Privacy Policy

Introduction

This Privacy Policy describes how Raen Fitness ("we," "our," or "us") collects, uses, and shares your personal information when you use our mobile application (the "App"). We are committed to protecting your privacy and being transparent about our data practices.

IMPORTANT: This App is designed for fitness and wellness purposes only and is not intended to diagnose, treat, cure, or prevent any disease. Always consult with a qualified healthcare provider before starting any fitness program.

Information We Collect

1. Account Information

When you create an account, we collect:

• Email address
• Password (encrypted and securely stored)
• Profile information (name, age, gender, height, weight, fitness goals, experience level)
• Profile picture (optional - stored in Supabase Storage)

2. Health and Fitness Data

We collect health and fitness data that you provide or generate while using the App:

Workout Data:

• Exercise names, sets, repetitions, weights, and RPE (Rate of Perceived Exertion)
• Workout duration, type, and completion status
• Custom workout templates and programs you create or generate

GPS and Location Data:

• Real-time GPS coordinates during cardio workouts
• Route maps, distance, pace, and elevation data
• Location data is only collected when you actively track a cardio workout and is stored for your personal workout history

Body Composition Data:

• Weight, body fat percentage, BMI, lean body mass, waist circumference
• Progress tracking measurements over time

Apple HealthKit Data (iOS only):

• With your explicit permission, we access and sync the following data from Apple Health:
  • Workout sessions (resistance training, running, cardio)
  • Steps, heart rate, calories burned
  • VO₂ Max measurements
  • Body composition metrics (weight, body fat %, BMI, lean mass, waist, height)
• We also write workout data back to HealthKit when you complete workouts in the App
• Important: You control HealthKit permissions in iOS Settings. You can revoke access at any time, and we will immediately stop accessing this data.

3. AI-Generated Content

• Workout plans generated by AI based on your profile and preferences
• Chat conversations with the AI Coach feature
• Images you upload for AI avatar generation (profile pictures transformed into anime-style avatars)
• Images you share with the AI Coach for analysis (form checks, meal photos, etc.)

4. Technical and Usage Data

• Device type, operating system version, and app version
• Usage analytics (features used, time spent in app, crash reports) collected via PostHog
• User behavior events (sign up, login, workout start/completion, AI Coach usage, feature interactions)
• Error logs and diagnostic data for troubleshooting
• IP address and general location (city/region level) for security purposes

5. Imported Fitness Data

If you choose to import data from third-party fitness apps or files (CSV, GPX, TCX, JSON), we process and store:

• Workout history and metrics from imported files
• Data is validated and stored in our database for your workout history

How We Use Your Information

Primary Uses

1. Provide Core Services:
   • Generate personalized AI workout plans based on your profile
   • Track and log your workouts (strength training, cardio, GPS tracking)
   • Sync with Apple HealthKit (with your permission)
   • Display progress analytics and charts
   • Enable the AI Coach chat feature
2. AI Features (OpenAI Integration):
   • We send your profile information (age, goals, fitness level, equipment) to OpenAI's API to generate personalized workout plans
   • Chat messages and workout data (only if you choose to share it) are sent to OpenAI for the AI Coach feature
   • Images you upload are processed by OpenAI for avatar generation and image analysis
   • Important: OpenAI processes this data according to their own privacy policy. We do not store AI-generated responses permanently except for displaying them to you in the app.
3. Data Storage and Security (Supabase):
   • All user data is stored securely in Supabase PostgreSQL database with Row Level Security (RLS)
   • Profile pictures and uploaded images are stored in Supabase Storage
   • Authentication is handled by Supabase Auth with encrypted passwords
   • Your data is isolated - you can only access your own information
4. Improve Services:
   • Analyze anonymized usage patterns to improve app features
   • Monitor errors and crashes to fix bugs
   • Optimize performance and user experience

We DO NOT:

• Sell your personal information to third parties
• Share your health data with advertisers
• Use your data for purposes other than those described in this policy
• Access your HealthKit data without explicit permission

Third-Party Services

We use the following third-party services to operate the App:

1. OpenAI (AI Workout Generation and Chat)

• Purpose: Generate personalized workouts, provide AI coaching, create avatars
• Data Shared: Profile information, workout preferences, chat messages, uploaded images (only what you choose to share)
• Privacy Policy: https://openai.com/privacy
• Data Retention: OpenAI may retain data for up to 30 days for abuse monitoring, then deleted. We do not control OpenAI's data practices.

2. Supabase (Database and Storage)

• Purpose: Store user accounts, workout data, and uploaded images
• Data Shared: All data you create in the app (workouts, profile, body composition, etc.)
• Privacy Policy: https://supabase.com/privacy
• Data Security: Supabase uses industry-standard encryption and security measures. Data is stored in secure data centers with backup redundancy.

3. Sentry (Error Monitoring)

• Purpose: Monitor app crashes and errors to improve stability
• Data Shared: Error logs, device information, anonymized user identifiers
• Privacy Policy: https://sentry.io/privacy
• Data Use: Only for debugging and fixing technical issues

4. PostHog (Product Analytics)

• Purpose: Understand how users interact with the app to improve features and user experience
• Data Shared: User events (sign up, login, workout completion, feature usage), anonymized usage patterns, device type, app version
• Privacy Policy: https://posthog.com/privacy
• Data Use: Aggregate analytics to identify popular features, track retention, and improve app functionality
• User Control: Analytics data is anonymized and used solely to enhance your app experience. We do not track you across other apps or websites.
• Data Retention: Event data is retained for up to 7 years for long-term trend analysis

5. Apple HealthKit (iOS only)

• Purpose: Sync workout and body composition data with Apple Health
• Data Shared: Workouts, body metrics (only with your explicit permission)
• Privacy Policy: Apple's HealthKit data is governed by Apple's Privacy Policy
• Control: You manage HealthKit permissions in iOS Settings. We never access HealthKit without your permission.

Data Retention

• Account Data: Retained as long as your account is active
• Workout History: Retained indefinitely to maintain your progress tracking unless you delete specific workouts
• HealthKit Data: Synced on-demand; we do not retain HealthKit data beyond what's in our database
• GPS Routes: Stored with your cardio workouts for historical tracking
• AI Chat History: Retained in the app for conversation continuity; you can delete conversations at any time
• Profile Pictures: Stored until you upload a new one or delete your account

Your Rights and Choices

You have the following rights regarding your personal information:

1. Access and Portability

• View all your data within the App (workouts, profile, body composition)
• Export your data (contact us at support@raenfitness.com to request a data export in CSV or JSON format)

2. Correction and Updates

• Update your profile information anytime in the Settings tab
• Edit or delete individual workouts from your history

3. Deletion

• Delete your profile picture from Settings
• Delete individual workouts using swipe-to-delete
• Delete your entire account (contact us at support@raenfitness.com)
• Note: Account deletion will permanently erase all your data, including workout history, progress, and body composition records. This action cannot be undone.

4. HealthKit Control

• Manage HealthKit permissions in iOS Settings → Privacy & Security → Health → Raen Fitness
• Revoke access at any time to stop data syncing

5. Opt-Out of AI Features

• You can choose not to use AI workout generation and stick to manual workouts
• AI Coach chat is optional - you control what data you share with the coach

6. Data Minimization

• We only collect data necessary to provide the App's features
• You can skip optional fields (profile picture, body composition tracking)

Children's Privacy

The App is not intended for use by children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe we have inadvertently collected information from a child under 13, please contact us immediately, and we will delete it.

Teens (13-17): If you are between 13 and 17, please ensure you have parental or guardian consent before using the App and sharing health data.

Security Measures

We take data security seriously and implement the following measures:

• Encryption: All data transmitted between the App and our servers uses SSL/TLS encryption
• Authentication: Passwords are hashed and never stored in plain text
• Row Level Security (RLS): Database policies ensure users can only access their own data
• Access Controls: Limited personnel have access to production data, only for support and debugging
• Regular Audits: We monitor for security vulnerabilities and apply updates promptly

However, no system is 100% secure. While we strive to protect your data, we cannot guarantee absolute security. Use strong passwords and protect your device.

International Users

Our services are hosted on servers located in the United States and Europe (via Supabase). If you are accessing the App from outside these regions, your data will be transferred to and stored in these locations. By using the App, you consent to this transfer.

European Union Users: We comply with GDPR principles. You have additional rights including data portability, restriction of processing, and the right to lodge a complaint with your local supervisory authority.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of significant changes by:

• Displaying a notice in the App
• Updating the "Last Updated" date at the top of this policy

Your continued use of the App after changes are posted constitutes acceptance of the updated policy.

Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us:

Email: support@raenfitness.com
Response Time: We aim to respond within 5 business days

For data deletion requests, account issues, or privacy concerns, please include:

• Your registered email address
• A clear description of your request
• Any relevant details to help us locate your account

Apple App Store Privacy Disclosures

As required by Apple, we disclose the following:

Data Used to Track You: None. We do not track you across apps or websites.

Data Linked to You:

• Health & Fitness: Workouts, GPS routes, body composition
• Contact Info: Email address
• User Content: Workout logs, chat messages, uploaded images
• Identifiers: User ID (for linking your data and analytics)
• Usage Data: Product analytics and feature interactions (via PostHog)

Data Not Linked to You:

• Diagnostics: Crash logs and error reports (anonymized via Sentry)

Consent

By creating an account and using the App, you acknowledge that you have read and understood this Privacy Policy and agree to the collection, use, and sharing of your information as described herein.