Privacy Policy

Relffits · Effective April 9, 2026

Relffits ("we", "us", "the app") is a nutrition tracking and fitness application. Your privacy matters to us. This policy explains what data we collect, how we use it, who has access, and your rights.

1. Data We Collect

Category	Examples	Purpose
Account	Name, email, user ID, profile photo	Authentication, personalization
Health & Fitness	Age, sex, weight, height, activity level, body goals	Calorie/macro calculations
Meal Logs	Food descriptions, photos, calories, macros, timestamps, satiation scores	Nutrition tracking, AI analysis, on-device awareness insights
Apple Health iOS only	Step count (read), nutrition/water (write)	Dashboard display, Health app sync

We do not collect device identifiers, IP addresses, browsing history, contacts, location data, or any data for advertising or tracking purposes.

2. AI-Powered Analysis (Google Gemini)

Relffits offers optional AI-powered nutritional analysis using Google's Gemini API. This feature requires your explicit opt-in consent.

What is shared with Google Gemini

Meal descriptions and food photos you submit for analysis
Your daily calorie and macro targets (for meal suggestions)

What is NOT shared with Google Gemini

Your name, email, or account credentials
Your weight, height, age, or body metrics
Your Apple Health data
Your historical meal logs

Photo processing: Meal photos are sent to Google Gemini for real-time analysis and are not permanently stored by Google or Relffits servers. Photos remain on your device only.

Google processes this data under their Cloud Data Processing Addendum. API data is not used to train Google models. You can disable AI analysis at any time in Settings without losing access to other app features.

3. On-Device Intelligence (Awareness Engine & Pattern Analysis)

Relffits includes an on-device awareness engine that analyzes your meal history to generate personalized nutritional insights, a Food Awareness Score, and contextual decision-moment hints. It also includes a pattern analysis engine that detects behavioral trends in your eating habits.

How this works

All processing happens on your device. Your meal history is analyzed locally using client-side JavaScript. No meal data is sent to any server for this purpose.
Data used: Your last 14 days of meal logs (descriptions, calories, protein, fiber, carbs, fat, satiation scores, timestamps) are loaded from local storage and, if needed, decrypted from your cloud backup.
What is generated: Micro-insights on each meal, post-meal teaching nudges, decision-moment hints when logging, a 0–100 awareness score based on protein consistency, fiber adequacy, satiation trends, and dietary variety.
No new data leaves your device. Insights and scores are computed in real time and are not stored in the cloud or shared with any third party.

This feature does not use Google Gemini or any external AI service. It relies entirely on published nutritional science (USDA FoodData Central, Holt Satiety Index, AHA guidelines, FDA Dietary Guidelines) applied to your own data on your own device.

4. Data Storage & Encryption

All sensitive health and nutrition data is encrypted on your device before being stored in the cloud.

How encryption works

Algorithm: AES-256-GCM with PBKDF2 key derivation (250,000 iterations)
Key source: Derived from your password (or data passphrase for social sign-in)
Where encryption happens: Entirely on your device using the Web Crypto API
What this means: Even if our cloud database were breached, your data would remain unreadable without your password

Cloud storage is provided by Google Firebase (Firestore + Authentication), hosted in the United States. Firebase complies with SOC 1/2/3, ISO 27001, and GDPR.

5. Apple HealthKit

On iOS, Relffits can integrate with Apple Health with your permission:

Read: Daily step count (displayed on your dashboard)
Write: Calories, protein, carbs, fat, fiber, and water intake from your meal logs

HealthKit data stays on your device and in Apple's ecosystem. We never upload HealthKit data to our servers or share it with any third party, including Google Gemini. HealthKit data is not used for advertising or marketing.

6. Third-Party Services

Service	Purpose	Data Accessed
Google Firebase	Authentication, encrypted data storage	Email, encrypted profile & meal data
Google Gemini API	AI nutritional analysis Opt-in	Meal descriptions, photos, targets
Apple HealthKit	Health app sync iOS / Opt-in	Steps (read), nutrition (write)
Apple / Google Sign-In	Authentication	Email, name (from identity provider)

We do not sell, rent, or share your personal data with advertisers, data brokers, or any parties not listed above.

7. Data Retention & Deletion

Your data is retained as long as your account is active. You can delete your account at any time from Settings > Delete Account. Account deletion permanently removes:

Your user profile and all personal information
All meal logs and daily progress history
Your Firebase Authentication account
All locally stored data on the device

All data is deleted immediately upon account deletion. Any cached or backup copies in Firebase infrastructure are purged within 30 days.

Data written to Apple Health remains under Apple's control and must be managed through the Health app.

8. Your Rights

Depending on your jurisdiction (including GDPR, CCPA, and similar laws), you have the right to:

Access your personal data
Correct inaccurate data (via Settings)
Delete your data and account (via Settings)
Withdraw consent for AI analysis at any time (via Settings)
Data portability: request a copy of your data
Object to processing: contact us to exercise this right

California residents (CCPA): We do not sell personal information. We do not use personal information for cross-context behavioral advertising.

9. Children's Privacy

Relffits is not intended for children under 13 (or 16 in the EU). We do not knowingly collect data from children. If you believe a child has provided us with personal data, please contact us for deletion.

10. Security

We employ industry-standard security measures including:

Client-side AES-256-GCM encryption for all health data
PBKDF2 key derivation with 250,000 iterations
HTTPS for all network communications
Firebase security rules restricting access to authenticated users
No plaintext health data stored in the cloud

11. Changes to This Policy

We may update this policy to reflect changes in our practices or legal requirements. Material changes will be communicated through the app. Continued use after updates constitutes acceptance of the revised policy.

Your use of Relffits is also governed by our Terms of Service.

12. Contact

For privacy inquiries, data requests, or questions about this policy:

Email: support@relffits.com

App: Settings > Privacy Policy