Privacy Policy

• Camera frames stay on your phone. During plank check-in, frames are processed by Apple's Vision framework in-memory. Never saved, never recorded, never uploaded.
• Apple HealthKit step count stays on your phone. Read-only access. Displayed in the home pulse tile and the Becoming bento tile. Never transmitted off-device.
• Lifestyle answers from onboarding stay on your phone. Sleep duration band, stress level, eating cadence, eating window, hormonal stage, weight-related medication status, food relationship, and the rest of the v1.0.6 onboarding lifestyle questions are stored in iOS UserDefaults only, never synced to our servers, never shared with any third party.
• Synced data (profile, weight logs, session results) lives at Supabase under your account. You can delete it from Settings → Account → Delete Account at any time.
• We use PostHog for first-party product analytics. Events capture onboarding-funnel and paywall steps only. They never include health data, lifestyle inputs, weight numbers, or personally-identifying information.
• The website only collects an email if you ask for a free guide. We use it to send the guide and a few follow-up notes (via Resend), and you can unsubscribe in one tap. Website analytics (PostHog) never carry health data.
• No advertising trackers, no data brokers. We don't sell, share, or rent your personal data. The only third parties that touch any of it are the service providers listed below.

On-device only, never leaves your phone

In short: Anything that touches your health profile or your lifestyle inputs stays on your phone. We never receive it, so there's nothing for us to store, share, or delete on request, uninstalling the app is the delete action.

• Camera frames during plank check-in sessions. Processed in-memory by Apple's Vision framework to detect body pose and form faults. Frames are never written to disk, the photo library, or our servers.
• Apple HealthKit step count read via HKStatisticsQuery on the HKQuantityType(.stepCount) permission scope. Read-only. We have not requested, and have not been granted, write access to Apple Health. Our NSHealthUpdateUsageDescription explicitly states that JeniFit does not currently write to Apple Health. See the HealthKit section below for the full flow.
• Lifestyle answers from v1.0.6 onboarding , typical sleep duration band, self-reported stress level, eating cadence, eating window, previous weight-loss attempts, what worked in past attempts, food relationship, hormonal stage, and weight-related medication status. Stored in iOS UserDefaults (via AppStorage). They are not transmitted to Supabase, not included in any cloud sync, not shared with PostHog, and not sent to RevenueCat. They power on-device personalization (paywall headline copy, projection card recap chips, notification timing) and nothing else. A “prefer not to say” option is always offered for the hormonal stage and medication questions; declining does not change pricing or feature access.
• Breathwork session metadata , start time, protocol (cyclic sighing, box breathing, etc.), and duration. Stored locally only.

On-device data is deleted when you uninstall the app. Because there is no server-side copy, there is nothing for us to delete on request.

Account + sync data, stored at Supabase under your account

In short: The data you log in the app, your profile, your weight, your workout history, syncs to our database so it survives across devices and reinstalls.

We collect what you tell us during onboarding and as you use the app:

Product analytics (PostHog)

In short: We track which onboarding step you reach, which paywall you see, and whether you start a trial. We do not track your health data, lifestyle answers, or weight numbers in those events.

JeniFit uses PostHog for first-party product analytics. The events we send, and only these events, are:

• onboarding_start
• onboarding_step_viewed
• onboarding_step_completed
• brand_promises_completed
• paywall_view
• trial_start
• purchase_completed

Each event carries a small property bag with: the step ID, the step position, and two or three audience-segment markers (user_goal, body_focus). Events do not include step count, sleep duration, stress level, hormonal stage, weight-related medication status, food relationship, eating cadence, eating window, weight number, weight goal, weight delta, name, email, Apple ID, or any other personally-identifying information.

The PostHog distinct ID is a random UUID generated per install. It is not linked to your account, your email, or your Apple ID. You can opt out at the system level via iOS Settings → Privacy & Security → Analytics & Improvements , JeniFit honors that flag.

What we don't collect

• Contacts, microphone audio, location, photo library content.
• Browsing history outside the app.
• Device identifiers for advertising or tracking purposes, IDFA is not requested.
• Any HealthKit data type other than step count. We do not read sleep, heart-rate, workouts, body measurements, mindfulness, menstrual cycle, or any other Health metric.

In short: Health and lifestyle data sits on your phone. Account + sync data sits at Supabase (US region). Subscription state sits at RevenueCat. Analytics events sit at PostHog.

• On your device in a SwiftData store inside the app's sandboxed Application Support directory, plus the iOS UserDefaults store for the on-device-only lifestyle answers. HealthKit step count is read from Apple's own Health database and is never copied to ours.
• In the cloud at Supabase (a third-party managed Postgres service, US region). Each row is keyed to your auth user id, and Postgres Row-Level Security policies enforce that you can only read or write your own rows.
• At RevenueCat for subscription state, keyed to your auth user id.
• At PostHog for the analytics events described above. The PostHog distinct ID is a random UUID per install, not linked to your account.
• At Apple if you signed in with Apple ID, and for any local notifications scheduled with iOS.

In short: You. The JeniFit operator on a read-only basis when you write in for support. Our service providers, for the narrow purpose each one is listed for. Nobody else.

Apart from you and Apple's iOS systems on your device:

• The JeniFit operator (Byungsoo Ko) has read-only access to Supabase for support and debugging. We don't browse routinely; we look only if you write in.
• Apple, for Sign in with Apple identifier mapping (we never receive your real Apple ID email if you use Hide My Email).
• Service providers listed below.

We do not sell, share, or rent your personal data.

In short: Six providers. Each one is listed with what they receive and why. Anything not on this list, we don't use.

We do not use Firebase, Crashlytics, Amplitude, Mixpanel, Segment, Google Analytics, Meta Pixel, TikTok Pixel, or any advertising SDK.

In short: We read your daily step count to show you a calm anchor on home and a weekly trend in Becoming. We never write to Health, never store the data on our servers, never share it.

When you tap connect on the home pulse tile, iOS shows the HealthKit permission sheet. If you grant it:

• We read HKQuantityType(.stepCount) via HKStatisticsQuery. Read-only.
• The step count is displayed in the home pulse tile and the Becoming bento tile only.
• The step count never leaves your device. It is not transmitted to Supabase, RevenueCat, PostHog, or any other third party.

We do not have, and have not requested, write access to Apple Health. The NSHealthUpdateUsageDescription string in our Info.plist explicitly states this.

You can revoke at any time: iOS Settings → Health → Data Access & Devices → JeniFit. Revocation does not require any action on our side. There is no copy of the step count on our servers to delete.

In short: If you ask for a free guide, we collect your email to send it and a few follow-up notes, via Resend. You can unsubscribe in one tap, anytime. The site uses first-party PostHog analytics (pages, clicks, campaign tags), no health data, no advertising pixels.

This covers everything on jenifit.app, including the home and marketing pages, the free-guide signup at jenifit.app/gift, the link-in-bio hub at jenifit.app/links, and the field-notes articles at jenifit.app/learn. Only the free-guide signup collects personal information (your email). The other pages are content and links, covered by the website analytics described below.

The free guide (email)

When you request a free guide on jenifit.app, we collect your email address and the campaign/source tags (UTM parameters) from the link you arrived on. We use your email to:

• send you the guide you asked for,
• send a short series of related follow-up emails (a few over the following week), and
• recognize you as a returning lead if you later subscribe in the app.

We never sell or rent your email. Every email includes a one-click unsubscribe (RFC 8058) and a visible unsubscribe link; unsubscribing stops all marketing email. Your email is stored at Resend (our email provider) and is not added to the in-app analytics events described above.

Website analytics (PostHog)

The website uses the same first-party PostHog project for basic analytics: page views, button taps (for example, tapping the App Store badge), the open-in-Safari helper for in-app browsers, and the marketing-campaign tags (UTM parameters) on inbound links. These help us understand which content and channels actually work. Website analytics do not include health, lifestyle, or weight data, and we use no advertising pixels , no Meta Pixel, no TikTok Pixel, no Google Analytics.

PostHog may set first-party cookies or local storage in your browser for analytics. You can block these with your browser settings or a content blocker; the site works the same either way.

Lawful basis (EU / UK)

• The guide + follow-up emails: consent (Article 6(1)(a)), withdraw any time via the unsubscribe link.
• Website analytics: legitimate interest (Article 6(1)(f)) in understanding and improving the site.

In short: See your data, update it, take it with you, delete it. On-device data lives on your phone, uninstall to delete that.

• See or update. Edit Profile lets you change your name, body focus, session length. Weight logs are editable from the Becoming tab.
• Export. Email support@jenifit.app and we'll generate a JSON dump of your synced rows. The on-device-only lifestyle answers are not part of the export because we don't have them, to keep a copy, screenshot the relevant onboarding screens.
• Delete your account. Settings → Account → Delete Account permanently deletes every row of yours from Supabase (cascade), the local SwiftData store, and your RevenueCat customer record. There is no soft-delete; the data is unrecoverable. To also clear the on-device-only lifestyle answers, uninstall the app.
• Withdraw consent. Stop using the app and delete it from your phone. If you want the cloud rows gone too, run Delete Account first.

In short: We do not sell or share your Personal Information. You have the right to know, the right to delete, the right to opt-out of sale (nothing to opt out of), and the right to non-discrimination.

If you reside in California, the California Consumer Privacy Act (CCPA), as amended by the CPRA, gives you the following rights regarding your Personal Information:

• Right to know. The categories of Personal Information we collect are listed under “What we collect” above. To request the specific pieces of Personal Information we hold about you, email support@jenifit.app.
• Right to delete. Use Settings → Account → Delete Account, or email us. Deletion is permanent.
• Right to opt-out of sale or sharing. We do not sell or share Personal Information as those terms are defined under the CCPA. There is no opt-out to exercise because there is no sale or sharing to opt out of.
• Right to correct. Edit your profile in-app, or email us for fields you can't reach.
• Right to non-discrimination. We do not condition pricing or feature access on whether you exercise any of these rights.

Authorized agents may submit a request on your behalf with verifiable proof of authorization. We may need to verify your identity before responding.

In short: Lawful basis is consent for HealthKit and notifications, contract performance for subscription and sync data, and legitimate interest for product analytics. You can object, restrict, or withdraw at any time.

If you reside in the European Economic Area, the United Kingdom, or Switzerland, the General Data Protection Regulation (GDPR) and the UK GDPR give you specific rights. JeniFit's data controller is Byungsoo Ko, reachable at support@jenifit.app.

Lawful basis for processing

• HealthKit step count: consent (Article 6(1)(a)). You opt in via the iOS permission sheet and can withdraw any time via iOS Settings → Health.
• Subscription data (RevenueCat): performance of a contract (Article 6(1)(b)), needed to deliver the paid subscription you bought.
• Account + sync data (Supabase): performance of a contract (Article 6(1)(b)), needed to provide the app.
• Product analytics (PostHog): legitimate interest (Article 6(1)(f)). We use anonymous, non-health event metadata to improve the product. You can object via iOS Settings → Privacy & Security → Analytics & Improvements.
• Notifications: consent (Article 6(1)(a)). You opt in during onboarding or in Settings; opt out any time.
• On-device lifestyle answers: no processing occurs on our side because the data never leaves your device.

Your rights under GDPR

• Access, see what we hold. Email support@jenifit.app.
• Rectification, edit in-app or email us.
• Erasure, Settings → Account → Delete Account.
• Restriction, email us to pause processing.
• Portability, email us for a JSON export of your synced rows.
• Object to legitimate-interest processing , email us, or disable iOS analytics at the system level.
• Lodge a complaint with your national supervisory authority.

We do not currently have an Article 27 EU representative. If a formal representative is required for your request, contact support@jenifit.app and we will name one within a reasonable period.

In short: JeniFit is a consumer fitness app, not a medical service. HIPAA does not apply. If you need HIPAA-grade privacy for a clinical condition, please use a service that operates under a Business Associate Agreement with you or your provider.

HIPAA covers medical providers, health plans, and their business associates. JeniFit is none of these. We do not provide medical care, do not bill insurance, and do not exchange health information with healthcare providers on your behalf.

Although JeniFit reads Apple HealthKit step count (read-only, on-device, never transmitted), step count read in this consumer-app context is wellness data, not protected health information under HIPAA's covered-entity framework. We process it solely for your in-app personalization and never share it. The breathwork module, weight trend, BMI band, plank progress, and projection charts are general wellness references, not clinical diagnoses or treatment recommendations.

In short: Minimum age is 13. Target audience is 18+. If you are under 13, do not use JeniFit.

JeniFit is not directed at children under 13 (or 16 in the EU under GDPR). The app is designed for adult women 18 and over. We don't knowingly collect data from anyone under 13. If you believe a child has signed up, contact us and we'll delete the account.

In short: TLS in transit. Row-level security at the database. No long-lived service credentials in the app.

• TLS 1.2+ in transit between the app and Supabase, Apple, RevenueCat, and PostHog.
• Postgres Row-Level Security on every Supabase table. You can't read or write rows belonging to another user even if our app code had a bug. Policies are versioned in our infrastructure repo.
• No long-lived service credentials are bundled in the app, only public client keys, scoped by RLS on Supabase and project-id-only on PostHog.

In short: We'll bump the “Last updated” date and surface an in-app notice on next launch for non-trivial changes.

The current version reflects iOS app v1.0.6 and the jenifit.app website. If we make material changes, we'll bump the “Last updated” date above and (for non-trivial changes) surface an in-app notice on next launch.

support@jenifit.app