Privacy Policy

1. Information We Collect

1.1 Personal Data You Provide

When you use Body Journey, you may provide:

• Progress Photos: Front, side, and back view photos you capture using the in-app camera or import from your device. These photos are stored locally on your device and are never processed by AI systems.
• Food Photos: Optional photos of meals that you choose to analyze for nutrition information using AI. Only food photos you explicitly request to analyze are sent to AI services for nutritional data extraction.
• Weight Data: Weight measurements in your preferred unit (kg or lbs) with optional notes
• Workout Information: Custom workout routines, exercises, sets, reps, workout session data, and heart rate monitoring during workouts (if enabled)
• Health Data: If you choose to enable Health app integration, the following data types may be synced with Apple HealthKit (iOS) or Health Connect (Android):
  • Weight measurements (read & write): Bidirectional sync keeps your weight up-to-date everywhere
  • Exercise/workout sessions (write only): Body Journey exports your workouts to Health - we no longer import workouts to prevent duplicates
  • Heart rate data (write only): Heart rate captured during workouts is exported to Health
  • Nutrition data (write only): Meals you log are exported to Health
  • Active calories burned (read only): For display purposes and future features

  Note: We've improved our Health integration to prevent duplicate workout entries. Body Journey now only reads weight data from your Health app and writes workout, nutrition, and heart rate data to it. This ensures your Apple Watch/Android Wear workouts appear once with complete details, not duplicated with incomplete data.

• Dates and Timestamps: When photos are taken, weight is logged, or workouts are completed
• Categories and Notes: Optional information you add to organize your data

1.2 Automatically Collected Information

Based on your consent level, we may collect:

• Device Information: Device type, operating system version (only with consent)
• Usage Analytics: App crashes, performance metrics, and feature usage (via Firebase Analytics - only if you select "Essential", "Performance", or "Full Analytics" consent level)
• Crash Reports: Automatic crash data via Firebase Crashlytics (only if you select "Essential", "Performance", or "Full Analytics" consent level)
• App Tracking: On iOS, cross-app tracking is only enabled if you grant permission through App Tracking Transparency and enable it in privacy settings

2. How We Use Your Information

Your data is used to:

• Display your progress photos (front, side, back views) in organized timelines - stored locally only, never processed by AI
• Analyze food photos for nutrition information using AI - only when you explicitly request analysis
• Show weight trends in interactive charts and graphs
• Track workout sessions and display workout frequency analytics
• Monitor heart rate during workouts using device sensors (if enabled) - data stays on device or syncs with Health apps only
• Generate progress videos and slideshows from your photos
• Provide statistics and motivational insights about your fitness journey
• Send workout and photo reminders via local notifications (if enabled)
• Sync with Apple HealthKit or Health Connect (if you grant permission) - includes weight, workouts, heart rate, nutrition, and active calories
• Improve app performance and fix bugs (based on your analytics consent level)
• Secure your data with biometric authentication (Face ID, Touch ID, fingerprint) if enabled

3. Data Storage and Security

3.1 Local Storage

All your photos, weight data, and workout information are stored locally on your device using Hive encrypted database. We use Flutter Secure Storage and industry-standard encryption to protect your sensitive information. Your data remains on your device and is never uploaded to our servers.

3.2 Biometric Authentication

If you enable biometric authentication (Face ID, Touch ID, or fingerprint), this data is handled entirely by your device's operating system and secure enclave. Biometric data never leaves your device and is never transmitted to our servers or any third party.

3.3 Strava Integration (Optional)

If you choose to connect your Strava account and enable auto-sync:

• What is synced: Workout data is uploaded to Strava in FIT (Flexible and Interoperable Data Transfer) format, which includes:
  • Workout name, start/end time, and duration
  • Activity type (e.g., "Run", "Ride", "Workout", "Training")
  • Heart rate data (if recorded during your workout via device sensors or wearables)
  • Calorie data (active calories and total calories burned)
  • Workout summary statistics (average heart rate, max heart rate, if available)
• What is NOT synced: Progress photos, body weight data, nutrition/food data, and detailed exercise information (specific exercises, sets, reps, weights) are NEVER shared with Strava. Only workout session data that enhances your Strava activity feed is synced.
• FIT File Format: Body Journey uses the industry-standard FIT file format (same format used by Garmin, Apple Watch, and other fitness devices) to upload rich workout data to Strava. This provides you with detailed heart rate zones, calorie tracking, and performance charts directly in Strava.
• Authentication: Connection uses OAuth 2.0 for secure authorization. You explicitly authorize access via Strava's official authorization flow.
• User control: Strava sync is completely optional. You can disconnect at any time from Settings → Strava. Only workouts started in Body Journey after connection are synced (not imported workouts from Health apps). You maintain full control over which workouts are shared.
• Privacy Policy: Data shared with Strava is subject to Strava's Privacy Policy: strava.com/legal/privacy

3.4 Health Data Integration

If you enable Health app integration:

• iOS (Apple HealthKit): Data is synced with Apple HealthKit using Apple's secure health data framework. Synced data types include:
  • Body weight (read & write): Bidirectional sync
  • Workout sessions (write only): Your workouts export to HealthKit with names, duration, and calories
  • Heart rate samples (write only): Heart rate captured during workouts exports to HealthKit
  • Nutrition data (write only): Meals including calories, protein, carbs, and fats export to HealthKit
  • Active energy burned (read only): For future features
• Android (Health Connect): Data is synced with Health Connect using Google's secure health data APIs. Synced data types include:
  • Body weight (read & write): Bidirectional sync
  • Exercise sessions (write only): Your workouts export to Health Connect with names, duration, and distance
  • Heart rate data (write only): Heart rate captured during workouts exports to Health Connect
  • Nutrition data (write only): Meals and macronutrients export to Health Connect
  • Active calories burned (read only): For future features

Health data permissions are requested separately and you have granular control over each data type. You can enable or disable sync for weight, workouts, heart rate, and nutrition independently. This data is governed by Apple's HealthKit privacy policy or Google's Health Connect privacy policy.

4. Data Sharing and Disclosure

We do not sell, rent, or share your personal data with third parties, except:

• With Your Consent: When you choose to export and share content
• Service Providers: Firebase (Google) for analytics and crash reporting
• Legal Requirements: If required by law or to protect our rights

5. Privacy Consent Levels

Body Journey implements granular privacy controls with four consent levels:

• No Analytics: No data collection or analytics. All features work locally on your device.
• Essential Only: Only crash reports for app stability via Firebase Crashlytics. No usage analytics.
• Performance: Crash reports + usage patterns to improve app performance via Firebase Analytics.
• Full Analytics: Complete analytics including crash reports, usage patterns, and personalization data to enhance user experience.

You can change your privacy consent level at any time in Settings > Privacy & Data. On first launch, you'll be prompted to choose your preferred level. GDPR and CCPA rights are fully supported.

6. Third-Party Services

Body Journey uses the following third-party services (based on your consent and feature enablement):

• Firebase Analytics: To understand app usage and improve performance (only with Performance or Full Analytics consent)
• Firebase Crashlytics: To detect and fix crashes (only with Essential, Performance, or Full Analytics consent)
• Firebase AI (Gemini): For food photo nutrition analysis only when you explicitly request it. Progress/body photos are NEVER sent to AI services. Only food photos you choose to analyze are processed for nutritional information extraction.
• Apple HealthKit: For optional health data sync (iOS only, requires explicit permission). Syncs weight, workouts, heart rate, nutrition, and active calories.
• Health Connect: For optional health data sync (Android only, requires explicit permission). Syncs weight, exercise, heart rate, nutrition, and active calories.
• Strava: For optional workout sync (requires explicit OAuth authorization). Uploads workout data in FIT file format including name, time, duration, activity type, heart rate samples (if recorded), and calorie data when you connect your account and enable auto-sync. Progress photos, weight, nutrition, and detailed exercise information (specific exercises, sets, reps, weights) are NEVER shared with Strava.
• App Tracking Transparency (iOS): For cross-app tracking (only if you grant iOS tracking permission and enable in settings)

These services have their own privacy policies. We encourage you to review them:

• Firebase Privacy Policy: firebase.google.com/support/privacy
• Apple Privacy Policy: apple.com/privacy
• Strava Privacy Policy: strava.com/legal/privacy

7. Your Rights and Choices

You have complete control over your data with the following rights:

• Access Your Data: View all photos, weight entries, and workout data stored in the app
• Delete Your Data: Delete individual photos, weight entries, workout sessions, or all data from within the app
• Export Your Data: Export your progress as videos, slideshows, or share individual photos and statistics
• Manage Privacy Consent: Change your analytics level (No Analytics, Essential, Performance, or Full) at any time in Settings > Privacy & Data
• Reset Consent: Reset all privacy settings to go through the data protection setup again
• Revoke All Consent: Disable all data collection and analytics with one tap
• Manage Health Sync: Enable or disable HealthKit/Health Connect integration independently
• Manage Strava Connection: Connect or disconnect Strava account and control auto-sync settings
• Control App Tracking (iOS): Manage cross-app tracking consent in privacy settings
• Disable Notifications: Turn off workout and photo reminders in app settings or device settings
• Enable Biometric Lock: Add Face ID, Touch ID, or fingerprint protection to secure the app

8. Children's Privacy

Body Journey is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe we have collected such information, please contact us to have it removed.

9. International Data Transfers

Your data is primarily stored on your device. If you enable analytics, data may be processed by Firebase (Google) servers in accordance with Firebase's data processing locations. These transfers are protected by appropriate safeguards including encryption and compliance with GDPR, CCPA, and other data protection regulations.

10. Data Retention

We retain your data according to the following policies:

• Local Data: Photos, weight entries, and workout data are retained on your device until you manually delete them
• Analytics Data: Firebase Analytics retains data for 14 months, after which it is automatically deleted
• Crash Reports: Firebase Crashlytics retains crash data for 90 days

You can delete all your data at any time from Settings within the app. Deleting the app will remove all local data from your device.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. We will notify you of any material changes by:

• Posting the new Privacy Policy on this website and in the app
• Updating the "Last Updated" date at the top of this policy
• Requesting renewed consent if required by applicable law (e.g., GDPR, CCPA)

Your continued use of the app after changes constitutes acceptance of the updated policy. If you do not agree with changes, you can revoke consent in Settings > Privacy & Data or delete the app.

12. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us at:

13. Additional Information for California Residents (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

• Right to Know: Request what personal information we collect, use, disclose, and sell
• Right to Delete: Request deletion of your personal information (available in app settings)
• Right to Opt-Out: We do not sell your personal information, but you can opt out of analytics at any time
• Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights
• Right to Correct: Request correction of inaccurate personal information
• Right to Limit: Limit the use of sensitive personal information (managed via consent levels in the app)

Categories of Personal Information Collected:

• Visual information (progress photos and food photos)
• Physical characteristics (weight data, heart rate during workouts)
• Activity information (workout sessions, exercise data)
• Health information (nutrition data, calories, if you enable health sync)
• Device identifiers (for analytics, only with consent)
• Usage data (for analytics, only with consent)

Categories of Personal Information NOT Collected:

• Location data - we do NOT collect or track your location
• Audio data - we do NOT record audio (camera microphone permission is required by iOS but not used)
• Biometric identifiers - biometric auth (Face ID/fingerprint) stays on your device only
• Contact information beyond email (only if you sign in for AI features)

We do not sell or share your personal information for cross-context behavioral advertising.

14. Additional Information for European Users (GDPR)

If you are in the European Economic Area (EEA), United Kingdom, or Switzerland, you have rights under the General Data Protection Regulation (GDPR):

• Right to Access: Request a copy of your personal data (export feature in app)
• Right to Rectification: Correct inaccurate data (edit features in app)
• Right to Erasure: Delete your data ("right to be forgotten" - available in app settings)
• Right to Restrict Processing: Limit how we process your data (consent levels)
• Right to Data Portability: Receive your data in a structured format (export feature)
• Right to Object: Object to processing (revoke consent in settings)
• Right to Withdraw Consent: Withdraw consent at any time without affecting prior processing
• Right to Lodge a Complaint: File a complaint with your local data protection authority

Legal Basis for Processing:

• Consent: Analytics and crash reporting (GDPR Article 6(1)(a))
• Contract Performance: Core app functionality to provide fitness tracking services (GDPR Article 6(1)(b))
• Legitimate Interest: App security and fraud prevention (GDPR Article 6(1)(f))

To exercise these rights, please contact us using the information provided above or manage settings directly in the app.

15. Security Measures

We implement industry-standard security measures to protect your data:

• Encryption at Rest: All local data is stored in encrypted Hive databases using Flutter Secure Storage
• Encryption in Transit: Firebase communications use TLS/SSL encryption. Food photo AI analysis uses secure HTTPS connections.
• Biometric Protection: Optional Face ID, Touch ID, or fingerprint authentication to lock the app
• Secure Enclave: Biometric data is processed in your device's secure enclave and never leaves your device
• No Server Storage: We do not operate servers that store your photos, weight data, or workout information. Only temporary food photo analysis via Firebase AI (photos not stored).
• Permission-Based Access: Camera, photo library, health data, body sensors (heart rate), and calendar access require explicit user permission. Microphone permission is declared for iOS camera functionality but audio is never recorded.
• Local-First Architecture: Progress photos, weight data, and workout information stay on your device. Only food photos you choose to analyze are temporarily sent for AI processing.

While we implement strong security measures, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security but are committed to protecting your data using industry best practices.