Privacy Policy

Effective Date: March 4, 2026

BNCO ("we," "us," or "our") is operated by Aurolly LLC. This Privacy Policy describes how we collect, use, and protect your personal information when you use the BNCO platform at bnco.studio and related services.

1. Information We Collect

We collect the following categories of information:

• Account Information: Email address, display name, and profile picture (provided directly or via Google OAuth sign-in).
• Profile Data: Birthday, gender, and location (city/state), provided during onboarding.
• Workout and Fitness Data: Workout sessions, duration, bnco scores, control scores, stillness scores, and respiratory efficiency metrics.
• Wearable Device Data: Biometric data synced from WHOOP (heart rate, strain, recovery, HRV) and Apple Health / Apple Watch (core motion, heart rate, workout data).
• Studio Membership Data: Studio affiliations, leaderboard rankings, challenge participation, and mission progress.
• Payment Information: Processed securely through Stripe. We do not store credit card numbers on our servers.
• Usage Data: Browser type, device information, pages visited, and feature usage patterns collected automatically.

2. How We Use Your Information

• Calculate your bnco Score, Vibe Score, and leaderboard rankings.
• Display your performance on studio and city leaderboards.
• Provide studio owners with aggregated analytics and at-risk member alerts.
• Process subscription payments and manage your account.
• Send important account notifications (we do not send marketing emails without consent).
• Improve and develop new features for the platform.

3. Third-Party Services

We integrate with the following third-party services:

• Google OAuth: For account authentication. Google receives your authentication request. See Google's Privacy Policy.
• Stripe: For payment processing. See Stripe's Privacy Policy.
• WHOOP API: To sync your biometric and workout data (only with your explicit authorization via OAuth). See WHOOP's Privacy Policy.
• Apple HealthKit: To receive workout and health data from your Apple Watch via our iOS app. Data is transmitted only with your permission.

4. Health Data Disclaimer

BNCO is a fitness tracking and gamification platform. The scores, metrics, and insights we provide are for informational and entertainment purposes only. They do not constitute medical advice, diagnosis, or treatment recommendations. Always consult a qualified healthcare provider before making decisions based on fitness or health data.

5. Data Storage and Security

Your data is stored on secured servers hosted on Fly.io with encrypted connections. We use industry-standard security measures including HTTPS encryption, hashed passwords (bcrypt), and JWT-based authentication. However, no method of transmission over the Internet is 100% secure, and we cannot guarantee absolute security.

6. Cookies and Local Storage

BNCO uses browser localStorage to store:

• Authentication tokens (for keeping you signed in).
• User preferences (theme, leaderboard visibility, widget layout).
• Cached profile data for faster loading.

We do not use third-party tracking cookies or advertising cookies.

7. Data Retention

We retain your personal data for as long as your account is active. Workout history and scores are retained to maintain leaderboard integrity. If you delete your account, we will remove your personal data within 30 days, except where retention is required by law.

8. Your Rights (CCPA / GDPR)

Depending on your location, you may have the following rights:

• Right to Access: Request a copy of the personal data we hold about you.
• Right to Delete: Request deletion of your account and associated data.
• Right to Export: Request your data in a portable format.
• Right to Correct: Request correction of inaccurate personal data.
• Right to Opt Out: We do not sell your personal information to third parties.

To exercise any of these rights, contact us at contact@aurolly.com.

9. Children's Privacy

BNCO is not intended for use by individuals under the age of 16. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child under 16, we will take steps to delete that information.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by posting a notice on our platform. Your continued use of BNCO after changes are posted constitutes your acceptance of the updated policy.

11. Contact Us

If you have questions about this Privacy Policy or your data, contact us at:

Aurolly LLC
Email: contact@aurolly.com