consistent with this Policy.

Your rights

You may exercise GDPR rights regarding your personal data. In particular, you have the right to:

The right to access your information.

You have the right to know what personal data we process. As such you can obtain the disclosure of the personal data involved in the processing and you can obtain a copy of the information undergoing processing.

The right to verify your information and seek its rectification.

If you find that we process inaccurate or out-of-date information, you can verify the accuracy of your information and/or ask for it to be updated or corrected;

The right to have your personal data deleted.

If we are not under the obligation to keep your personal data for legal compliance and it is not needed in the scope of an active contract or claim, we will remove your information upon your request. You are able to delete your personal data and user account by navigating to the profile section and select the “Delete Account” option.

The right to restrict the processing of your information.

When you contest the accuracy of your information, believe we process it unlawfully or want to object to the processing, you have the right to temporarily stop the processing of your information to check if the processing was consistent. In this case, we will stop processing your personal data (other than storing it) until we are able to provide you with evidence of its lawful processing.

The right to have your personal data transferred to another organisation.

Where we process your personal data on the legal basis of consent you provided us or on the necessity to perform a contract, we can make, at your request, your personal data available to you or to an organisation of your choosing.

The right to object against the processing of your information.

If we process your information for our legitimate interests (e.g., for direct marketing emails or for our marketing research purposes), you can object to it. Let us know what you object against and we will consider your request. If there are no compelling interests for us to refuse to perform your request, we will stop the processing for such purposes. If we believe our compelling interests outweigh your right to privacy, we will clarify this to you.

You can formulate such requests or channel further questions on data protection by contacting us directly at help@behard.co or through the Intercom chat feature within the app.

If you believe that our use of personal information violates your rights, or if you are dissatisfied with a response you received to a request you formulated to us, you have the right to lodge a complaint with the competent data protection authority of your choice.

Security of information

We will take all necessary measures to protect your information from unauthorised or accidental access, destruction, modification, blocking, copying, and distribution, as well as from other illegal actions of third parties. As we use the services of third-party software providers across several countries outside of the European Union, we may transfer the collected information to those countries for further processing. In such cases, we will make sure that relevant safeguards are in place. More information on such safeguards can be provided upon request.

We also make sure that access to your information stored in our database is only possible via a secure and closed VPN connection. Additionally, all communications exposed to the internet are TLS encrypted to provide the highest level of communications security.

Changes to this Policy

We may update this Policy from time to time by posting a new version on our Sites. We advise you to check this page occasionally to ensure you are happy with any changes. However, we will endeavour to provide you with an announcement about any significant changes.