Privacy Policy

Last updated: January 2024

Your privacy is important to us. This Privacy Policy explains what data we collect, how we use it, how we protect it, and what choices you have. By using BMI Health Checker, you agree to the practices described in this policy. We encourage you to read it in full so you understand how your information is handled.

1. Information We Collect

When you use BMI Health Checker, we may collect the following categories of information:

1.1 Account Information

When you create a free account, we collect your name and email address. This information is used solely to authenticate your account, personalise your experience, and communicate with you about your account or our services. You can use all of our calculators — including the BMI Calculator, Body Fat Calculator, Calorie Calculator, and Ideal Weight Calculator — without creating an account. An account is only required if you wish to save your results and track them over time.

1.2 Health and Calculator Data

When you use our calculators, you may enter personal health data such as your height, weight, age, gender, and body circumference measurements. If you use the calculators without an account, this data is processed in your browser and is not stored on our servers. If you are signed in, your calculator results (such as BMI scores, body fat percentages, and calorie estimates) are saved to your account so you can track changes over time. This data is encrypted at rest and is accessible only to you through your authenticated session.

1.3 Usage and Device Data

We automatically collect certain technical information when you visit our site, including your IP address, browser type and version, operating system, device type, screen resolution, referring URL, pages visited, time spent on each page, and interactions with site features. This data is collected in aggregate to help us understand how our tools are used, identify technical issues, and improve the user experience. We do not use this data to personally identify you.

1.4 Contact Form Data

When you submit a message through our contact form, we collect your name, email address, subject, category, and message content. This information is used exclusively to respond to your inquiry and is retained only as long as necessary to resolve your request.

1.5 Newsletter Data

If you opt in to receive our newsletter, we collect your email address and, optionally, your first name. You can unsubscribe at any time using the link provided in every email. We never share your email address with third parties for marketing purposes.

2. How We Use Your Information

We use collected information for the following purposes:

• Providing our services — powering calculator functionality, saving your results, and delivering personalized health tracking.
• Improving our platform — analysing usage patterns to enhance calculator accuracy, add new features, fix bugs, and optimise page performance.
• Communication — responding to contact form inquiries, sending account-related notifications, and delivering newsletters to subscribers who have opted in.
• Security — detecting and preventing fraud, abuse, and unauthorised access to our services.
• Legal compliance — meeting legal obligations, responding to lawful requests from authorities, and enforcing our Terms of Service.

We do not sell, rent, or trade your personal information to third parties for their marketing purposes. We do not use your health data for advertising or profiling.

3. Data Storage and Security

Your data is stored securely using industry-standard encryption protocols. All data transmitted between your browser and our servers is protected by TLS (Transport Layer Security) encryption. Sensitive data stored in our database, including health measurements and account credentials, is encrypted at rest using AES-256 encryption.

We implement multiple layers of security to protect your information, including regular security audits, access controls that limit data access to authorised personnel only, automated monitoring for suspicious activity, and secure coding practices that follow OWASP guidelines. While no system can guarantee absolute security, we take every reasonable measure to protect your data from unauthorised access, alteration, disclosure, or destruction.

Your account password is hashed using a one-way algorithm — we cannot see or recover your password. If you forget your password, you must reset it through our secure reset process.

4. Cookies and Tracking Technologies

4.1 Essential Cookies

These cookies are strictly necessary for our site to function. They handle authentication (keeping you signed in), session management, and security features such as CSRF protection. Essential cookies cannot be disabled without breaking core site functionality.

4.2 Analytics Cookies

We use analytics cookies to understand how visitors interact with our site — which pages are most popular, how long users spend on each page, and where users encounter errors. This data is collected in aggregate and does not personally identify individual visitors. Analytics data helps us prioritise improvements and ensure our calculators and articles serve you effectively.

4.3 Preference Cookies

These cookies remember your settings and preferences, such as your preferred unit system (metric or imperial), theme preferences, and whether you have dismissed certain informational banners. They improve your experience by eliminating the need to reconfigure settings on each visit.

4.4 Managing Cookies

You can control cookie preferences through your browser settings. Most browsers allow you to block or delete cookies, view which cookies are stored, and set preferences for specific websites. Please note that disabling essential cookies may prevent you from using features that require authentication. For information on managing cookies in popular browsers, visit your browser's help documentation.

5. Third-Party Services

We may use the following categories of third-party services, each governed by their own privacy policies:

• Analytics providers — to collect aggregate usage data (e.g., Google Analytics). We configure these services to anonymise IP addresses where possible.
• Hosting and infrastructure — our site is hosted on cloud infrastructure providers that maintain industry-standard security certifications.
• Email delivery — we use third-party email services to deliver transactional emails (such as password resets) and newsletters. These providers process your email address solely for delivery purposes.
• Advertising networks — we may display advertisements from third-party networks. These networks may use cookies to serve ads based on your browsing activity across websites. You can opt out of personalized advertising through the relevant network's settings or through industry opt-out tools like the Digital Advertising Alliance's opt-out page.

We vet third-party providers to ensure they meet reasonable data protection standards. However, we are not responsible for the privacy practices of third-party services. We encourage you to review their privacy policies.

6. Data Retention

We retain your personal information only for as long as necessary to fulfil the purposes described in this policy. Account data is retained for as long as your account is active. If you delete your account, all associated data — including saved calculator results and personal information — is permanently removed from our servers within 30 days. Usage analytics data is retained in aggregate (non-identifiable) form and is not subject to deletion requests. Contact form submissions are retained for up to 12 months after the inquiry is resolved.

7. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

• Right of access — request a copy of the personal data we hold about you.
• Right of rectification — request corrections to inaccurate or incomplete data.
• Right of erasure — request deletion of your personal data (subject to legal obligations).
• Right to restrict processing — request that we limit how we use your data in certain circumstances.
• Right to data portability — request your data in a structured, machine-readable format.
• Right to object — object to processing of your data for direct marketing or based on legitimate interests.
• Right to withdraw consent — where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, contact us through our contact page. We will respond within 30 days. We may ask you to verify your identity before processing certain requests.

8. Children's Privacy

BMI Health Checker is designed for adults aged 18 and over. We do not knowingly collect personal information from children under 18. Standard BMI and body fat categories are not clinically appropriate for children and adolescents, whose bodies are still developing. If we become aware that we have collected data from a child under 18, we will delete it promptly. If you believe a child has provided us with personal data, please contact us immediately.

9. International Data Transfers

BMI Health Checker is operated globally, and your data may be transferred to and processed in countries other than your own. We ensure that appropriate safeguards are in place for any international data transfers, including standard contractual clauses and compliance with applicable data protection regulations.

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make significant changes, we will notify registered users by email and update the "Last updated" date at the top of this page. We encourage you to review this policy periodically.

11. Contact

If you have questions, concerns, or complaints about this privacy policy or our data practices, please contact us through our contact page. You also have the right to lodge a complaint with your local data protection authority if you believe your data has been processed unlawfully.