Last updated: September 30th, 2025

 

1. Introduction

Welcome to Boli (“we”, “our”, or “us”).

Boli is a digital health company committed to supporting people with obesity and type 2 diabetes, beginning with those using GLP-1 medications. We value your privacy and are committed to protecting your personal data in accordance with the General Data Protection Regulation (EU) 2016/679 (“GDPR”), the French Data Protection Act (“Loi Informatique et Libertés”), and applicable U.S. privacy laws such as the California Consumer Privacy Act (“CCPA”), as amended by the CPRA.

This Privacy Policy explains how we collect, use, store, and share your personal data when you visit our website or use our services.

 

 

2. Who We Are

Company name: Boli

Legal form: SAS (Société par actions simplifiée)

Registered address: 3 rue Loustau, 64200 Biarritz FRANCE

SIRET / RCS: 989 985 718 R.C.S. Bayonne

Data controller: Boli SAS

Contact email: [email protected]

DPO contact: [email protected]

 

3. Scope of This Policy

This policy applies to:

• Visitors to our website (www.boli.care)

• Users interacting with our content, contact forms, cookies, or newsletter

• Future users of the Boli digital therapeutic platform (if pre-registration is available)

This policy does not apply to third-party websites or platforms that may be linked to from our site.

4. What Personal Data We Collect

We may collect the following categories of data:

a. Information you provide voluntarily

• Contact details (name, email, company, phone)

• Information submitted via forms (e.g., “Contact us”, newsletter subscription)

• Any message or comment you send to us

b. Automatically collected data

• IP address and browser/device information

• Pages visited, time spent, referring URLs

• Cookies and tracking technologies (see Section 9)

c. Future platform users (when applicable)

If you register or use the Boli platform, additional data may include:

• Health-related data (e.g., weight, symptoms, treatments)

• Food intake, activity, behavioral inputs

• User preferences and settings

We collect health data only when explicitly provided and with your consent. These are considered special categories of data under Article 9 of the GDPR and are processed securely.

 

5. Legal Basis for Processing

We process your data based on one or more of the following legal grounds:

• Consent (Art. 6.1.a GDPR): for newsletter subscriptions, cookies, or health data

• Contract performance (Art. 6.1.b): when you register or interact with our services

• Legal obligation (Art. 6.1.c): e.g., keeping logs for security or compliance

• Legitimate interest (Art. 6.1.f): improving our website, preventing fraud, analytics

For U.S. users, we rely on similar grounds as permitted under local state law (e.g., CCPA, HIPAA where applicable).

 

6. Purposes of Data Use

We use your data to:

• Communicate with you (e.g., newsletter, responses)

• Improve our website and services

• Develop and personalize the Boli app and experience

• Conduct analytics and performance measurement

• Ensure legal compliance and security

We do not sell your personal data. Ever.

7. Data Sharing and Transfers

We may share your data with:

• Service providers (e.g., hosting, analytics, CRM, email tools)

• Health professionals or researchers, only with your explicit consent

• Regulatory authorities, if legally required

• Acquirers, in case of a merger, acquisition, or corporate restructuring

Some data may be transferred outside the EU, including to the U.S. In such cases, we ensure appropriate safeguards are in place (e.g., Standard Contractual Clauses approved by the EU Commission).

8. Data Retention

We retain your data only as long as necessary:

• Contact data: up to 3 years after last interaction

• Newsletter: until unsubscribed

• Analytics logs: typically 13 months

• Health data (if collected): duration of your use + 3 years maximum unless otherwise required

You can request deletion at any time (see Section 10).

 

9. Cookies & Tracking

We use cookies for:

• Website performance and analytics (e.g., Google Analytics)

• Functionality (e.g., language preferences)

• Marketing (only with consent)

A cookie banner appears on first visit and allows you to customize preferences.

See our full Cookie Policy for details.

 

10. Your Rights

As a data subject (under GDPR or CCPA), you have the following rights:

Under GDPR / French law:

• Right to access your data

• Right to rectify inaccurate data

• Right to erasure (“right to be forgotten”)

• Right to object to certain processing

• Right to restrict processing

• Right to data portability

• Right to withdraw consent at any time

• Right to lodge a complaint with CNIL (www.cnil.fr)

Under CCPA (California residents):

• Right to know what data is collected

• Right to request deletion

• Right to opt-out of data selling (not applicable — we do not sell)

• Right to non-discrimination for exercising your rights

To exercise any of these rights, email us at: [email protected]

 

11. Data Security

We implement industry-standard technical and organizational measures:

• HTTPS encryption

• Secure cloud hosting (e.g., in EU or compliant providers)

• Access control and data minimization

• Staff confidentiality and training

However, no system is 100% secure. In case of a data breach, we will notify users and authorities as required by law.

12. Children’s Privacy

Our services are not intended for children under 16 years of age (or 13 in the U.S.). We do not knowingly collect data from minors. If you believe a minor has provided us with data, please contact us immediately.

 

13. Changes to This Policy

We may update this policy to reflect changes in our practices, services, or legal obligations. Changes will be posted on this page with a new date. We recommend reviewing this page regularly.

14. Contact

If you have questions, concerns, or requests related to this policy, please contact:

Boli SAS

Email: [email protected]