Privacy Policy

BodyfatAI LLC ("BodyfatAI," "we," "us," or "our") provides a mobile application that estimates body-fat percentage and related fitness metrics from user-submitted photos and measurements. This Privacy Policy explains what data we collect, how we use it, how we protect it, and the choices you have. If you do not agree with this policy, please do not use the app.

1. Who We Are & How to Contact Us

2. What We Collect

Personal Information (you provide)

• Account Data: Email, first and last name; phone number (optional).
• Preferences: Measurement units (imperial/metric), notification settings.
• Body Measurements: Height, weight, gender, goals (goal weight, goal body-fat %).
• Profile Photos: Not collected (no user avatars).

Sensitive/Health-Related Data (you provide)

• Body Photos: Up to 4 photos per scan for AI analysis.
• Derived Health Metrics: Estimated body-fat %, BMI, and muscle-mass estimates (computed and retained).

Legal note: In some regions, photos and derived metrics may be considered special category (health) data. We apply enhanced safeguards (see Security).

Technical & Usage Data (automatically)

• Device & App: Device model, OS version, app version.
• Diagnostics: Essential app logs necessary to operate and secure the service.
• IP Address: Used for security, fraud prevention, and approximate location (country/region).
• Location Data: We do not collect precise location. However, image metadata (EXIF) supplied by your device may contain location; see Section 4.
• Analytics Data: Usage patterns and performance metrics collected via PostHog (see Section 7 for details).

3. How We Use Your Data

• Core Service: Perform AI body-fat analysis and display progress over time.
• Personalization: Provide insights, ranges, trends, and recommendations.
• Account & Support: Create/manage your account, respond to requests, send service messages.
• Improvement & Safety: Debug, ensure availability, prevent fraud/abuse, and secure our services.
• Analytics: Understand how users interact with the app to improve features and user experience.
• Legal Compliance: Meet legal, tax, and regulatory obligations.

Legal bases (if GDPR/UK GDPR applies)

• Contract: To provide the app and core features you request.
• Consent: Processing photos for analysis and any optional marketing. You can withdraw consent at any time.
• Legitimate Interests: Service improvement, analytics, and security (balanced with your rights).
• Legal Obligation: Compliance with applicable laws.

4. Photos, Camera & Media Permissions

• Camera Permission: Required to take analysis photos.
• Photo Library Permission: Optional to import existing photos.
• Processing: Photos are transmitted securely to our servers and processed by our AI system to generate estimates.
• Storage & Deletion: Photos are stored encrypted in our cloud storage so you can review your progress history. You can delete photos from within the app, which marks them as deleted in your account (soft delete), but the photos remain in our database for operational and backup purposes. We retain both the photos and numeric results (e.g., body-fat %, muscle-mass estimate) for your history until you delete your account. When you delete your account, all photos and data are permanently removed within 30 days.
• Image Metadata (EXIF): Your device may embed metadata (e.g., timestamp, camera info, possibly GPS). We do not use precise GPS for features; if present in EXIF, it may be received as part of the file. We do not use EXIF location for personalization or tracking and strip or discard it during processing where feasible.
• Sharing: You can enable sharing of results or photos via links/social features; sharing is off by default and entirely user-initiated.

5. Subscriptions & Payments

• Payment Processors: Apple App Store and Google Play manage billing; we do not receive your full card details.
• Subscription Management: We use RevenueCat to validate receipts and manage access (entitlements).
• Data Received from Stores/RevenueCat: Product IDs, purchase history, renewal status, platform identifiers—only what's necessary to grant and maintain your subscription.

6. Third-Party Services

We share only what is necessary for each provider to perform services for us, bound by contracts and safeguards.

• RevenueCat (subscriptions): Limited purchase and entitlement data to verify premium access.
• PostHog (analytics): Usage patterns, device info, and performance data to improve the app. We send only anonymized user IDs; no photos, measurements, email, or personal information. See Section 7 for details.
• Cloud Hosting: Google Cloud (Cloud Run / Cloud SQL) in US regions for hosting and storage.
• AI/ML Inference: Model provider kept generic; photos may be processed transiently by third-party AI to generate estimates. We require secure transfer; photos are not stored beyond processing.

7. Analytics and Tracking

We use PostHog, a product analytics platform, to understand how you use our app and improve your experience. PostHog collects:

• Usage Patterns: Which features you use, screens you visit, and buttons you click.
• Device Information: Device type, operating system version, and app version.
• Performance Data: How the app performs on your device.

What PostHog does NOT collect:

• Your photos or body measurements.
• Your email address or name (we send only an anonymized user ID).
• Text you enter in forms (autocapture is disabled).
• Payment information.
• Session recordings (disabled).

PostHog data is used solely to improve our app's features and user experience. We do not sell this data to third parties. PostHog is hosted in the US and complies with SOC 2 standards. For more information about PostHog's privacy practices, visit PostHog's Privacy Policy.

You can opt out of analytics tracking by contacting us at support@bodyfatai.app.

8. Data Security

• Encryption: TLS in transit; encryption at rest for stored data.
• Access Controls: Role-based, least-privilege, with audit trails.
• Secure Development: Dependency patching and periodic security reviews.
• Incident Response: If a data breach occurs, we will notify affected users and regulators as required.

9. Data Retention

• Account Data: Kept while your account is active.
• Scan Results (numbers/metrics): Retained to show progress until you delete them or your account.
• Photos: Stored encrypted in our cloud storage for your progress history. When you delete photos in-app, they are soft-deleted (marked as deleted but remain in our database). All photos are permanently removed within 30 days when you delete your account.
• Operational Logs: Retained for 24 months to ensure service integrity and security.
• Deleted Accounts: We purge or irreversibly de-identify personal data within 30 days of confirmed deletion, subject to legal retention duties.

For detailed instructions on how to delete your account and information about what data is removed, please visit our Account Deletion page.

10. Your Privacy Rights

Depending on your location, you may have the right to:

• Access and obtain a copy of your data.
• Correct inaccurate data.
• Delete your data and account (see deletion instructions).
• Restrict or object to certain processing.
• Data portability (portable copy).
• Withdraw consent (where processing is based on consent).
• Opt out of analytics tracking.

How to exercise your rights: Use in-app controls (where available) or email support@bodyfatai.app. We may need to verify your request and will respond within applicable timelines.

California (CCPA/CPRA)

• We do not sell or share personal information for cross-context behavioral advertising.
• You may request access, correction, or deletion, and can limit use of sensitive personal information where applicable.

11. Children's Privacy

The app is intended for adults 18+. We do not knowingly collect data from children. If you believe a minor has used the service, contact us to remove the data.

12. International Transfers

We process data in the United States and may process in other countries. For EEA/UK users, where applicable, we rely on appropriate transfer mechanisms (e.g., Standard Contractual Clauses) and implement additional safeguards.

13. Communications & Marketing

• Service Messages: Transactional emails/push (e.g., account, security, subscription updates).
• Marketing: Only with your consent; you can opt out via email footer or device settings.
• SMS: Not used unless you explicitly opt in (currently no SMS).

14. Cookies & Tracking (Website)

• Essential Cookies Only: The website may set strictly necessary cookies for login and authentication. We do not use cookies for advertising or analytics.
• Cookie Notice: For details, see our Cookie Notice.

15. Data Sharing & Disclosures

• No Sale: We do not sell personal information.
• Service Providers: We share with trusted vendors under contracts and only as needed.
• Legal Requirements: We may disclose information to comply with law, protect rights, or respond to lawful requests.
• Business Transfers: If we undergo a merger, acquisition, or asset sale, your data may transfer as part of the transaction and remain subject to this policy (or a successor policy of equal or greater protection).

16. Changes to This Policy

We may update this policy to reflect changes in our practices. We will post updates with a new effective date and, where required, notify you in-app or by email. Your continued use means you accept the updated policy.

17. Contact

Questions or requests about privacy? support@bodyfatai.app