Privacy Policy

What this is

GoodFitCoach AI (“we”, “our”) is a personal fitness, nutrition, and calorie-tracking app. This page explains exactly what data we collect, why we collect it, who we share it with, and how you can delete it.

Data we collect

• Account data: email address (used for magic-link sign-in), display name, optional coach name.
• Fitness profile: birth date, sex, height, current and target weight, activity level, goal type, workout days/week, dietary preferences, allergies, food likes/dislikes, optional medical notes.
• Daily activity: meals logged (text, optional photo), calories, macros, weigh-ins, workouts, steps and active-minutes if you opt in to HealthKit / Health Connect.
• Coach chat: messages you send to the coach and the coach's replies. Used to give context to the next coach turn.
• Subscription / billing: your subscription tier, trial state, billing period, and a payment-provider customer/order id. Payments are processed by Lemon Squeezy (our Merchant of Record; Stripe on some plans) — we never receive or store full card numbers.
• Device & anti-abuse signals: a random install identifier we generate on your device and, in our logs, your IP address. We store these only as a salted, one-way hash to enforce one free trial per person and to rate-limit abuse — they are not used to track you across other apps or sites, and the raw values are never sold or shared for advertising.
• Push tokens (optional): if you enable reminders, an encrypted push-subscription token for your installed app. Deleted with your account.

How we use it

• Calculate your daily calorie target (deterministic Mifflin-St Jeor) and macro split.
• Power the daily AI coach kickoff and chat replies, which are sent to OpenAI's API. We never share your data with OpenAI for model training.
• Generate the weekly progress calendar.
• Send transactional emails (magic-link login, billing receipts). We do not currently send marketing email.

Who we share it with

• Supabase — authentication and Postgres hosting.
• DigitalOcean — application hosting, object storage for meal/body photos.
• OpenAI — meal photo analysis, coach chat, and meal-extraction LLM calls. We use the OpenAI API tier where data is not used for training.
• Lemon Squeezy — our Merchant of Record for payments and subscriptions (handles checkout, card data, tax, and receipts). Stripe may process payments on some plans. We never receive full card numbers.
• Resend — delivery of transactional email (sign-in codes, receipts).
• Sentry — error tracking. PII is scrubbed before events are sent (Authorization headers, request bodies, cookies, user emails are stripped at the SDK layer).
• PostHog — product analytics. We send only allow-listed, non-identifying events keyed by a random user id — never your email, messages, photos, or free text.
• LangFuse — AI-quality monitoring of coach responses, bound so it never carries raw personal content.
• Cloudflare — DDoS protection, CDN. They see request metadata (IP, URL) but not request bodies.

We do not sell your data. We do not use behavioral advertising. We do not embed third-party trackers in the PWA.

Your rights

You can export, correct, or delete your data at any time:

• Delete: in-app at /settings or publicly at /account-deletion.
• Export: email [email protected] and we will respond within 30 days.
• Correct: any field on the profile page is editable by the user directly.

Retention

Daily logs / meal records / coach chat are retained for as long as your account exists. When you delete your account we erase the personal data immediately and the operator audit log retains a NULL-targeted row for compliance (limited to action type, timestamp, and the requested reason).

Contact

Privacy contact: [email protected]. Security disclosure: [email protected] (see also security.txt).

Children

GoodFitCoach AI is not directed to children under 13 (or the minimum age in your country), and we do not knowingly collect their data. If you believe a child has signed up, contact us and we will delete the account.

Changes to this policy

If we make a material change to how we handle your data, we will post the updated policy here with a new “Last updated” date. This policy describes our current practices and is not a substitute for legal advice.