Privacy Policy

This Privacy Policy explains how Athlor ("Athlor," "we," "us," or "our") collects, uses, shares, and protects information when you use the Athlor mobile application and related services (the "App" or "Service").

Athlor is a fitness, nutrition, progress tracking, subscription, rewarded-ad, and AI-assisted coaching app. Because the App can process health, fitness, nutrition, biometric, photos, chat, subscription, device, diagnostics, and advertising-related data, please read this Policy carefully.

By using the App, you acknowledge this Privacy Policy. If you do not agree with it, please do not use the App.

1. Information We Collect

We collect information that you provide directly, information generated by your use of the App, and information processed through trusted service providers that help us operate the App.

1.1 Account and Profile Information

• Name or username
• Email address
• Firebase Authentication user ID
• Google Sign-In account identifiers when you choose Google Sign-In
• Email verification status
• Profile photo URL if you add one
• Birth date or age information
• Language, unit, theme, notification, and app settings
• Account creation and last sign-in timestamps

1.2 Health, Fitness, Nutrition, and Biometric Information

Athlor asks for health-related and fitness-related information so it can provide its core features. This may include:

• Height, weight, neck, abdomen, hip, and other body measurements
• Gender, age, daily activity level, experience level, equipment, workout days, and fitness goals
• Weight target and goal progress
• Calculated values such as BMI, BMR, TDEE, body fat percentage, calorie targets, and macronutrient targets
• Workout plans, workout calendar entries, exercise logs, performance history, personal records, custom exercises, and live exercise data
• Nutrition plans, meal logs, food entries, custom foods, barcode or food database search results, and calorie/macronutrient tracking
• Progress analysis inputs and AI-generated progress reports

Athlor is not a medical device and does not provide medical advice, diagnosis, treatment, cure, or prevention of any disease or medical condition.

1.3 AI, Chat, Photos, and User Content

When you use AI features, we may process:

• Text prompts and chat messages
• Chat history and AI-generated responses
• Context you choose to provide to the AI assistant, such as workout, nutrition, progress, or profile data
• Meal photos or gallery images you submit for AI meal recognition
• Images attached to support or feedback requests
• Feedback titles, issue descriptions, admin replies, and feedback status

Meal photos submitted for AI recognition are sent to our backend and Google Cloud Vertex AI / Gemini for analysis. We do not intentionally use your personal images or prompts to train public foundation models. Google Cloud's Vertex AI terms restrict use of customer data for model training without customer permission or instruction.

1.4 Device, Usage, Diagnostics, and Security Information

• Device model, operating system, app version, package/bundle identifier, and technical app configuration
• Firebase installation identifiers, App Check tokens, authentication tokens, and server logs
• IP address and request metadata processed by Firebase, Google Cloud, and other infrastructure providers
• Firebase Analytics events, app usage information, feature usage, and performance data
• Firebase Crashlytics crash reports and diagnostics
• Firebase Performance Monitoring data
• Firebase Cloud Messaging token for push notifications
• A hashed or derived device fingerprint used for trial eligibility, fraud prevention, and subscription abuse prevention

1.5 Payments, Subscriptions, Trials, and Rewarded Ads

• Subscription product ID, platform, status, expiration date, renewal/cancellation state, and entitlement information
• Google Play purchase token, order ID, real-time developer notification metadata, and obfuscated account identifiers
• Apple App Store purchase and subscription metadata when available through the platform purchase flow
• Trial eligibility information, including hashed device identifiers and normalized email records used to prevent repeated trial abuse
• Rewarded AI ad session IDs, rewarded ad transaction IDs, reward credits, daily rewarded-ad counters, and related fraud-prevention data

We do not collect, process, or store full credit card numbers. Payments are handled by Apple App Store or Google Play.

1.6 Advertising and Consent Data

Athlor may use Google Mobile Ads / AdMob rewarded ads, currently for Android rewarded AI access. Google Mobile Ads may process device identifiers, advertising identifiers, IP address, app interaction data, and other data needed for ad serving, frequency capping, measurement, fraud prevention, and compliance. Where required, we will request consent for ads, analytics, cookies, local storage, or similar identifiers.

2. App Permissions

Depending on your device, platform, and feature use, the App may request:

• Internet access: to sync data, authenticate accounts, call Cloud Functions, process AI requests, validate subscriptions, load ads, and use food database services.
• Camera: to take meal photos, scan barcodes, or attach images to feedback.
• Photos / gallery: to select meal photos or feedback screenshots from your device.
• Notifications: to send workout reminders, meal reminders, weekly summaries, AI motivation, subscription notices, and server push notifications.
• Exact alarms / scheduled notifications: to deliver local reminders at the times you choose.
• Store billing: to offer in-app subscriptions through Google Play or Apple App Store.

You can manage operating-system permissions in your device settings. Some features may not work without the relevant permission.

3. How We Use Information

• Create, authenticate, secure, and manage your account
• Provide workout planning, exercise tracking, nutrition tracking, progress tracking, and AI features
• Generate personalized workout, nutrition, chat, meal recognition, and progress outputs
• Save and sync your plans, logs, settings, custom foods, custom exercises, and feedback
• Calculate health and fitness metrics such as calorie targets, macros, BMR, TDEE, BMI, and body fat estimates
• Process subscriptions, restore purchases, manage trial eligibility, and grant premium or rewarded-ad AI access
• Send local notifications and push notifications you enable or expect from the Service
• Analyze app performance, diagnose crashes, fix bugs, secure the App, prevent abuse, and improve features
• Provide customer support and respond to feedback
• Comply with legal obligations and app store requirements

We do not sell your personal information. We do not use your health, fitness, nutrition, biometric, meal-photo, or chat data for third-party advertising.

4. AI and Nutrition Processing

Athlor uses AI to assist with workout planning, nutrition planning, meal recognition, progress analysis, and chat responses. AI outputs can be inaccurate, incomplete, or unsafe if followed without judgment. You are responsible for reviewing AI-generated content before relying on it.

Meal recognition and nutrition results may combine AI estimates with food database information, including data obtained through FatSecret Platform API. Nutrition values, portion sizes, and food matches are estimates and should be verified by you.

5. Third-Party Services

We use trusted third-party providers to operate the App. These providers may process data under their own privacy policies and contractual terms.

• Google Firebase: Authentication, Firestore database, Cloud Storage, Cloud Functions, App Check, Cloud Messaging, Analytics, Crashlytics, and Performance Monitoring. Firebase Privacy and Security
• Google Cloud Platform / Vertex AI / Gemini: AI chat, AI workout and nutrition features, image-based meal recognition, and progress analysis. Vertex AI documentation
• Google Sign-In: Optional account login and authentication. Google Privacy Policy
• Google Mobile Ads / AdMob: Rewarded ads, ad delivery, measurement, fraud prevention, and consent-related ad operations. Google technologies and ads
• Google Play: Android in-app purchases, subscriptions, trials, purchase validation, and billing notices.
• Apple App Store: iOS in-app purchases, subscriptions, purchase validation, and billing notices. Apple Privacy Policy
• FatSecret Platform API: Food search, nutrition database lookup, barcode/food matching, and nutrition data retrieval. FatSecret Privacy Policy

6. Sharing and Disclosure

• With service providers listed above
• With Apple and Google for billing, subscription validation, store compliance, and platform services
• With Google Mobile Ads / AdMob for rewarded ad delivery, measurement, fraud prevention, and legal compliance
• With FatSecret for food and nutrition lookup requests
• With law enforcement, regulators, courts, or other parties when required by law or necessary to protect rights, safety, and security
• In connection with a merger, acquisition, financing, restructuring, or sale of assets, subject to appropriate confidentiality protections

We do not sell your health, fitness, nutrition, biometric, meal-photo, or chat data.

7. Data Retention and Deletion

• Account, profile, workout, nutrition, progress, settings, and chat data are generally retained while your account remains active.
• AI meal photos are processed to provide the requested result. We do not intentionally store meal recognition images permanently as standalone server files unless you also submit them as feedback attachments or another feature requires storage.
• Feedback records and images may be retained while support is pending and may be removed after resolution under our support cleanup processes.
• Subscription, purchase, entitlement, trial, reward, and anti-fraud records may be retained as needed for billing, legal, accounting, fraud-prevention, chargeback, and store-compliance purposes.
• Hashed device fingerprint records used for trial abuse prevention are scheduled for cleanup after they are older than one year and no longer refreshed. Trial email records may be retained as needed to prevent repeated trial abuse, unless deletion is required by law.
• Accounts that appear inactive for a long period may be deleted under automated retention processes.
• Backups, logs, and security records may persist for a limited time after deletion before being removed from backup systems.

You can request account deletion through the App where available or by contacting us. Account deletion removes your Firebase Authentication account and triggers deletion of your main user profile, user subcollections, and subscription document from active Firebase systems. Some limited records may be retained where necessary for legal, security, fraud-prevention, billing, or dispute purposes.

8. Your Rights and Choices

Depending on where you live, you may have rights to access, receive a copy of, correct, delete, object to, restrict, or withdraw consent for certain processing of your personal information. You can also manage notification, camera, photos, and ad-related permissions through your device or consent settings.

To exercise these rights, contact us using the details below. We may need to verify your identity before completing a request.

9. Children's Privacy

Athlor is not intended for children under 13. We do not knowingly collect personal information from children under 13. Users under 18 should use Athlor only with permission and supervision from a parent or guardian, especially because the App includes fitness and nutrition features.

10. International Data Transfers

Your information may be processed in countries other than your country of residence, including the United States and other locations where Google, Apple, FatSecret, or our infrastructure providers operate. We rely on appropriate safeguards where required by applicable law.

11. Data Security

We use technical and organizational safeguards designed to protect information, including HTTPS/TLS in transit, Firebase and Google Cloud security controls, Firebase App Check, access controls, security rules, and provider security practices. No method of transmission or storage is completely secure, so we cannot guarantee absolute security.

12. Changes to This Policy

We may update this Privacy Policy from time to time. If changes are material, we may notify you through the App, email, store listing, or another appropriate method. The "Last Updated" date shows when this Policy was last revised.

13. Contact Us

If you have questions, requests, or concerns about this Privacy Policy or our data practices, contact us at:

Email: support@athlor.fit