Privacy Policy
This Privacy Policy explains how Broom collects, uses, shares, and protects the personal data of its users in accordance with the General Data Protection Regulation (GDPR - EU 2016/679).
By using the Broom mobile application or the associated website, you accept the practices described below.
1. Data collected
Broom collects only the data necessary for its operation, to improve the user experience, and to personalize wellness advice.
1.1. Data voluntarily provided by the user
- Name, first name (optional)
- Email address
- Age or date of birth
- Weight, height
- Personal goals (lose weight, stay fit, gain muscle…)
- Wellness information (stress level, sleep quality, habits)
- Food data (preferences, diets, allergies)
- Physical activity (type of sport, frequency, duration)
This data falls into the category of "sensitive personal data" under GDPR, as it relates to health.
It is only collected with explicit consent.
1.2. Automatically collected data
- Device technical data (model, OS version)
- Internal user identifier
- Application usage statistics
- IP address and cookies (for website only)
1.3. No data is collected without your knowledge.
Broom does not collect:
- Precise geolocation data without authorization
- Health data from tracking devices (like Apple Health) except with consent
- Private content or phone files
2. Purposes of collection
Broom uses your data to:
2.1. Provide essential services
- Account creation and management
- Personalization of advice (nutrition, sport, wellness)
- Progress tracking
- Recommendations adapted to your goals
2.2. Service improvement
- Anonymous statistical analysis
- Error correction
- Feature optimization
2.3. Communication
- Sending informative emails (password, service updates)
- Motivational notifications (optional)
2.4. Compliance with legal obligations
- Security
- Prevention of abuse or fraud
3. Legal basis for processing (GDPR)
The processing is based on:
- Your explicit consent (health, food, sport data)
- Contract performance (account creation, use of Broom)
- Our legitimate interest (service improvement)
- Legal obligations (security, minimum retention)
You can withdraw your consent at any time.
4. Data sharing
Your data is NEVER sold.
It may only be shared with:
4.1. Technical service providers
- Secure hosting (servers)
- Anonymous statistics services
- Email sending systems
These partners comply with GDPR and cannot use your data for anything else.
4.2. Transfers outside the EU
If a provider is located outside Europe, Broom uses:
- Standard contractual clauses (SCC)
- GDPR-compliant providers
No transfer is made without legal protection.
5. Data retention period
- User account: until deletion by the user
- Health data: strict minimum, deleted as soon as no longer necessary
- Technical logs: maximum 12 months
- Cookies: according to settings (max 13 months)
You can request immediate deletion (see section 7).
6. Security
Broom implements advanced measures:
- Data encryption
- Secure servers
- Restricted access to authorized employees
- Protected backups
- Regular security tests
No system is infallible, but Broom does everything to ensure a high level of protection.
7. Your rights (GDPR)
You have the following rights:
- Right of access to your data
- Right to rectification
- Right to erasure ("right to be forgotten")
- Right to restriction of processing
- Right to object
- Right to withdraw consent
- Right to data portability (export of your data)
To exercise your rights, contact:
Broom commits to respond within a maximum of 30 days.
8. Cookies (website)
Broom uses cookies to:
- Measure audience
- Improve user experience
- Save your preferences
You can refuse them via the consent banner.
9. Policy modifications
Broom may update this Privacy Policy.
You will be informed in case of significant changes.
10. Contact
For any questions: