Privacy policy

Good Boost Apps – Privacy Policy

1. Who we are

2. What personal data we hold and how we gather it

3. What we use your personal data for

4. Sharing your personal data with others

5. Retention

6. Data security and transfers

7. Data Breach

8. Your rights

9. Policy Updates

10. Contact Us

1. Who Are We

The Good Boost app is delivered through software (exercise-apps) that is developed by Good Boost Wellbeing Limited (Company number 11495760, Registered in England, UK) (“Good Boost”, “Company”, “we”, “us”, or “our”). Good Boost develops and deploys the software that provides you with personalised therapeutic exercises. Our registered offices are 82 Southwark Bridge Road, London, SE1 0AS, United Kingdom.

This privacy policy applies to all information collected through our mobile application, (“App”), and/or any related services, sales, marketing or events (we refer to them collectively in this privacy policy as the “Services”).

Good Boost is both the controller and processor of your personal data provided to, or collected by or for in connection with our exercise app services.

Good Boost works in partnership with our external app developer agency, Dev2Grow. Dev2Grow Av. Luísa Todi 300 4F, 2900-452 Setúbal, Portugal. Dev2Grow is a processor of user data. Good Boost and Dev2Grow have a data sharing and data authorisation agreement to restrict access to personal data to mitigate data risk.

2. What personal data we hold and how we gather it

We collect personal information that you voluntarily provide to us when registering on our Apps, expressing an interest in obtaining information about us or our products and services, when participating in activities on the Apps or otherwise contacting us. The personal information that we collect depends on the context of your interactions with us and the App, the choices you make, and the products and features you use.

The personal information we collect can include the following:

    1. Personal details

When you register with us your complete forms and provide us with basic information about yourself, such as your name, year of birth, post code and email address.

We collect demographic information such as employment status and ethnicity. You are responsible for the accuracy of the information that you provide to us.

    2. Social Media Login Data.

We may provide you with the option to register using social media account details as your user log in, such as your Facebook and Google account. If you choose to register in this way, we will collect the information described in the section called “How do we handle your social logins” below.

    3. Voluntary contact information

when you communicate with us (for example when you send us an email or use a “contact us” form) we collect the Personal Information you provided us with.

    4. Exercise and Health Information

The main type of information we hold about you is health information. The focus is primarily on your general health information, such as if you experience pain in your joints and if you have any diagnosed joint conditions. We also ask for more global health information, such as if you have a heart condition, for the purposes of safety and screening to ensure the exercises selected are suitable for you.

We gather this information directly from you during your registration on the App. You can review this information, update information or add new information on the App. We also gather feedback measures, such as pain and wellbeing, from you a specific time points to measure your change and progress. We also gather feedback from you before and after you complete an exercise session.

All personal information that you provide to us must be true, complete and accurate, and you must update your details the Good Boost app or notify us of any changes to such personal information.

Information automatically collected.

We automatically collect certain information when you visit, use or navigate the Apps. This information does not reveal your specific identity (like your name or contact information) but may include device and usage information, such as your IP address, browser and device characteristics, operating system, language preferences, referring URLs, device name, country, location, information about how and when you use our Apps and other technical information. This information is primarily needed to maintain the security and operation of our Apps, and for our internal analytics and reporting purposes.

3. What we use your personal data for

We use personal information collected via our Apps for a variety of business purposes described below. We process your personal information for these purposes in reliance on our legitimate business interests, in order to enter into or perform a contract with you, with your consent, and/or for compliance with our legal obligations. We indicate the specific processing grounds we rely on next to each purpose listed below.

Your personal details such as your name, post code, email and phone number are used to create a user profile for you. We may use this information to verify your identify in the event you forget your login details.

Keeping you up to date

We may use you email address, phone number and/or details to contact you or present you with occasional updates and messages. will also use your contact detail to update you of any changes to our policies and procedures in addition to inviting you to receive regular updates on Good Boost and our services. We may use the personal information you send to us for our marketing purposes, if this is in accordance with your marketing preferences. You can opt-out of our marketing emails at any time (see the “What are your privacy rights” below).

We may contact you by SMS, email and/or other means to offer you helpful information or invite you to make appointments, for example for free health screening programs relevant to you.

For any future updates of the App Terms and/or the Privacy Policy or the purpose of data collection and use change you will be updated and requested to consent and approve the updated Terms/Privacy Policy/Data collection when next using the App Software. ORC_D61

Commitment to equality and accessibility

We gather information such as age, employment statement, postcode/zip code ethnicity and gender to understand the demographic details of our users. We are working to ensure that we deliver a digital exercise and wellbeing service that is accessible to all and overcome health inequalities. This is a core part of our mission and part of our programmes funded by health, wellbeing and research institutions.  ORC_DPR03

Commitment to minimising data collection

We will always collect the minimum data necessary to enable you to use the Software and to measure the Good Boost programme impact and commitment to equality and accessibility. We only gather data which has been determined to be necessary and continually review our data collection to reduce and remove any questions and data collection where possible. For demographic information questions (that do not require an answer for the clinical algorithms to create therapeutic exercise programs or gather outcome and impact data) we provide the options for ‘prefer not to answer’ if you would prefer not to answer these fields. ORC_DPR03

Creating personalised exercise programs

Your self-reported health information and the feedback information you provide before and after your exercise session is used to generate your personalised exercise program through an automated process. Our artificial intelligence has been designed by clinical specialists for exercise rehabilitation in addition to the best clinical practice, research evidence and clinical guidelines.

Improving our service for you and others

We complete internal data audits and analysis for the purposes of service improvement. We also work with academic partners to validate our service improvement and analysis. When working with third-parties for the purpose of service improvement and research we never share your personal contact details or any other personal identifiable data. All details shared are fully anonymised. Furthermore, we only work in collaboration with academic institutions that have high levels of data security and governance in place to ensure that data is kept secure.

Impact reporting

Good Boost is funded by public bodies such as Innovate UK and the Small Business Research Initiative. As part of our commitment to report the impact of our services we report aggregated statistics and measures. None of these reports include any way to interpret any individual users data as they are presented in data grouped in statistics and graphs.

We will ask for your explicit consent to collect, process and store your information, for the following purposes:

• Patient engagement activities
• Developing case studies
• CRM DATA MATCHING

To facilitate account creation and log-in process

If you choose to link your account with us to a third-party account (such as your Google or Facebook account), we use the information you allowed us to collect from those third parties to facilitate account creation and logon process for the performance of the contract. See the section below headed “How do we handle your social logins” for further information.

To post testimonials. We post testimonials on our Apps that may contain personal information. Prior to posting a testimonial, we will obtain your consent to use your name and testimonial. If you wish to update, or delete your testimonial, please contact us at DPO@goodboost.org and be sure to include your name, testimonial location, and contact information.

Request Feedback

We may use your information to request feedback and to contact you about your use of our Apps.

To enforce our terms, conditions and policies for Business Purposes, Legal Reasons and Contractual.

Other uses

Based on our legitimate interest in managing and planning our business, we may analyse data about your use of our services to troubleshoot bugs within the App, forecast demand of service and to understand other trends in use, including which features users use the most and find most helpful, and what features users require from us. This does not involve making any decisions about you that would have a significant legal effect on you – it is only about improving our App so that we can deliver better services to you. Strict confidentiality and data security provisions will apply at all times.

Where necessary for safety, regulatory and/or compliance purposes, we may audit your interactions with our services. Strict confidentiality and data security provisions will apply at all times to any such audit and access.

To respond to legal requests and prevent harm. If we receive a subpoena or other legal request, we may need to inspect the data we hold to determine how to respond. If there is valid and legitimate risk to health or harm under safeguarding, we will share data with the appropriate authority in accordance with GDPR. To respond to user inquiries/offer support to users. We may use your information to respond to your inquiries and solve any potential issues you might have with the use of our Services.

In the event you believe there is an unsuitable user accessing Good Boost software, including a child or a person who is unable to provide informed consent to the App Terms and Privacy Policy, you can report this to the Data Protection Officer email at dpo@goodboost.org. All   ORC_DO01

Please note, if you access any third-party websites, app or software via Good Boost Software, this Privacy Policy and App Terms will no longer apply. The Privacy Policy for any 3^rd parties will be the specific Privacy Policy and terms for the 3^rd party website, app or software. ORC_D91

We will never share your details with any third-party for marketing or promotional purposes without your informed consent as an additional opt-in data sharing option.

Opting Out of Data Processing

You can opt-out of any or all data processing for any of Good Boost’s Apps and Software. Data processing activities are required by the app in order to create personalised therapeutic exercise programmes. Data processing is also completed for our ongoing service evaluation, clinical governance and impact reporting. In the event you opt-out of certain processing, this may mean that some or all the Good Boost App Software services is not longer functional. You will be notified of the particular limits in the event you request to opt-out of data processing. You can opt-out by contacting Good Boost via the info@goodboost.org and/or the DPO@goodboost.org email using your email that you used to register for the Good Boost app. In this even you do not have access to this email, you will need to provide key details to confirm you are the account holder. ORC_DP13 – ORC_D28

4. Sharing your personal data with others

We may process or share data based on the following legal basis:

Performance of a Contract: Where we have entered into a contract with you, we may process your personal information to fulfill the terms of our contract.

Legitimate Interests: We may process your data when it is reasonably necessary to achieve our legitimate business interests.

Legal Obligations: We may disclose your information where we are legally required to do so in order to comply with applicable law, governmental requests, a judicial proceeding, court order, or legal process, such as in response to a court order or a subpoena (including in response to public authorities to meet national security or law enforcement requirements).

Consent: We may process your data if you have given us specific consent to use your personal information in a specific purpose.

Research, Evaluation and Clinical Governance partners: We may share anonymised personal Information with third parties, such as research institutes, healthcare systems and healthcare providers, for research purposes and for improvement of our services. These partners will act as data processors on our behalf, acting strictly under contract in accordance with Article 28 GDPR. Those data processors are bound by strict confidentiality and data security provisions, and they can only use your data in the ways specified by us.

Anonymised information: We may share with our partners aggregated and anonymised data that does not personally identify you, but which shows general trends, for example, the number of users of our service.

If is your right to share your data with others, including health care professionals. If you plan to share your data with other it is essential that you are certain you are sharing it with a trusted individual, health professional or organisation.

5. Retention

We will only keep your personal information for as long as it is necessary for the purposes set out in this privacy policy, unless a longer retention period is required or permitted by law. No purpose in this policy will require us keeping your personal information for longer than 10 years past a user’s last log-in or closing of the user’s account.

When we have no ongoing legitimate business need to process your personal information, it will be deleted. We will send you an email reminder 6-months before and 1 month before data is destructed.

We reserve the right to destroy your data if we have reasonable grounds to believe the account has been made maliciously without the intention for genuine use.

6. Data security and transfers

We will at all times comply with the requirements of the General Data Protection Regulation (GDPR) 2018, including ensuring that there are appropriate technological and operational procedures in place to protect your and other users’ information. When you submit personal data via the website or through our apps (for example by giving feedback), this is protected both online and offline.

All of your and other users’ information, not just personal data, has restricted access. Everyone whom we employ must use password-protected log-in screens to gain entry to restricted information. Furthermore, all employees are kept up-to-date on our security and privacy practices. When new policies are added, our employees are notified and/or reminded about the importance we place on privacy, and what they can do to ensure your information is protected. You may at any time request a copy of the data we hold on you by sending an email to  or by written notice to us.

We work to protect the security of your information during transmission by using Secure Sockets Layer (SSL) software, which encrypts information you input.

We maintain physical, electronic and procedural safeguards in connection with the collection, storage and disclosure of personally identifiable customer information. Our security procedures mean that we may occasionally request proof of identity before we disclose personal information to you.

We have implemented administrative, technical, and physical safeguards to help prevent unauthorised access, use, or disclosure of your Personal Information. Your information is stored on secure servers and isn’t publicly available. We use Amazon Web Servers to securely store your data. For more information on Amazon Web Servers security and data privacy standards please visit

We do not store any data on your personal device unless explicitly prompted in the app.

This data will be multimedia data to enable you to use the Software offline. You need to help us prevent unauthorized access to your account by protecting your password appropriately and limiting access to your account (for example, by signing off after you have finished accessing your account). You will be solely responsible for keeping your password confidential and for all use of your password and your account, including any unauthorised use.

While we seek to protect your information to ensure that it is kept confidential, we cannot absolutely guarantee its security. You should be aware that there is always some risk involved in transmitting information over the internet. While we strive to protect your Personal Information, we cannot ensure or warrant the security and privacy of your personal Information or other content you transmit using the service, and you do so at your own risk.

7. Data Breach

A privacy breach occurs when there is unauthorized access to or collection, use, disclosure or disposal of personal information. You will be notified about data breaches when Good Boost Wellbeing Limited believes you are likely to be at risk or serious harm. For example, a data breach may be likely to result in serious financial harm or harm to your mental or physical well-being. In the event that Good Boost Wellbeing Limited becomes aware of a security breach which has resulted or may result in unauthorized access, use or disclosure of personal information Good Boost Wellbeing Limited will promptly investigate the matter and notify the applicable Supervisory Authority not later than 72 hours after having become aware of it, unless the personal data breach is unlikely to result in a risk to the rights and freedoms of natural persons.

8. Your rights

Under the GDPR your rights are as follows.

the right to be informed;

​the right of access;

the right to rectification;

the right to erasure;

the right to restrict processing;

the right to data portability;

the right to object; and

the right not to be subject to automated decision-making including profiling.

You also have the right to complain to the Information Commissions Office, ICO (www.ico.org.uk, 0303 123 1113) if you feel there is a problem with the way we are handling your data. Our ICO Registration number is: ZA501212.

We handle subject access requests in accordance with the GDPR.

In some regions (like the European Economic Area), you have certain rights under applicable data protection laws. These may include the right (i) to request access and obtain a copy of your personal information, (ii) to request rectification or erasure; (iii) to restrict the processing of your personal information; and (iv) if applicable, to data portability. In certain circumstances, you may also have the right to object to the processing server of your personal information. To make such a request, please use the contact details provided below. We will consider and act upon any request in accordance with applicable data protection laws.

If we are relying on your consent to process your personal information, you have the right to withdraw your consent at any time. Please note however that this will not affect the lawfulness of the processing before its withdrawal.

If you wish to exercise any of your data rights, including a copy of your data or data deletion, we will complete this within 10 working day of the request being received.  ORC_D83

If you are resident in the European Economic Area and you believe we are unlawfully processing your personal information, you also have the right to complain to your local data protection supervisory authority. You can find their contact details here:

If you have questions or comments about your privacy rights, you may email us at DPO@goodboost.org.

9. Policy Updates

We may update this privacy policy from time to time. The updated version will be indicated by an updated “Revised” date and the updated version will be effective as soon as it is accessible. If we make material changes to this privacy policy, we may notify you either by prominently posting a notice of such changes or by directly sending you a notification. We encourage you to review this privacy policy frequently to be informed of how we are protecting your information.

For any future updates of the App Terms and/or the Privacy Policy or the purpose of data collection and use change you will be updated and requested to consent and approve the updated Terms/Privacy Policy/Data collection when next using the App Software. ORC_D61

10. Contact Us

We are here to help.

If you require further information, assistance, queries or you are facing technical problems, you can contact Good Boost from within the app by pressing the ‘contact Good Boost button’, contact us through email, info@goodboost.org or call us on +44 (0) 203 488 4695. 

Make sure to include as much detail about the problem as possible in your report. Information like the kind of phone or tablet you were using and what you were doing when the problem occurred may help us address the issue. We are committed to addressing issues, complaints, feedback and contact submissions; we reserve the right to respond within 10 working days.

You may also contact our Data Protection Officer (DPO), Alex Georgiou, Technical Director, by email at dpo@goodboost.org