THRYV

Privacy Policy

Effective Date: [INSERT EFFECTIVE DATE]

Welcome to AI Fit Tracker (“the App”, “we”, “our”, or “us”), operated by Thryv (“Company”), registered in Egypt.

This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our mobile application. By creating an account or using the App, you agree to the practices described in this policy.

If you do not agree with this policy, please do not use the App.

1. Information We Collect

1.1 Account Data

  • Email address — used to create and manage your account.
  • Password — stored exclusively as a secure, one-way cryptographic hash. We never store or transmit your password in plaintext.

1.2 Personal Metrics

  • Height, weight, age, and gender
  • Fitness goal (e.g., weight loss, muscle gain, maintenance)

These are provided voluntarily during onboarding and are used to personalise your experience.

1.3 Health & Fitness Data

  • Workout logs: exercises performed, sets, reps, and weights
  • Body measurements: weight entries, body fat percentage, waist circumference, and other tracked metrics
  • Workout streaks, session history, and consistency records

1.4 Nutrition Data

  • Food logs and meal types (breakfast, lunch, dinner, snacks)
  • Calorie counts and macronutrient breakdowns (protein, carbohydrates, fat)

1.5 Achievement Data

  • Badges earned, personal records, and milestone notifications

1.6 Device & Usage Data

  • App usage analytics (e.g., feature interactions, session duration) may be collected to improve the App. No personally identifiable device fingerprints are collected.
  • Theme preferences and session tokens are stored locally on your device via AsyncStorage.

1.7 What We Do NOT Collect

  • Precise or approximate location data
  • Camera or microphone access
  • Social login credentials (we use email/password only)
  • Payment or financial information
  • Any data from advertising or analytics SDKs — we use none

2. How We Use Your Data

We use the information we collect to:

  • Create and authenticate your account
  • Display and sync your fitness, nutrition, and health data across your devices
  • Calculate progress metrics, streaks, and personalised recommendations
  • Send important service notifications (e.g., password reset emails)
  • Improve App stability and performance through anonymous usage analytics
  • Comply with legal obligations

We do not use your data for advertising, profiling for third-party marketing, or any purpose beyond operating and improving the App.

3. How Your Data Is Stored & Protected

3.1 Cloud Infrastructure

Your account and health data are stored on servers managed by Supabase, a cloud database and authentication provider. You can review Supabase's security and privacy practices at https://supabase.com/privacy.

Supabase uses PostgreSQL databases hosted on secure cloud infrastructure with encryption at rest and in transit (TLS/SSL).

3.2 Local Storage

Theme preferences and session tokens are stored locally on your device using AsyncStorage. This data never leaves your device except as part of standard authenticated API communication.

3.3 Security Measures

  • All data transmitted between the App and our servers is encrypted using TLS.
  • Passwords are hashed using a strong one-way algorithm and are never stored or logged in plaintext.
  • Access to the database is restricted to authorised services only.
  • We regularly review our security practices to guard against unauthorised access, disclosure, or loss.

No method of transmission or storage is 100% secure. While we take reasonable precautions, we cannot guarantee absolute security. In the event of a data breach that affects your rights, we will notify you as required by applicable law.

4. Sensitivity of Health Data

We recognise that fitness, nutrition, and body measurement data is sensitive. We treat this data with additional care:

  • Health data is stored in your private account and is never shared with other users.
  • We do not sell, rent, or license your health data to any third party under any circumstances.
  • Health data is used exclusively to provide the App's core features to you personally.
  • Aggregate, anonymised, and non-identifiable statistical data may be used internally to improve App features.

5. Data Sharing & Third Parties

We do not sell your personal data. We share data only in the following limited circumstances:

  • Service Providers: Supabase processes data on our behalf as described in Section 3. They are contractually obligated to protect your data and may not use it for their own purposes.
  • Legal Requirements: We may disclose data if required by law, court order, or to protect the rights and safety of our users or the public.
  • Business Transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction. We will notify you before your data becomes subject to a different privacy policy.

No advertising SDKs or third-party analytics services are embedded in this App.

6. Data Retention

We retain your personal data for as long as your account is active. If you delete your account, all associated data — including workout logs, nutrition logs, body measurements, and account credentials — is permanently deleted within 30 days.

Anonymised or aggregated data that cannot identify you may be retained indefinitely for product analytics purposes.

7. Your Rights

Depending on your country of residence, you may have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Update or correct inaccurate data directly in the App settings, or by contacting us.
  • Deletion: Request permanent deletion of your account and all associated data (see Section 8).
  • Portability: Request an export of your data in a structured, machine-readable format.
  • Restriction: Request that we limit processing of your data in certain circumstances.
  • Objection: Object to processing based on legitimate interests.
  • Withdraw Consent: Where processing is based on consent, you may withdraw it at any time without affecting prior processing.

To exercise any of these rights, contact us at privacy@thryv-fitness.com. We will respond within 30 days.

If you are located in the European Economic Area (EEA) and believe we are handling your data unlawfully, you have the right to lodge a complaint with your local data protection authority.

8. Account & Data Deletion

You can delete your account and all associated data by:

  1. Opening the App and navigating to Profile → Settings → Delete Account.
  2. Confirming the deletion request in the prompt.

Alternatively, email us at privacy@thryv-fitness.com with the subject line “Account Deletion Request” and your registered email address. We will process your request within 30 days.

Once deleted, your data cannot be recovered. Backups may retain your data for up to an additional 7 days before full removal from all systems.

9. Children's Privacy

AI Fit Tracker is intended for users who are 13 years of age or older (or 16 years old in jurisdictions where a higher age threshold applies, such as certain EU member states under GDPR).

We do not knowingly collect personal information from children under the applicable minimum age. If you are a parent or guardian and believe your child has provided us with personal data, please contact us immediately at privacy@thryv-fitness.com and we will delete the data promptly.

If we discover that a user is below the required minimum age, we will deactivate the account and delete all associated data without delay.

10. International Data Transfers

AI Fit Tracker is operated from Egypt and primarily serves users in that region, though users from other countries may use the App. Your data may be transferred to and stored on servers located outside your country of residence as part of Supabase's infrastructure.

When transferring data internationally, we rely on lawful transfer mechanisms (including standard contractual clauses where required) to ensure your data receives adequate protection regardless of where it is processed.

11. Legal Basis for Processing (GDPR)

If you are located in the EEA or UK, we process your data on the following legal bases:

  • Contract performance: Processing necessary to provide the App's services (account management, data sync).
  • Consent: Processing of sensitive health data, where you have explicitly agreed to provide it.
  • Legitimate interests: Analytics to improve the App, provided your rights do not override those interests.
  • Legal obligation: Where processing is required to comply with applicable law.

12. Cookies & Local Storage

The App does not use browser cookies. Session tokens and user preferences are stored locally on your device via AsyncStorage. This data is used solely to keep you logged in and maintain your app settings between sessions. It is not used for tracking or advertising.

13. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will revise the “Effective Date” at the top of this page and, where the changes are significant, notify you via an in-app notice or email.

We encourage you to review this policy periodically. Continued use of the App after changes are posted constitutes your acceptance of the updated policy.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us:

Thryv

Egypt

Email: privacy@thryv-fitness.com

Website: thryv-landing-page.vercel.app

This policy applies to the AI Fit Tracker mobile application available on iOS and Android. It does not apply to any third-party websites or services linked from the App.