Privacy Policy

Fitness AI ("we," "our," or "us") operates the Fitness AI mobile application (the "App"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the App.

By using the App, you agree to the collection and use of information in accordance with this policy.

Account Information

• Email address (when you create an account)
• Display name (optional)
• Authentication provider (email, Google, or Apple sign-in)

Health & Fitness Data (device-only)

• Meal logs and food items you record
• Calorie and macronutrient data
• Weight entries and progress photos
• Water intake logs
• Fitness goals and onboarding preferences

This data is stored exclusively on your device and is never sent to our servers unless you explicitly enable Cloud Backup. If Cloud Backup is enabled, your data is encrypted with AES-256-GCM on your device before upload.

Device Information

• Device platform (iOS or Android)
• App version
• A server-generated device identifier for authentication
• Device attestation data (Play Integrity on Android, App Attest on iOS) to verify device integrity

Usage Data

• App activity events (e.g., feature usage, session data) for analytics
• IP address (used for rate limiting, session location, and abuse prevention)

Photos

• Meal photos are sent to our server for AI food recognition and are not stored after processing
• Weight progress photos are stored only on your device

• Provide and maintain the App's core functionality (meal tracking, nutrition analysis, streaks, etc.)
• Process AI-powered food recognition from meal photos
• Authenticate your identity and secure your account
• Send transactional emails (verification codes, password resets) in response to your actions
• Send marketing emails about product updates and new features (only if you opt in)
• Prevent abuse, fraud, and unauthorized access through rate limiting and device attestation
• Improve the App based on aggregated, anonymized usage analytics

Your health and fitness data (meals, weight, streaks, goals) is stored locally on your device using SQLite. This data never leaves your device. The only exception is if you explicitly enable Cloud Backup in the App settings.

If you enable Cloud Backup, your data is encrypted with AES-256-GCM using a per-user encryption key before being uploaded. Backups are stored in AWS S3 with server-side encryption (SSE-S3) as an additional layer of protection.

Account data (email, authentication tokens, session information) is stored in AWS DynamoDB in the US East (N. Virginia) region, protected by AWS security best practices including encryption at rest.

Passwords are hashed using bcrypt and are never stored in plain text.

We use the following third-party services:

• Amazon Web Services (AWS) — Cloud infrastructure for authentication, data storage, and email delivery (via SES)
• FatSecret API — Food recognition, nutrition database, and barcode lookup. Meal photos are sent to FatSecret for analysis and are not retained after processing
• RevenueCat — Subscription management for in-app purchases. RevenueCat receives an anonymous user identifier only
• Google Sign-In / Apple Sign-In — Optional OAuth authentication. We receive only your email, name, and a unique identifier from these providers
• ipinfo.io — IP geolocation for displaying session locations in your account settings. Only IP addresses are sent; no personal data is shared

Each third-party service operates under its own privacy policy. We encourage you to review them.

Transactional emails (verification codes, password resets) are sent only in direct response to your actions and cannot be unsubscribed from, as they are necessary for account security.

Marketing emails (product updates, feature announcements) are sent only to users who have opted in. You can opt out at any time through the App settings or by clicking the unsubscribe link in any marketing email. Unsubscribing is immediate and permanent until you choose to re-subscribe.

• Account data is retained for as long as your account exists
• Local health data (meals, weight, streaks) is stored on your device and under your control
• Cloud backups are overwritten with each new backup (one backup per user)
• Debug logs uploaded to our servers are retained for 14 days
• Password reset tokens expire after 1 hour
• Email suppression records (bounces, complaints) are retained permanently to prevent re-sending

You have the right to:

• Access the personal data we hold about you
• Delete your account and associated data by contacting us
• Export your meal history (CSV or JSON) from the App
• Opt out of marketing communications at any time
• Disable cloud backup, which removes your backup from our servers

The App is not intended for use by anyone under the age of 13. We do not knowingly collect personal information from children under 13. If you believe we have collected such information, please contact us and we will delete it.

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new policy on this page and updating the "Last updated" date. Your continued use of the App after changes constitutes acceptance of the updated policy.

If you have questions about this Privacy Policy or your data, contact us at:

Email: service@fitnessai.info