Privacy Policy

Relffits · Effective June 6, 2026

Relffits ("we", "us", "the app") is a nutrition tracking and fitness application. Your privacy matters to us. This policy explains what data we collect, how we use it, who has access, and your rights.

1. Data We Collect

Category	Examples	Purpose
Account	Name, email, user ID, profile photo	Authentication, personalization
Health & Fitness	Age, sex, weight, height, activity level, body goals	Calorie/macro calculations
Meal Logs	Food descriptions, calories, macros, timestamps, satiation scores, favorites	Nutrition tracking, AI analysis, on-device awareness insights
Meal Photos On-device	Photos you attach to a meal log	Visual reference inside the app; cached locally in encrypted IndexedDB
Daily Note & Monthly Check-In	Mood selection, short text notes, monthly reflection prompt answers	Personal context shown only to you; encrypted with your profile
Apple Health iOS only	Step count, distance (read); calories, protein, carbs, fat, fiber, water (write)	Dashboard display, Health app sync

We do not collect device identifiers, IP addresses, browsing history, contacts, location data, or any data for advertising or tracking purposes.

2. AI-Powered Analysis (Google Gemini)

Relffits offers optional AI-powered nutritional analysis using Google's Gemini API. This feature requires your explicit opt-in consent.

What is shared with Google Gemini

Meal descriptions and food photos you submit for analysis
Restaurant menu photos when you trigger a Menu Scan
Your daily calorie and macro targets (for meal suggestions)
Dietary preferences you set (for suggestion filtering)

What is NOT shared with Google Gemini

Your name, email, or account credentials
Your weight, height, age, or body metrics
Your Apple Health data
Your historical meal logs

Photo processing: Meal and menu photos are sent to Google Gemini for real-time analysis and are not permanently stored by Google or Relffits servers. Photos you save to a meal log remain on your device only, cached locally in an encrypted IndexedDB store.

Daily limit: AI use is capped at 20 analyses per day per account (meal logs, adjustments, suggestion refreshes, and restaurant menu scans all count). When you hit the cap, meal logging falls back to manual entry until midnight.

Google processes this data under their Cloud Data Processing Addendum. API data is not used to train Google models. You can disable AI analysis at any time in Settings without losing access to other app features.

3. On-Device Intelligence (Awareness Engine & Pattern Analysis)

Relffits includes an on-device awareness engine that analyzes your meal history to generate personalized nutritional insights, a Food Awareness Score, and contextual decision-moment hints. It also includes a pattern analysis engine that detects behavioral trends in your eating habits, an optional Daily Note (mood log), and a Monthly Check-In reflection sheet.

How this works

All processing happens on your device. Your meal history is analyzed locally using client-side JavaScript. No meal data is sent to any server for this purpose.
Data used: Your last 14 days of meal logs (descriptions, calories, protein, fiber, carbs, fat, satiation scores, timestamps) are loaded from local storage and, if needed, decrypted from your cloud backup.
What is generated: Micro-insights on each meal, post-meal teaching nudges, decision-moment hints when logging, a 0–100 awareness score, and a single “one thing to try” recommendation tailored to your weakest factor.
Daily Note & mood log: Mood selections and short notes never leave the device; encrypted with the rest of your profile.
Monthly Check-In: Reflection-sheet answers are stored locally and encrypted; not shared with AI or any third party.
No new data leaves your device. Insights and scores are computed in real time and are not stored in the cloud or shared with any third party.

These features do not use Google Gemini or any external AI service. They rely entirely on published nutritional science (USDA FoodData Central, Holt Satiety Index, AHA guidelines, FDA Dietary Guidelines) applied to your own data on your own device.

4. Data Storage & Encryption

All sensitive health and nutrition data is encrypted on your device before being stored in the cloud.

How encryption works

Algorithm: AES-256-GCM with PBKDF2 key derivation (250,000 iterations)
Key source: Derived from your password (or data passphrase for social sign-in)
Where encryption happens: Entirely on your device using the Web Crypto API
What this means: Even if our cloud database were breached, your data would remain unreadable without your password

Cloud storage is provided by Google Firebase (Firestore + Authentication), hosted in the United States. Firebase complies with SOC 1/2/3, ISO 27001, and GDPR.

5. Apple HealthKit

On iOS, Relffits can integrate with Apple Health with your permission:

Read: Daily step count and distance (displayed on your dashboard)
Write: Calories, protein, carbs, fat, fiber, and water intake from your meal logs

Active-calorie / exercise tracking is manual entry by default. If you'd rather not see step or distance counts, you can revoke HealthKit access in iOS Settings at any time.

HealthKit data stays on your device and in Apple's ecosystem. We never upload HealthKit data to our servers or share it with any third party, including Google Gemini. HealthKit data is not used for advertising or marketing.

6. Third-Party Services

Service	Purpose	Data Accessed
Google Firebase	Authentication, encrypted data storage	Email, encrypted profile & meal data
Google Gemini API	AI nutritional analysis Opt-in	Meal descriptions, photos, targets
Apple HealthKit	Health app sync iOS / Opt-in	Steps (read), nutrition (write)
Apple / Google Sign-In	Authentication	Email, name (from identity provider)

We do not sell, rent, or share your personal data with advertisers, data brokers, or any parties not listed above.

7. Data Retention & Deletion

Your data is retained as long as your account is active. You can delete your account at any time from Settings > Delete Account. Account deletion permanently removes:

Your user profile and all personal information
All meal logs and daily progress history
Your Firebase Authentication account
All locally stored data on the device

All data is deleted immediately upon account deletion. Any cached or backup copies in Firebase infrastructure are purged within 30 days.

Data written to Apple Health remains under Apple's control and must be managed through the Health app.

8. Your Rights

Depending on your jurisdiction (including GDPR, CCPA, and similar laws), you have the right to:

Access your personal data
Correct inaccurate data (via Settings)
Delete your data and account (via Settings)
Withdraw consent for AI analysis at any time (via Settings)
Data portability: request a copy of your data
Object to processing: contact us to exercise this right

California residents (CCPA): We do not sell personal information. We do not use personal information for cross-context behavioral advertising.

9. Children's Privacy

Relffits is not intended for children under 13 (or 16 in the EU). We do not knowingly collect data from children. If you believe a child has provided us with personal data, please contact us for deletion.

10. Security

We employ industry-standard security measures including:

Client-side AES-256-GCM encryption for all health and meal data
PBKDF2 key derivation with 250,000 iterations
HTTPS / TLS for all network communications
Firebase security rules restricting access to authenticated users
Firebase App Check via reCAPTCHA Enterprise to verify requests originate from the genuine app
Per-user rate limiting on AI and backend endpoints
App Attest entitlement on iOS for hardware-backed app integrity
Meal photos cached locally in the device's encrypted IndexedDB store — never uploaded to our servers
No plaintext health data stored in the cloud

11. Changes to This Policy

We may update this policy to reflect changes in our practices or legal requirements. Material changes will be communicated through the app. Continued use after updates constitutes acceptance of the revised policy.

Your use of Relffits is also governed by our Terms of Service.

12. Contact

For privacy inquiries, data requests, or questions about this policy:

Email: support@relffits.com

App: Settings > Privacy Policy