Privacy Policy

Effective Date: 26 February 2026

Boone App Ltd (“Boone”, “we”, “us”, or “our”) is a UK-based personalised nutrition science platform using artificial intelligence and, where selected by users, genetic analysis to generate individualised nutrition insights.

This Privacy Policy explains how we collect, use, process, analyse, share and protect your personal data when you use MyBoone.app and related services (“Services”).

By using our Services, you agree to the practices described in this Policy.

1. Data Controller

Boone App Ltd
Centrum
Colney Lane
Colney
Norwich
England
NR4 7UG
United Kingdom

Email: privacy@myboone.app

Boone App Ltd is the data controller under the UK General Data Protection Regulation (UK GDPR).

ICO Registration Number: 00013303684

2. Categories of Data We Process

2.1 Identity and Account Data
  • Name
  • Email address
  • Login credentials
2.2 Nutritional and Behavioural Data
  • Food images uploaded
  • Barcode scans
  • Manual dietary entries
  • Nutritional intake history
  • Supplement intake
  • Activity or training data (where provided)
2.3 Genetic Data (Special Category Data)

Where you choose to use Boone’s genetic services, we process:

  • Raw VCF (Variant Call Format) files
  • SNP-level genotype data
  • Derived nutrigenetic traits
  • Biological predisposition indicators

Genetic data constitutes Special Category Personal Data under Article 9 UK GDPR.

It is processed only:

  • With explicit consent
  • For the purpose of delivering personalised nutrition insights
  • Within secured, access-restricted environments
  • Encrypted at rest
  • Stored separately from identifying account data

Physical saliva samples are destroyed after laboratory processing and are not retained by Boone.

If your account is deleted, genetic data is permanently deleted. Encrypted backup copies may be retained for up to 12 months for disaster recovery purposes.

3. Reanalysis of Genetic Data

Scientific understanding evolves over time.

By providing genetic data, you acknowledge and consent that Boone may:

  • Reanalyse your genetic data
  • Update trait interpretations
  • Improve biological modelling
  • Automatically update dashboards
  • Notify you of newly identified insights

This ongoing reinterpretation is part of the core service.

You may withdraw consent and request deletion at any time.

4. Lawful Basis for Processing

We rely on:

Contract
To provide the Services.

Explicit Consent
For genetic data, child data, and certain health-related processing.

Legitimate Interests
To improve and secure our Services, develop and refine AI models, prevent fraud and misuse, and operate our platform efficiently. We conduct balancing assessments to ensure these interests do not override your fundamental rights and freedoms.

Legal Obligation
For compliance with UK law.

5. Artificial Intelligence, Profiling and Model Training

Boone uses artificial intelligence and machine learning to:

  • Analyse dietary patterns
  • Model nutrient exposure
  • Generate personalised recommendations
  • Improve predictive nutrition algorithms

This includes profiling based on behavioural and biological data.

Model training occurs using pseudonymised user-level datasets.

Pseudonymised data remains personal data under UK GDPR. All training occurs within secure environments with strict access controls.

We do not make medical diagnoses or automated decisions that produce legal or similarly significant effects.

6. Use of Data for AI Development and Commercialisation

By using our Services, you acknowledge that:

  • Pseudonymised user-level data may be used internally to develop and improve AI systems.
  • Structured datasets derived from user data may be commercially licensed.
  • Such datasets may include structured pseudonymised records from which direct identifiers have been removed.

Where datasets are commercialised:

  • Direct identifiers are removed.
  • Raw genetic data is never shared.
  • Appropriate technical and organisational safeguards are applied.

Boone does not sell identifiable personal data.

7. Third-Party AI Services

Boone may use third-party AI tools for limited purposes such as food image recognition.

  • No genetic data is ever sent to third-party AI providers.
  • No user nutritional behaviour history is sent externally.
  • Only necessary image data is transmitted.
  • Technical safeguards are implemented to minimise data exposure.

8. Data Sharing

We may share data with:

Service Providers
Cloud hosting, payment providers and infrastructure partners. All service providers process data on our behalf under written data processing agreements and are required to implement appropriate security measures.

Laboratory Partners
For genetic processing.

Enterprise Clients
Where explicit user consent is provided (e.g., sports nutritionists). Schools receive only aggregated, non-identifiable insights.

Research and Industry Partners
Using aggregated or structured pseudonymised datasets.

We do not sell identifiable personal data.

9. Children and Parental Consent

Minimum account age is 16.

Genetic testing of individuals under 16 is permitted only where:

  • A parent or legal guardian provides explicit consent
  • Consent is declared during onboarding

Parents are responsible for ensuring they are legally authorised to provide consent.

Children’s genetic data receives the same security protections as adult data.

10. Data Retention

Account data
Retained while account remains active and for up to 6 years after closure where legally required.

Genetic data
Retained until account deletion or withdrawal of consent.

Backups
Retained up to 12 months.

Pseudonymised structured datasets
May be retained for long-term model development and commercial purposes.

11. Your Rights

Under UK GDPR you have the right to:

  • Access your data
  • Correct inaccuracies
  • Request deletion
  • Restrict processing
  • Object to processing
  • Data portability
  • Withdraw consent
  • Lodge a complaint with the ICO

We may request verification of your identity before responding to requests. We will respond within one month in accordance with UK GDPR.

Contact: privacy@myboone.app

12. Security Measures

  • Encryption at rest and in transit
  • Role-based access controls
  • Segregated storage of genetic and identifying data
  • Secure infrastructure environments
  • Organisational access restrictions

13. International Transfers

Where data is processed outside the UK, we rely on:

  • UK International Data Transfer Agreements
  • Adequacy decisions
  • Contractual safeguards

14. Updates to This Policy

We may update this Policy to reflect legal, operational or technical changes.

Material changes will be communicated in-app or via email.

15. Complaints

Information Commissioner’s Office
https://ico.org.uk
Telephone: 0303 123 1113

Cart
0