At Good Boost our mission is to support everyone anywhere have personalised therapeutic exercise designed around their goals to move more, have fun and feel better. Privacy is just an important to us and we endeavour to comply with the General Data Protection Regulation(GDPR) and the Data Protection Act 2018 (DPA), and to be market leaders when it comes to exercise apps and privacy.
These Terms of Use apply to your access to and use of the Good Boost mobile applications including the software contained in the mobile application (the “Software”) operated by GoodBoost Wellbeing Limited (“Good Boost”) company number 11495760, Henleaze HouseBusiness Centre, 13 Harbury Road, Henleaze, Bristol, BS9 4PN
This Privacy Policy applies to all of Good Boost apps and platforms, including the GoodBoost – HUB, Good Boost – Virtual Groups, Aqua Move and any other digital platform, web app, website or service (the “App”) operated by Good Boost Wellbeing Limited (“GoodBoost”) company number 11495760, Henleaze House Business Centre, 13 Harbury Road, Henleaze, Bristol, BS9 4PN
This policy explains how we use your personal data. We want to help you understand how we work with your data, so that you can make informed choices and be in control of your information. We may update this policy from time to time and, if we make any material changes, we will notify you when we do so. We will provide you with the opportunity to review such changes. By continuing to use our products and services after the changes have been made and we have notified you of them, the way we use your personal data will be subject to the terms of the updated policy.
We have taken considerable steps to protect the confidentiality, security and integrity of this information. Please read this privacy policy carefully as it will help you make informed decisions about sharing your personal information with us. We comply with ORCHA medical-app, the NHSDigital Technology Assessment Criteria (DTAC) and we comply with the seven Caldicott Principles and the NHS Constitution. We anonymise information contained in health records for use by researchers to support health improvement.
This policy explains how we use your personal data for therapeutic exercise app services.
This policy covers:
1. Who we are
2. What personal data we hold and how we gather it
3. What we use your personal data for
4. Sharing your personal data with others
5. Retention
6. Data security and transfers
7. Data Breach
8. Your rights
9. Policy Updates
10. Contact Us
1. Who Are We
The Good Boost app is delivered through software (exercise-apps) that is developed byGood Boost Wellbeing Limited (Company number 11495760, Registered in England, UK)(“Good Boost”, “Company”, “we”, “us”, or “our”). Good Boost develops and deploys the software that provides you with personalised therapeutic exercises. Our registered offices are Henleaze House Business Centre, 13 Harbury Road, Henleaze, Bristol, BS9 4PN
This privacy policy applies to all information collected through our mobile application, (“App”), and/or any related services, sales, marketing or events (we refer to them collectively in this privacy policy as the “Services”).
Good Boost is both the controller and processor of your personal data provided to, or collected by or for in connection with our exercise app services.
Good Boost works in partnership with our external app developer agency, Dev2Grow. R. JacintoJoao 8A, 2910-301 Setúbal, Portugal. Dev2Grow is a processor of user data. Good Boost andDev2Grow have a data sharing and data authorisation agreement to restrict access to personal data to mitigate data risk. Good Boost Works in partnership with 4Global (the “Processor”) to evaluate service delivery and Good Boost session attendance. 4Global Consulting Ltd, 5th Floor,Building 7, 566 Chiswick High Rd., Chiswick, London W4 5YG. 4Global is a processor of user data. Good Boost and 4Global have a data sharing and data authorisation agreement to restrict access to authorised personnel to mitigate data compromise risk. 4Global only use limited personal data (name, email, postcode, gender, year of birth) to match users to session attendance at leisure centres in the UK. Both processors will only use the data for the specified purposes.
If you are user of the ‘We Are Undefeatable app, powered by Good Boost’, Age UK on behalf of the We Are Undefeatable campaign is a data processor for the ‘We Are Undefeatable App’ data. Age UK Registered charity number (1128267) and registered address; 7th Floor, OneAmerica Square, 17 Crosswall, London, EC3N 2LB
2. What data we hold and how we gather it
We collect personal information that you voluntarily provide to us when registering on our App, expressing an interest in obtaining information about us or our products and services, when participating in activities on the App or otherwise contacting us. The personal information that we collect depends on the context of your interactions with us and the App, the choices you make, and the products and features you use.The personal information we collect can include the following:
1. Personal Details
When you register with us your complete forms and provide us with basic informationabout yourself, such as your name, year of birth, post code and email address.We collect demographic information such as employment status and ethnicity. You areresponsible for the accuracy of the information that you provide to us.
2. Social Media Login Data
We may provide you with the option to register using social media account details as your user log in, such as your Facebook and Google account. If you choose to register in this way, we will collect the information described in the section called “How do we handle your social logins” below.
3. Voluntary Contact Information
when you communicate with us (for example when you send us an email or use a“contact us” form) we collect the Personal Information you provided us with.
4. Exercise and Health Information
The main type of information we hold about you is health information. This includes details about your health & wellbeing that is relevant to the selection of exercise for your personalised sessions on the App. As part of gathering health information, this includes safety and screening question for the selection of suitable exercises.
We gather this information directly from you during your registration on the App. You can review this information, update information or add new information on the App. We also gather feedback measures, such as mobility, pain and wellbeing, from you a specific timepoints to measure your change and progress. We also gather feedback from you before and after you complete an exercise session.
All personal information that you provide to us must be true, complete and accurate, and you must update your details the Good Boost app or notify us of any changes to such personal information. Providing inaccurate information will result in providing exercise selections which are not tailored to your true requirements, as result, may represent a risk to you.
Information automatically collected.
We automatically collect certain information when you visit, use or navigate the App. This information does not reveal your specific identity (like your name or contact information) but may include device and usage information, such as your IP address, browser and device characteristics, operating system, language preferences, referring URLs, device name, country, location, information about how and when you use our App and other technical information. This information is primarily needed to maintain the security and operation of the App, and for our internal analytics and reporting purposes. None of the information automatically collected is shared externally.
3. What we use your personal data for
We use personal information collected via our App for a variety of business purposes described below. We process your personal information for these purposes in reliance on our legitimate business interests, in order to enter into or perform a contract with you, with your consent, and/or for compliance with our legal obligations. We indicate the specific processing grounds we rely on next to each purpose listed below.
Providing you a service
Your personal details such as your name, post code, email and phone number are used to create a user profile for you. We may use this information to verify your identify in the event you forget your login details.
Keeping you up to date
We may use your email address, phone number and/or details to contact you or present you with occasional updates and messages. We will also use your contact detail to update you of any changes to our policies and procedures in addition to inviting you to receive regular updates on Good Boost and our services. We may use the personal information you send to us for our marketing purposes, if this is in accordance with your marketing preferences. You can opt-out of our marketing emails at any time (see the “What are your privacy rights”below).
For any future updates of the Privacy Policy or the purpose of data collection and use change you will be updated and requested to consent and approve the updated PrivacyPolicy when next using the App Software.
Commitment to equality and accessibility
We gather information such as age, employment statement, postcode ethnicity and gender to understand the demographic details of our users. We are working to ensure that we deliver a digital exercise service that is accessible to all and overcome health inequalities.
We use the data listed above to complete analysis and reviews of our progress in providing a service that is accessible to a diverse demographic. This is a core part of our mission and part of our programmes funded by health, wellbeing and research institutions.
Commitment to minimising data collection
We will always collect the minimum data necessary to enable you to use the App and to measure the programme impact and commitment to equality and accessibility. We only gather data which has been determined to be necessary and continually review our data collection to reduce and remove any questions and data collection where possible. For demographic information questions (that do not require an answer for the exercise selection algorithms to create personalised exercise programmes or gather outcome and impact data) we provide the options for ‘prefer not to answer’ if you would prefer not to answer these fields.
Creating personalised exercise programmes
Your self-reported health information and the feedback information you provide before and after your exercise session is used to generate your personalised exercise programme through an automated process. Our artificial intelligence has been designed by clinical specialists for exercise and to support people living with long-term health conditions to be physically active, in addition to best clinical practice, research evidence and clinical guidelines.
Improving our service for you and others
We complete internal data audits and analysis for the purposes of service improvement. We also work with academic partners to validate our service improvement and analysis. When working with third-parties for the purpose of service improvement and research we will never share your personal contact details or any other personal identifiable data. Any details shared are fully anonymised an only for the purpose of aggregate data audits and impact evaluation. Furthermore, we only work in collaboration with academic institutions that havehigh levels of data security and governance in place to ensure that data is kept secure.
Impact reporting
Good Boost is funded by public bodies such as Innovate UK, the Small Business ResearchInitiative (SBRI) and other research and community health funded initiatives. As part of our commitment to report the impact of our services we report aggregated statistics and measures. None of these reports include any way to interpret any individual user’s data as they are presented in data grouped in statistics and graphs.We will ask for your explicit consent to collect, process and store your information, for the following purposes:
•Patient engagement activities
•Developing case studies
To facilitate account creation and log-in process
If you choose to link your account with us to a third-party account (such as your Google or Facebook account), we use the information you allowed us to collect from those third parties to facilitate account creation and logon process for the performance of the contract. See the section below headed “How do we handle your social logins” for further information.To post testimonials. We post testimonials on our App that may contain personal information. Prior to posting a testimonial, we will obtain your consent to use your name and testimonial. If you wish to update, or delete your testimonial, please contact us at DPO@goodboost.org and be sure to include your name, testimonial location, and contact information.
Request Feedback
We may use your information to request feedback and to contact you about your use of our App.To enforce our terms, conditions and policies for Business Purposes, Legal Reasons and Contractual.
Other uses
Based on our legitimate interest in managing and planning our business, we may analyse data about your use of our services to troubleshoot bugs within the App, forecast demand of service and to understand other trends in use, including which features users use the most and find most helpful, and what features users require from us. This does not involve making any decisions about you that would have a significant legal effect on you – it is only about improving our App so that we can deliver better services to you. Strict confidentiality and data security provisions will apply at all times.Where necessary for safety, regulatory and/or compliance purposes, we may audit your interactions with our services. Strict confidentiality and data security provisions will apply at all times to any such audit and access.
To respond to legal requests and prevent harm. If we receive a subpoena or other legal request, we may need to inspect the data we hold to determine how to respond. If there is valid and legitimate risk to health or harm under safeguarding, we will share data with the appropriate authority in accordance with GDPR. To respond to user inquiries/offer support to users. We may use your information to respond to your inquiries and solve any potential issues you might have with the use of our Services.In the event you believe there is an unsuitable user accessing Good Boost software, including a child or a person who is unable to provide informed consent to the App Terms and Privacy Policy, you can report this to the Data Protection Officer email at DPO@goodboost.org.
Please note, if you access any third-party websites, app or software via Good BoostSoftware, this Privacy Policy and App Terms will no longer apply. The Privacy Policy for any3rd parties will be the specific Privacy Policy and terms for the 3rd party website, app or software.
We will never share your details with any third-party for marketing or promotional purposes without your informed consent as an additional opt-in data sharing option.
Opting Out of Data Processing
You can opt-out of any or all data processing for any of Good Boost’s / We Are Undefeatable App and Software. Data processing activities are required by the app in order to create personalised exercise programmes. Data processing is also completed for our ongoing service evaluation, clinical governance and impact reporting. In the event you opt-out of certain processing, this may mean that some or all the Good Boost App Software services is no longer functional. You will be notified of the particular limits in the event you request to opt-out of data processing. You can opt-out by contacting Good Boost via theinfo@goodboost.org and/or the DPO@goodboost.org email using your email that you used to register for the Good Boost app. In this even you do not have access to this email, you will need to provide key details to confirm you are the account holder.
4. Sharing your personal data with others
We may process or share data based on the following legal basis:
Performance of a Contract: Where we have entered into a contract with you, we may process your personal information to fulfil the terms of our contract.
Legitimate Interests: We may process your data when it is reasonably necessary to achieve our legitimate business interests.
Legal Obligations: We may disclose your information where we are legally required to do so in order to comply with applicable law, governmental requests, a judicial proceeding, court order, or legal process, such as in response to a court order or a subpoena (including in response to public authorities to meet national security or law enforcement requirements).
Consent: We may process your data if you have given us specific consent to use your personal information in a specific purpose.
Research, Evaluation and Clinical Governance partners: We may share anonymised personal Information with third parties, such as research institutes, academic institutes, healthcare systems and healthcare providers, for research purposes and for improvement and/or quality assurance of our services. These partners will act as data processors on our behalf, acting strictly under contract in accordance with Article 28 GDPR. Those data processors are bound by strict confidentiality and data security provisions, and they can only use your data in the ways specified by Good Boost for the purpose of clinical audits and impact evaluation.
Anonymised information: We may share with our partners aggregated and anonymised data that does not personally identify you, but which shows general trends, for example, the number of users of our service.
If is your right to share your data with others, including health care professionals. If you plan to share your data with other it is essential that you are certain you are sharing it with at rusted individual, health professional or organisation.
5. Retention
We will only keep your personal information for as long as it is necessary for the purposes set out in this privacy policy, unless a longer retention period is required or permitted by law.
No purpose in this policy will require us keeping your personal information for longer than 10 years past a user’s last log-in or closing of the user’s account.
When we have no ongoing legitimate business need to process your personal information, it will be deleted. We will send you an email reminder 6-months before and 1 month before data is destructed.
We reserve the right to destroy your data if we have reasonable grounds to believe the account has been made maliciously without the intention for genuine use.You can request a copy of all personal information that we hold about you at any time.
6. Data security and transfers
We will at all times comply with the requirements of the General Data Protection Regulation(GDPR) 2018, including ensuring that there are appropriate technological and operational procedures in place to protect your and other users’ information. When you submit personal data via the website or through our App (for example by giving feedback), this is protected both online and offline.All of your and other users’ information, not just personal data, has restricted access.
Everyone whom we employ must use password-protected log-in screens to gain entry to restricted information. Furthermore, all employees are kept up-to-date on our security and privacy practices. When new policies are added, our employees are notified and/or reminded about the importance we place on privacy, and what they can do to ensure your information is protected. You may at any time request a copy of the data we hold on you by sending an email to or by written notice to us.
We work to protect the security of your information during transmission by using SecureSockets Layer (SSL) software, which encrypts information you input.
We maintain physical, electronic and procedural safeguards in connection with the collection, storage and disclosure of personally identifiable customer information. Our security procedures mean that we may occasionally request proof of identity before we disclose personal information to you.We have implemented administrative, technical, and physical safeguards to help prevent unauthorised access, use, or disclosure of your Personal Information. Your information is stored on secure servers and isn’t publicly available. We use Amazon Web Servers to securely store your data. For more information on Amazon Web Servers security and data privacy standards please visit.
We do not store any data on your personal device unless explicitly prompted in the app.
This data will be multimedia data to enable you to use the Software offline. You need to help us prevent unauthorised access to your account by protecting your password appropriately and limiting access to your account (for example, by signing off after you have finished accessing your account). You will be solely responsible for keeping your password confidential and for all use of your password and your account, including any unauthorised use.
While we seek to protect your information to ensure that it is kept confidential, we cannot absolutely guarantee its security. You should be aware that there is always some risk involved in transmitting information over the internet. While we strive to protect your Personal Information, we cannot ensure or warrant the security and privacy of your personal Information or other content you transmit using the service, and you do so at your own risk.
7. Data Breach
A privacy breach occurs when there is unauthorised access to or collection, use, disclosure or disposal of personal information. You will be notified about data breaches when GoodBoost Wellbeing Limited believes you are likely to be at risk or serious harm. For example, a data breach may be likely to result in serious financial harm or harm to your mental or physical well-being. In the event that Good Boost Wellbeing Limited becomes aware of a security breach which has resulted or may result in unauthorised access, use or disclosure of personal information Good Boost Wellbeing Limited will promptly investigate the matter and notify the applicable Supervisory Authority not later than 72 hours after having become aware of it, unless the personal data breach is unlikely to result in a risk to the rights and freedoms of natural persons.
8. Your rights
Under the GDPR your rights are as follows.the right to be informed
;the right of access;
the right to rectification;
the right to erasure;
the right to restrict processing;
the right to data portability;
the right to object; and
the right not to be subject to automated decision-making including profiling.You also have the right to complain to the Information Commissions Office (ICO)(www.ico.org.uk, 0303 123 1113) if you feel there is a problem with the way we are handling your data. Good Boost’s ICO Registration number is: ZA501212.
We handle subject access requests in accordance with the GDPR.In some regions (like the European Economic Area), you have certain rights under applicable data protection laws. These may include the right (i) to request access and obtain a copy of your personal information, (ii) to request rectification or erasure; (iii) to restrict the processing of your personal information; and (iv) if applicable, to data portability. In certain circumstances, you may also have the right to object to the processing server of your personal information. To make such a request, please use the contact details provided below. We will consider and act upon any request in accordance with applicable data protection laws.
If we are relying on your consent to process your personal information, you have the right to withdraw your consent at any time. Please note however that this will not affect the lawfulness of the processing before its withdrawal.
If you wish to exercise any of your data rights, including a copy of your data or data deletion, we will complete this within 10 working day of the request being received.If you are resident in the European Economic Area and you believe we are unlawfully processing your personal information, you also have the right to complain to your local data protection supervisory authority. You can find their contact details here:If you have questions or comments about your privacy rights, you may email us at DPO@goodboost.org.
9. Policy Updates
We may update this privacy policy from time to time. The updated version will be indicated by an updated “Revised” date and the updated version will be effective as soon as it is accessible. If we make material changes to this privacy policy, we may notify you either by prominently posting a notice of such changes or by directly sending you a notification. Ween courage you to review this privacy policy frequently to be informed of how we are protecting your information.
For any future updates of the App Terms and/or the Privacy Policy or the purpose of data collection and use change you will be updated and requested to consent and approve the updated Terms/Privacy Policy/Data collection when next using the App Software.
10. Contact Us
We are here to help.
If you require further information, assistance, queries or you are facing technical problems, you can contact Good Boost from within the app by pressing the ‘contact Good Boost button’, contact us through email, info@goodboost.org or call us on +44 (0) 203 488 4695. Make sure to include as much detail about the problem as possible in your report.Information like the kind of phone or tablet you were using and what you were doing when the problem occurred may help us address the issue. We are committed to addressing issues, complaints, feedback and contact submissions; we reserve the right to respond within 10 working days.
You may also contact our Data Protection Officer (DPO), Alex Georgiou, Technical Director, by email at DPO@goodboost.org
This Privacy Policy was last updated on 17th April 2025.
.png)
