Privacy Policy

BeWell IT Limited ("we", "our", "us", or "BeWell IT"), company number 16095961, registered in England and Wales, is committed to protecting your privacy. This Privacy Policy explains our practices regarding the handling of information when you use our ESRT StrongMind mobile application ("App").

1. Information We Collect

Our App collects:

• Account Information: Email address and display name when you create an account
• Wellness Data: Mood logs, journal entries, and activity tracking data you choose to record
• Usage Information: How you interact with the App to improve user experience
• Device Information: Device type, operating system version, and app version for technical support
• Content Data: For teachers and administrators only - educational content and program materials you create or manage

Our App does NOT collect:

• Location data
• Contacts
• Camera/photo access
• Financial information
• Government identifiers

Website Analytics:

This website (esrt.bewellit.com) uses Google Analytics 4 in cookieless mode to understand how visitors use the site. No tracking cookies are set and no personally identifiable information is collected. We collect anonymised data including pages visited, approximate geographic region (derived from IP address), device type, and referral source. This data is not shared with advertisers.

Guest/Anonymous Access:

Our App offers guest access for certain wellness programs, allowing you to participate without creating a full account. When using guest access:

• We do NOT collect your email address, name, or any other identifying information
• A randomly generated anonymous user ID is created to store your progress
• Your wellness data (mood logs, journal entries, activity tracking) is stored using this anonymous ID
• We collect the same usage and device information as described above

Data Retention for Guest Accounts:

• Guest accounts inactive for 6 months may be automatically deleted along with all associated data
• You may upgrade to a full account at any time by providing an email address and password; your existing data and progress will be preserved

Community & Messaging Features:

Our App includes community features that allow you to connect with other users and your course community. When using these features, we collect:

• Direct Messages: Text and voice messages sent between you and other users. Only you and the recipient can view direct messages
• Course Board Messages: Messages posted to course-specific community boards, visible to all members enrolled in that course
• Voice Messages: Audio recordings (up to 5 minutes) sent via direct or course board messaging, using your device's microphone with your permission
• Contact Relationships: Friend/contact requests and their status (pending, accepted, or blocked)
• Message Metadata: Timestamps, sender and recipient identifiers

Message Retention: All messages (text and voice) are automatically deleted after 90 days. You may also delete individual messages at any time.

Your Rights as a Guest User:

• You retain all rights described in Section 10, though some (such as data portability) may be limited without an email address to verify your identity
• To exercise your rights or delete your guest account, please contact us at privacy@bewellit.com with your anonymous user ID (found in the app's Account screen)

2. How We Use Your Information

We use the information we collect to:

• Provide and maintain the App's core functionality
• Enable secure authentication and account management
• Store and synchronize your wellness data across devices
• For teachers/administrators: Manage educational content and monitor program usage
• Improve our services and user experience
• Comply with legal obligations

3. Artificial Intelligence Features

AI Support and Course Assistant (All Users)

The App includes AI-powered chat assistants that use Google Gemini to help you:

• Support Assistant: Answers questions about using the App, based on our support documentation
• Course Assistant: Answers questions about your course content and activities

When you use these features, your chat messages are sent to Google's Gemini API for processing. You will be asked to provide consent before first use, and the feature clearly discloses this data sharing within the App.

What is sent to Google Gemini:

• Your chat messages and recent conversation history (up to 20 messages)
• Relevant support documentation or course content retrieved to answer your question
• No personal account information, wellness data, or identifying details are included

AI-Powered Insights (Teachers and Administrators Only)

AI-powered analytics insights using Google Gemini are:

• Only available to teachers and administrators (not general users)
• Only activated upon specific request (AI features are disabled by default)
• Used to analyse anonymised programme usage patterns and generate insights about overall wellness trends

AI Data Handling:

• Chat messages are processed by Google Gemini in real time and are not stored by Google for model training
• Analytics data is anonymised before any AI processing
• AI insights are generated on-demand only
• You can request deletion of any AI-generated insights
• All AI features can be disabled or declined at any time

4. Legal Basis for Processing (UK GDPR)

We process your personal data based on:

• Consent: For creating an account and storing wellness data
• Legitimate interests: For app functionality, security, and service improvement
• Legal obligations: For compliance with applicable laws
• Vital interests: In emergency situations as permitted by law

5. Data Storage and Security

Firebase Implementation:

• All data is encrypted in transit and at rest
• Stored securely on Google Firebase servers
• Real-time synchronization with offline capability
• Regular security audits and updates
• Access controls and authentication measures

Security Measures:

• Industry-standard encryption protocols
• Secure authentication through Firebase Auth
• Regular security assessments
• Incident response procedures
• Limited access to personal data (need-to-know basis)

6. Third-Party Services and Data Processors

We work with the following service providers:

• Google Firebase: Authentication, data storage, and real-time synchronization
• Google Cloud Platform (Gemini AI): AI-powered support and course assistants (all users), and analytics insights (teachers/administrators only)
• Firebase Crashlytics: Crash reporting and app stability monitoring (collects anonymous crash data and device information in release builds only; no personal data or health information is included)

All third-party processors are bound by data processing agreements ensuring GDPR compliance.

7. International Data Transfers

Your data may be transferred to and processed in countries outside the UK/EEA, including the United States where our service providers' servers are located. We ensure appropriate safeguards through:

• Standard Contractual Clauses (SCCs) with all processors
• Technical and organizational security measures
• Data Processing Agreements requiring GDPR-equivalent protection

8. Data Retention

We retain your data for the following periods:

• Account information: Duration of your account; upon account deletion, your personal data is removed immediately
• Wellness data: As long as you maintain an account, or until you delete specific entries
• AI-generated insights (teachers/admins): Until manually deleted or 2 years, whichever is sooner
• Community messages: Automatically deleted after 90 days
• Crash reports: Retained for up to 90 days for stability analysis
• Anonymized analytics: May be retained indefinitely for service improvement

9. Age Restrictions

• Our App is intended for users aged 16 and above
• By creating an account, you confirm you are at least 16 years old
• If we learn that we have inadvertently collected information from anyone under 16, we will promptly delete such information
• Educational institutions using our App must ensure appropriate consent for any minor users

10. Your Rights

Under UK GDPR and applicable US state privacy laws, you have the right to:

• Access your personal data
• Rectify inaccurate data
• Erase your data ("right to be forgotten")
• Restrict processing of your data
• Object to certain processing activities
• Data portability - receive your data in a portable format
• Withdraw consent at any time
• Lodge a complaint with the Information Commissioner's Office (ICO)

For Teachers/Administrators using AI features:

• Right to object to AI processing
• Right to human review of AI-generated insights
• Right to request explanation of AI processing

11. Managing Your Information

Access and Modification:

• Access and modify your personal information through the Account screen
• Update wellness entries directly in the App
• Request an export of your data by contacting privacy@bewellit.com

Account Deletion:

• Navigate to "Account > Delete Account" to permanently delete your account
• This action immediately removes all your personal information from our systems
• Anonymized, aggregated data may be retained for analytics

12. Updates to This Policy

We may update this Privacy Policy as our App evolves. When we make changes:

• The "Last Updated" date will be revised
• For material changes, we will notify you via email or in-app notification
• Your continued use of the App after changes constitutes acceptance

13. California Privacy Rights

California Consumer Privacy Act (CCPA)

While we limit data collection, California residents have additional rights including:

• Right to know what personal information is collected
• Right to delete personal information
• Right to opt-out of the sale of personal information (we do not sell personal data)
• Right to non-discrimination for exercising privacy rights

Do Not Track

Our App does not track users across third-party websites and does not respond to Do Not Track (DNT) signals.

14. Emergency Situations

In situations involving imminent risk of serious harm, we may share limited information with appropriate authorities or designated emergency contacts in accordance with applicable laws and only to the extent necessary to address the emergency.

15. Links to External Services

Our App may contain links to external websites or services. We are not responsible for the privacy practices of these external services. We encourage you to review their privacy policies.

16. Children's Privacy

We do not knowingly collect personal information from children under 16. Educational institutions using our App for younger users must:

• Obtain appropriate parental consent
• Ensure compliance with applicable children's privacy laws
• Notify us of any minor users in their programs

17. Contact Information

For questions or concerns about this Privacy Policy or our privacy practices:

18. Complaints

If you have concerns about how we handle your data, you have the right to lodge a complaint with:

19. Governing Law

This Privacy Policy is governed by the laws of England and Wales. Any disputes shall be subject to the exclusive jurisdiction of the courts of England and Wales, without limiting any rights or protections provided under applicable privacy laws in your jurisdiction.