At BetterLife, we have built a **zero-tracking, local-first** technical architecture designed to give you absolute control over your digital footprint. We are fully aligned with the strict standards of the **UK General Data Protection Regulation (UK GDPR)** and the European Union’s **GDPR (Regulation (EU) 2016/679)**.
1. The Four Pillars of Our GDPR Architecture
Traditional mobile apps store user data on remote databases, exposing users to tracking and potential data leaks. BetterLife re-engineers this relationship through absolute client-side sovereignty:
- Right to Access & Portability (Article 20): Under GDPR, you have the right to request all data collected about you in a clean, machine-readable format. Inside the **Profile Dashboard** of the App, you can execute a one-click **"Export my data"** request. The App instantly aggregates your profile metrics, streaks, active goals, and session logs, outputting a complete, standard **JSON document** that you can save or share directly.
- Right to be Forgotten / Erasure (Article 17): Purging your digital footprint should not require sending an email to a support desk. Under the Profile settings, tapping **"Delete all my data"** triggers a complete sandbox invalidation command. This instantly and permanently deletes all persistent caching keys, leaving zero trace of your personal records or session files on your device or the web.
- Right to Rectification (Article 16): You maintain full authority to modify any data point, including focus domains, email addresses, and coaching tone selections, directly inside the settings sheet. The changes compile and save locally in real-time.
- Data Protection by Design & Default (Article 25): Privacy is not a toggle-switch or an afterthought. By default, the App does not log, track, or share your activities. We do not use third-party analytics trackers, behavioral cookies, or commercial advertising SDKs.
2. Data Processing Agreements (DPA)
The only processing that occurs off-device is the secure semantic generation of your coach replies. When a chat message is sent:
It is securely processed under standard enterprise protection agreements. The processing endpoint acts strictly as a **Data Processor** on behalf of the App. The processor is explicitly bound to a **zero-training agreement**, guaranteeing that your session entries will not be recorded or used to train public machine learning systems.
3. Enforcement & Redress
If you are a resident of the United Kingdom or the European Economic Area (EEA), you have the right to lodge a complaint with a supervisory authority. In the UK, this is the **Information Commissioner's Office (ICO)** (www.ico.org.uk).