Privacy Policy

Bene is operated by Pour Global Ltd (trading as “Bene”), a company registered in England and Wales, company number 15531004, with its registered office at 5 Canon Court, Institute Street, Bolton, England, BL1 1PZ. Pour Global Ltd is the data controller for the personal data described in this policy.

You can contact us about anything in this policy at hello@trybene.com.

Account information.When you create an account we collect your name and email address, plus the credentials of the sign-in method you choose: an email and password (stored in hashed form by our authentication provider, never readable by us), or your Apple or Google sign-in identifier. If you use Apple's “Hide My Email”, we only ever see the private relay address. Each account is identified internally by a random user ID.

Health and fitness data you log. This is the core of the app and includes: workouts (exercises, sets, weights, reps, durations), workout routines and training schedules, body-weight entries, nutrition logs (foods, portions, calories, and macronutrients), habits and habit completions, and the profile details you choose to provide (date of birth, biological sex, height, activity level, and goals). Under UK data protection law, health-related data is “special category” data and we treat it accordingly — see section 5.

Apple Health (HealthKit) data. If you explicitly connect Apple Health, Bene reads your completed workouts (activity type, duration, heart rate, energy burned, distance, and routes where available) to show them alongside your logged data. Apple Health data is never stored on our servers — it lives on your device only. The one time it is transmitted: if you have enabled the coach (your explicit consent, section 4), summaries of your recent Apple Health workouts — their dates, activity types, durations, average heart rates, energy burned, distances, and the device or app each came from (for example “Apple Watch” or “Garmin Connect”) — are included in the data sent transiently to generate coach replies, and are not retained afterwards. Workout route and location data is never transmitted. We never use Apple Health data for advertising or marketing, never disclose it to third parties for their own purposes, and never sell it. You can disconnect Apple Health at any time in the app or in iOS Settings.

Meal photos.If you use the meal-scan feature, the photo you take is processed to estimate the meal's nutrition and then discarded — we do not store meal photos on our servers. Photos are captured live in the app; Bene has no access to your photo library.

Coach conversations. Messages you exchange with the in-app coach are stored on your device only, are automatically deleted after 30 days, and are never written to our servers. To generate each reply, your recent messages and a summary of your logged data are transmitted transiently to our AI provider (see section 4).

Usage and diagnostic data.We collect aggregate usage events (for example, “a workout was saved”) and crash reports so we can understand what's working and fix what isn't. This data is not used for advertising and is not combined with your logged health data. Bene contains no advertising identifiers (IDFA) and does not track you across other companies' apps or websites.

Device integrity tokens. To protect our backend from abuse, requests from the app carry an Apple App Attest token that proves they come from a genuine copy of Bene. These tokens identify the app installation, not you.

• To provide the service — recording your logs, showing your history and trends, and reconciling your plans against what you actually did.
• To back up and restore your data — your logged data is synced to our cloud database so it survives a lost phone or reinstall and is there when you sign in again.
• To power the AI features you choose to use — the coach answers questions grounded in your own logs, and meal scan estimates nutrition from a photo. Both are described fully in section 4.
• To improve Bene — using aggregate usage statistics that are not tied to your identity.
• To keep the service reliable and secure — crash diagnostics, abuse prevention, and rate limiting.
• To manage your account and subscription — including the free trial and purchases made through Apple.

We do not use your data for advertising, sell it, or share it with data brokers. We do not make automated decisions about you that have legal or similarly significant effects.

Bene's coach and meal-scan features are powered by Anthropic, PBC, a US-based AI provider acting as our processor (sub-processor). This is the one place your health-related data leaves our infrastructure, so here is exactly how it works:

• Coach: when you send a message (or when, with your consent, the coach proactively comments on your training), your recent conversation and a compact summary of your logged data — recent workouts, personal records, nutrition totals, weight trend, habits, profile basics, and your first name — are sent to Anthropic to compose the reply. If Apple Health is connected, this includes your recent Apple Health workout summaries (dates, activity types, durations, average heart rates, energy burned, distances, and the source device or app — never location routes).
• Meal scan: the photo you take of a meal is sent to Anthropic to produce an editable nutrition estimate.
• Nothing is sent until you accept the in-app coach introduction (your explicit consent) or actively use meal scan. If you never use these features, no data ever goes to Anthropic.
• Anthropic processes this data solely to generate the response. Under its commercial API terms, Anthropic does not use this data to train its AI models and does not sell it; it may be retained briefly for abuse and safety monitoring and is then deleted.
• You can withdraw consent at any time by simply not using the coach, disabling the coach's proactive notes in the app's notification settings, or deleting your account.

AI outputs are estimates and conversational guidance — not medical, dietary, or treatment advice. Meal-scan results are always shown for your review and editing before anything is logged.

We rely on the following legal bases:

• Performance of a contract(Article 6(1)(b)) — operating your account, storing and syncing your logs, and providing the app's features.
• Your explicit consent (Articles 6(1)(a) and 9(2)(a)) — for processing the health-related data you choose to log, for reading Apple Health data, and for sending data summaries to our AI provider when you enable and use the coach and meal-scan features. You can withdraw consent at any time.
• Legitimate interests (Article 6(1)(f)) — keeping the service secure, preventing abuse, and understanding aggregate usage so we can improve the product. We balance these interests against your rights, and none of this processing involves advertising or profiling.
• Legal obligation (Article 6(1)(c)) — where we must retain or disclose information to comply with the law.

We use a small number of providers to run Bene. Each processes data only on our instructions:

• Google Cloud / Firebase(Google Ireland Ltd) — authentication, our cloud database and backend functions, aggregate analytics, and crash reporting. Your synced data is stored in Firebase's European Union multi-region (eur3), and our backend functions run in London (europe-west2).
• Anthropic, PBC (USA) — generates coach replies and meal-scan nutrition estimates, as described in section 4.
• Apple — app distribution, Sign in with Apple if you choose it, and all payment processing for subscriptions. We never see your payment card details.
• RevenueCat, Inc. (USA) — subscription management. Processes purchase receipts and subscription status tied to your random user ID; it receives none of your health or nutrition data.
• Open Food Facts (a French non-profit) — when you scan a barcode or search its food database, the barcode or search text is sent to Open Food Facts to find the product. No account or health data accompanies these lookups.

Your synced data lives in the EU. Where a provider processes data in the United States (Anthropic, RevenueCat), we rely on UK-approved transfer safeguards — the UK Extension to the EU-U.S. Data Privacy Framework where the provider is certified, or the UK International Data Transfer Agreement / standard contractual clauses otherwise.

• Your account and logged data: for as long as your account exists. Deleting your account (section 9) removes it permanently.
• Coach messages: on your device only, deleted automatically after 30 days, and wiped immediately on sign-out or account deletion.
• Meal photos: not stored by us at all — processed transiently to produce the estimate.
• Apple Health data: cached on your device only and removed when you disconnect Apple Health, sign out, or delete the app. The workout summaries transiently sent for coach replies (section 4) are not stored by us.
• Aggregate analytics: retained by Google Analytics for up to 14 months.
• Crash reports: retained by Crashlytics for approximately 90 days.

Under UK data protection law you have the right to access, correct, delete, restrict, or object to our processing of your personal data, the right to data portability, and the right to withdraw consent at any time.

Deleting everything is built into the app: Profile → Delete account permanently removes your cloud data, your authentication record, and the data on your device. This is immediate and irreversible. You can also email us at hello@trybene.com to exercise any of your rights, and we will respond within one month.

If you are unhappy with how we handle your data, you can complain to the UK Information Commissioner's Office at ico.org.uk.

Your data is encrypted in transit (TLS) and at rest. Access to your cloud data is restricted by per-user security rules — each account can only ever read and write its own records — and our backend accepts requests only from attested, genuine installations of the app. No system is perfectly secure, but we design for the failure modes: signing out wipes the device, and account deletion removes the cloud copy.

Bene is not directed at children and is intended for users aged 16 and over. We do not knowingly collect personal data from anyone under 16; if you believe a child has created an account, contact us and we will delete it.

If we make material changes — especially anything that affects how your health data is processed — we will update this page, revise the date at the top, and notify you in the app before the change takes effect. The current version is always at trybene.com/privacy.