Privacy Policy

Privacy Policy

Last updated: 23 June 2026

WeightFree BV ("we", "us", or "our"), registered at Weightfree street 20, 1010xx Amsterdam, the Netherlands, is committed to protecting your personal data. This Privacy Policy explains what data we collect about you, why we collect it, how we use and share it, and what rights you have under the General Data Protection Regulation (GDPR) and the Dutch Implementation Act (Uitvoeringswet AVG).

We are the data controller for the personal data described in this policy. For questions or requests, contact our privacy team at info@rolandb31.com.

1. Data We Collect

We collect the following categories of personal data:

• Account data: name, email address, password (hashed), preferred language, and country of residence.
• Profile & health data: age, gender, height, current weight, target weight, dietary preferences, activity levels, and progress logs. Note that weight and health-related information may constitute special category data under GDPR Article 9; we process this data only with your explicit consent.
• Usage data: pages visited, features used, session duration, click events, and in-app interactions.
• Device & technical data: IP address, device type, operating system, browser type, and unique device identifiers.
• Payment data: billing name, billing address, and payment card details. Full card details are processed exclusively by our payment processor; we store only a tokenised reference and the last four digits of your card.
• Communications data: emails and messages you send to us, and records of support interactions.
• Cookie & tracking data: as described in Section 7 below.

2. How We Use Your Data

We use your personal data for the following purposes and on the following legal bases:

• Providing the Service (legal basis: performance of a contract, Art. 6(1)(b) GDPR) — to create and manage your account, personalise your experience, process payments, and deliver features.
• Processing health/weight data (legal basis: explicit consent, Art. 9(2)(a) GDPR) — to generate personalised weight-loss plans and AI-assisted recommendations. You may withdraw this consent at any time without affecting your access to non-health features.
• Customer support (legal basis: legitimate interests, Art. 6(1)(f) GDPR) — to respond to your enquiries and resolve issues.
• Billing & fraud prevention (legal basis: performance of a contract and legal obligation, Art. 6(1)(b) and (c) GDPR) — to process subscription payments and comply with financial regulations.
• Marketing communications (legal basis: consent, Art. 6(1)(a) GDPR) — to send you newsletters, product updates, and promotional offers where you have opted in. You can unsubscribe at any time via the link in any email or by contacting us.
• Service improvement & analytics (legal basis: legitimate interests, Art. 6(1)(f) GDPR) — to understand how users interact with the Service and to improve functionality and content.
• Legal compliance (legal basis: legal obligation, Art. 6(1)(c) GDPR) — to comply with applicable Dutch and EU laws, including tax and accounting obligations.

3. Third-Party Processors

We share your personal data with trusted third parties only to the extent necessary to provide the Service. All processors are bound by data processing agreements and are required to handle your data in accordance with GDPR. Key processors include:

• Payment processor: We use a PCI-DSS compliant payment provider to handle subscription billing and card transactions. Your full card details are never stored on our servers.
• Email service provider: We use a third-party platform to send transactional emails (account confirmations, receipts) and, where you have consented, marketing messages.
• AI infrastructure provider: AI-assisted features are powered by a third-party AI provider. Only the data necessary to generate your personalised recommendations is shared, and it is used solely for that purpose.
• Cloud hosting & infrastructure: Our servers and databases are hosted with a reputable cloud provider operating within the European Economic Area (EEA) or subject to appropriate transfer safeguards.
• Analytics provider: We use analytics tools to understand usage patterns. Where possible, data is anonymised or pseudonymised before processing.

We do not sell your personal data to third parties.

4. International Data Transfers

Where we transfer personal data outside the EEA, we ensure that appropriate safeguards are in place, such as the European Commission's Standard Contractual Clauses (SCCs) or adequacy decisions. You may request details of the specific safeguards in place by contacting us at info@rolandb31.com.

5. Data Retention

We retain your personal data for as long as necessary to fulfil the purposes described in this policy:

• Account and profile data: retained for the duration of your subscription plus up to 3 years after account closure, unless you request earlier deletion.
• Health and progress data: retained while you have an active account and deleted within 90 days of account closure, unless a longer period is required by law or you request earlier deletion.
• Payment records: retained for 7 years to comply with Dutch accounting and tax obligations (Article 52 of the General Tax Act / Algemene wet inzake rijksbelastingen).
• Support correspondence: retained for 2 years after resolution of the relevant issue.
• Marketing consent records: retained until you withdraw consent and for a reasonable period thereafter as proof of consent.

6. Your Rights Under GDPR

As a data subject under GDPR, you have the following rights. To exercise any of them, contact us at info@rolandb31.com. We will respond within 30 days (extendable by a further 60 days for complex requests).

• Right of access (Art. 15): You can request a copy of the personal data we hold about you.
• Right to rectification (Art. 16): You can ask us to correct inaccurate or incomplete data.
• Right to erasure (Art. 17): You can ask us to delete your personal data where we have no lawful basis to retain it.
• Right to restriction of processing (Art. 18): You can ask us to pause processing of your data in certain circumstances.
• Right to data portability (Art. 20): Where processing is based on consent or contract and is automated, you can request your data in a structured, commonly used, machine-readable format.
• Right to object (Art. 21): You can object to processing based on legitimate interests, including profiling and direct marketing.
• Right to withdraw consent: Where processing is based on consent, you may withdraw it at any time without affecting prior lawful processing.
• Right to lodge a complaint: You have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) at www.autoriteitpersoonsgegevens.nl, or with the supervisory authority in your country of residence.

7. Cookies & Tracking Technologies

We use cookies and similar technologies (e.g., pixels, local storage) on our website and in our app. These may include:

• Strictly necessary cookies: Essential for the Service to function (e.g., session management, security). These do not require your consent.
• Functional cookies: Remember your preferences (e.g., language, region). We ask for your consent before placing these.
• Analytics cookies: Help us understand how you use the Service. We ask for your consent before placing these.
• Marketing cookies: Used to serve relevant advertising. We ask for your consent before placing these.

You can manage your cookie preferences at any time via our cookie consent banner or your browser settings. Withdrawing consent may affect some features of the Service.

8. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, or destruction. These include encryption in transit (TLS) and at rest, access controls, and regular security reviews. No method of transmission over the internet is 100% secure; we cannot guarantee absolute security.

9. Children's Privacy

The Service is not directed at children under the age of 16. We do not knowingly collect personal data from children under 16. If you believe we have inadvertently collected such data, please contact us at info@rolandb31.com and we will delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or through the app. The updated policy will state the revised "Last updated" date. We encourage you to review this policy periodically.

11. Contact Us

For privacy-related questions, requests, or complaints, contact us:

• Email: info@rolandb31.com
• Address: WeightFree BV, Weightfree street 20, 1010xx Amsterdam, the Netherlands

Disclaimer: This Privacy Policy has been prepared for general informational purposes and is written in plain language to aid understanding. It does not constitute legal advice and has not been verified by a qualified lawyer or data protection specialist. WeightFree BV recommends seeking independent legal and data protection counsel to ensure full compliance with all applicable laws before relying on this document.