FitBuddy AI Privacy Policy
Effective date: April 24, 2026 Last updated: April 25, 2026
FitBuddy AI (“the App”, “we”, “us”) is built by an individual developer, Roman Proskuryakov (“the Developer”). We take your privacy seriously. This policy describes what data the App handles, how it’s used and who it’s shared with.
1. What data is processed
1.1 On-device only (never leaves your device)
- Profile: age, sex, height, weight, calorie/macro goals, activity level.
- Food diary: meal entries (name, calories/macros, time, photo).
- Workouts: type, duration, perceived effort, calorie estimate.
- Weight & measurements: weigh-in history.
- Steps & activity: daily values (if Apple Health access is granted).
- AI coach chat history: your messages and the AI’s replies.
- App settings: chosen AI provider, region, language, integration tokens.
All this is stored locally in SwiftData and UserDefaults. It is NOT uploaded to any servers we control.
1.2 Apple Health (optional)
With your permission the App reads from Apple Health: steps, active calories, basal metabolic rate (BMR), weight. It writes new weight values to Apple Health when you enter them. You can revoke access any time in iOS Settings → Health → Data Access & Devices.
1.3 Sharing with third parties — AI providers
Only if you explicitly enable AI features (the consent toggle on first launch or in Settings):
- Anthropic Claude (claude-3-7-sonnet, claude-sonnet-4-5) — policy
- OpenAI GPT (gpt-4o, gpt-4o-mini) — policy
- Google Gemini (gemini-2.5-flash, gemini-2.5-pro and others) — policy
- GigaChat (Sber) — policy
- YandexGPT — policy
When you make a request we send the chosen provider: your text query, the meal photo (for recognition), and a brief context (current goals, recent meals) — without your name, email or device identifier. According to the providers’ published terms, API-call data is not used to train models by default (Anthropic, OpenAI, Google).
1.4 FatSecret (optional)
If you connect a FatSecret account via OAuth, the App gains access to product search and your FatSecret food diary. The OAuth token is stored locally. Powered by FatSecret®. FatSecret privacy policy.
1.5 Whoop (optional)
If you connect a Whoop account via OAuth 2.0, the App reads steps and activity data. The OAuth token is stored locally. Whoop privacy policy.
1.6 Apple StoreKit
When you buy a subscription, Apple processes the payment. We do NOT receive your card data. We only receive subscription status (active / inactive) from Apple.
2. What we do NOT collect
- No advertising identifiers (IDFA).
- No third-party trackers (Firebase Analytics, Facebook SDK, AppsFlyer, etc.).
- We don’t sell your data.
- We don’t show ads.
- We don’t run servers that store your content.
3. Data security
- On-device data is protected by standard iOS Data Protection APIs.
- OAuth tokens are stored in UserDefaults (a future version is planned to migrate them to Keychain).
- Connections to AI providers and to FatSecret/Whoop go over HTTPS (TLS 1.2+).
4. Deleting your data
You can at any time:
- Delete individual entries (meals, workouts, measurements) from inside the App.
- Wipe everything via Settings → Danger Zone → Delete all data. This removes SwiftData, meal photos, OAuth tokens and settings. Apple Health is untouched.
- Uninstall the App — this removes all local data.
5. Children
The App is not directed at children under 13. We do not knowingly collect data from children.
6. Changes to this policy
We may update this policy. Material changes will be reflected in the App and on this page.
7. Contact
Privacy questions: theromansvision@gmail.com