Terofit — Privacy Policy

1. Information We Collect

1.1 Account Information

When you create a Terofit account, we collect:

• Email address
• Display name
• Profile photo (optional)
• Authentication credentials (managed by Firebase Authentication, including third-party sign-in via Google)

1.2 Body & Physical Profile

To provide personalized nutrition and fitness recommendations, we collect:

• Weight (in kg or lbs)
• Height (in cm or inches)
• Biological sex
• Date of birth / age
• Activity level (sedentary, light, moderate, active, or athlete)
• Target weight and goal date (optional)
• Fitness goal (e.g., fat loss, balance, muscle gain)
• Preferred unit system (metric or imperial)
• Daily step goal
• Personal motivations (optional, free-text)

1.3 Health & Activity Data

If you grant permission, we sync health data from your device's health platform:

• Steps, distance walked, and flights climbed
• Active energy burned and exercise minutes
• Sleep data: total sleep duration, sleep efficiency, sleep stages (deep, REM, core, awake), bed and wake times, and granular sleep samples
• Data source information (e.g., Apple Health, Health Connect, Apple Watch status)

This data is accessed via Apple HealthKit (iOS) or Health Connect (Android) and is transmitted to our servers only with your explicit permission.

1.4 Nutrition & Meal Data

When you log meals, we collect:

• Food item names and descriptions
• Calorie and macronutrient values (protein, carbs, fat, fiber, sugar, sodium)
• Hydration intake (volume and beverage type)
• Meal timing (when you consumed each meal)
• Meal entry method (manual entry or photo-based)

1.5 Food Photos & Image Data

If you use the photo-based meal logging feature:

• Food photographs are captured from your device camera or photo library
• Photos are resized (to a maximum of 1280×1280 pixels) before processing
• Photos are sent to our nutrition analysis service for AI-powered food identification and calorie estimation
• Raw and processed images may be stored for analysis accuracy and service improvement

1.6 Menstrual Cycle Data (Optional)

If you opt in to cycle tracking, we collect:

• Last period start date
• Typical cycle length
• Period duration

This data is used solely to adjust nutritional and activity recommendations based on cycle phase.

1.7 Device & Technical Information

We automatically collect:

• Device platform (iOS or Android)
• App version
• Device capabilities (e.g., wearable presence)
• Timezone

1.8 AI Coaching Data

Our behavioral analysis engine ("Pigeon") processes a rolling window of your recent data (nutrition, activity, sleep, and profile) to generate personalized coaching insights. The inputs and outputs of this analysis are stored in your account.

2. How We Use Your Information

We use the information we collect to:

We do not use your data for third-party advertising or sell your personal information.

3. How We Share Your Information

We share your data only with the following categories of service providers, strictly for the purposes described:

3.1 Firebase (Google Cloud)

We use Google Firebase for authentication, database storage, and cloud functions. Your data is stored in Google Cloud Firestore and is governed by Google's privacy policy and Firebase's data processing terms.

3.2 Nutrition Analysis Service

Food photos and related metadata are transmitted to our nutrition analysis API for AI-powered calorie and macro estimation. This service processes images to identify food items, estimate portions, and calculate nutritional content.

3.3 Log & Audit Server

For quality assurance and debugging, image processing requests (including food photos and AI responses) may be mirrored to a secure logging server.

3.4 Behavioral Analysis Service

Aggregated nutrition, activity, sleep, and profile data is sent to our coaching analysis engine to generate personalized insights and recommendations.

3.5 Legal Requirements

We may disclose your information if required to do so by law, regulation, or legal process, or if we believe in good faith that disclosure is necessary to protect the rights, property, or safety of Terofit, our users, or the public.

We do not sell, rent, or trade your personal information to third parties for marketing purposes.

4. Data Storage & Security

• All user data is stored in Google Cloud Firestore, hosted in secure Google Cloud data centers.
• Data in transit is encrypted using TLS/HTTPS.
• Data at rest is encrypted by Google Cloud's default encryption.
• Access to production data is restricted to authorized personnel only.
• Food photos are processed and stored in encrypted environments.
• Authentication is managed through Firebase Authentication with secure token-based verification.

While we implement commercially reasonable security measures, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.

5. Data Retention

• Account data is retained for as long as your account is active.
• Health, nutrition, and activity data is retained for as long as your account exists and is used for historical trend analysis.
• Food photos and vision processing logs may be retained in our logging infrastructure for quality assurance purposes.
• Deleted account data is removed from our primary database (Firestore) and authentication system upon account deletion. Backup copies in logging infrastructure may persist for up to 90 days after deletion before being purged.

6. Your Rights & Choices

6.1 Account Deletion

You can delete your entire account at any time through the App. This will:

• Permanently delete your profile, health data, nutrition logs, reports, coaching insights, meal history, and scan history from our primary database
• Delete your Firebase Authentication credentials
• Residual copies in our logging infrastructure will be purged within 90 days

6.2 Health Data Permissions

You can revoke health data access (Apple HealthKit or Health Connect) at any time through your device settings. Previously synced data will remain in your Terofit account unless you delete it or your account.

6.3 Photo Permissions

You can deny camera or photo library access at any time. This will disable photo-based meal logging but all other features remain available.

6.4 Cycle Tracking

Cycle tracking is entirely optional. You can enable or disable it at any time in the App. Disabling it removes cycle-based adjustments from your recommendations.

7. Rights for European Union Residents (GDPR)

If you are located in the European Economic Area (EEA), you have the following rights under the General Data Protection Regulation (GDPR):

• Right of Access — Request a copy of the personal data we hold about you.
• Right to Rectification — Request correction of inaccurate personal data.
• Right to Erasure — Request deletion of your personal data (see Section 6.1).
• Right to Restriction of Processing — Request that we limit how we use your data.
• Right to Data Portability — Request your data in a structured, machine-readable format.
• Right to Object — Object to processing of your personal data.
• Right to Withdraw Consent — Withdraw consent at any time where processing is based on consent.

Legal Bases for Processing:

To exercise any of these rights, contact us at terofitcorp@gmail.com. We will respond within 30 days.

You also have the right to lodge a complaint with your local data protection authority.

8. Rights for California Residents (CCPA/CPRA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

• Right to Know — Request disclosure of the categories and specific pieces of personal information we have collected.
• Right to Delete — Request deletion of your personal information.
• Right to Correct — Request correction of inaccurate personal information.
• Right to Opt-Out of Sale — We do not sell your personal information.
• Right to Non-Discrimination — We will not discriminate against you for exercising your rights.

Categories of Personal Information Collected:

To exercise your rights, contact us at terofitcorp@gmail.com or use the in-app account deletion feature.

9. Health Data Compliance

Apple HealthKit

Our use of Apple HealthKit data complies with Apple's HealthKit guidelines:

• HealthKit data is not used for advertising or marketing.
• HealthKit data is not sold to third parties.
• HealthKit data is not shared with third parties for their own purposes.
• HealthKit data is used solely to provide health and fitness features within the App.

Google Health Connect

Our use of Health Connect data complies with Google's Health Connect policies. Data accessed through Health Connect is used only to provide the App's health and fitness features.

10. Children's Privacy

Terofit is intended for users 18 years of age or older. We do not knowingly collect personal information from anyone under 18. If we become aware that we have collected data from a user under 18, we will promptly delete their account and associated data. If you believe a minor has provided us with personal information, please contact us at terofitcorp@gmail.com.

11. International Data Transfers

Your data may be processed and stored in the United States or other countries where our service providers maintain facilities. If you are located in the EEA, UK, or other regions with data transfer restrictions, your data may be transferred to and processed in the United States. We ensure appropriate safeguards are in place, including reliance on standard contractual clauses where applicable.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

• Posting the updated policy in the App
• Updating the "Last Updated" date at the top of this page

Your continued use of the App after changes become effective constitutes acceptance of the updated policy.

13. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights, contact us at:

Terofit Corp
Email: terofitcorp@gmail.com