Privacy Policy for Pocket Coach

1. Introduction

Pocket Coach is a personalized health and fitness coaching application developed and operated by IntegrativeAISolutions ("we," "us," or "our"). We are committed to protecting your privacy and being transparent about how we collect, use, and protect your personal information.

This Privacy Policy explains:

• What information we collect
• How we use your information
• How we protect your information
• Your rights regarding your data
• How to contact us

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

• Email address - for account authentication and communication
• Full name - for personalization
• Password - stored securely using industry-standard encryption (we never store plain-text passwords)

2.2 Health and Fitness Data

To provide personalized coaching, we collect:

• Physical characteristics: Weight, height, age, sex, body fat percentage
• Goals: Target weight, goal date, fitness objectives (cutting, bulking, recomposition)
• Nutrition data: Food logs, meal photos, calorie intake, macronutrient tracking
• Workout data: Exercise logs, training plans, workout completion, RPE (Rate of Perceived Exertion)
• Progress photos: Photos you voluntarily upload to track physical progress
• Weekly check-ins: Weight measurements, adherence ratings, subjective feedback
• Activity level: Daily activity factor, training frequency, session duration
• Dietary preferences: Meal preferences, allergens, food dislikes, dietary restrictions

2.3 Wearable Device Data (Optional)

If you choose to connect wearable devices (such as Apple Watch, Oura Ring, Fitbit, Garmin, WHOOP, or similar devices), we may collect:

• Activity data: Steps, distance, active calories, workout sessions
• Heart rate data: Resting heart rate, heart rate variability (HRV), heart rate during workouts
• Sleep data: Sleep duration, sleep stages (deep, REM, light), sleep quality metrics
• Recovery metrics: Readiness scores, recovery indicators, strain scores
• Body temperature: Baseline and variations (where available)
• Respiratory rate: Breathing rate during sleep (where available)
• Blood oxygen (SpO2): Oxygen saturation levels (where available)

Note: Wearable data integration is entirely optional. You control whether to connect these devices and can disconnect them at any time through the App settings. We only access data you explicitly grant permission for through Apple HealthKit, Google Fit, or the device manufacturer's API.

2.4 Photos and Camera Data

We request camera and photo library permissions to allow you to:

• Take progress photos within the app
• Upload existing photos from your library
• Scan food barcodes for easy nutrition logging
• Use AI photo analysis to log meals

Your photos are stored securely in cloud storage and are never shared with third parties, sold, or used for any purpose other than your personal tracking. You can delete any photo at any time.

2.5 Usage and Technical Data

• Device information: Device type, operating system version, app version
• Usage analytics: Features used, session duration, error logs (for debugging and improvement)
• IP address: For security and fraud prevention
• Notification preferences: Whether you've enabled meal and workout reminders

3. How We Use Your Information

3.1 Primary Purposes

• Personalized Coaching: Generate customized nutrition plans, workout programs, and recommendations based on your goals and progress
• AI-Powered Predictions: Use machine learning and AI models to predict weight trends, recommend macro adjustments, and optimize training
• Progress Tracking: Visualize your journey through charts, timelines, and analytics
• Automated Adjustments: Dynamically adjust your calorie targets and training volume based on your progress
• Notifications: Send helpful reminders for meals, workouts, and weekly check-ins (only if you opt in)
• Wearable Integration: Sync activity, sleep, and recovery data to provide more accurate recommendations

3.2 AI Processing

We use OpenAI's GPT-4 API to:

• Analyze your nutrition and training data
• Generate meal plans tailored to your preferences
• Provide coaching recommendations and insights
• Answer your questions about fitness and nutrition
• Analyze food photos to estimate nutrition information

Important: When we send data to OpenAI for processing, we do not include your name, email, or any directly identifying information. Only relevant health metrics and context are shared. OpenAI does not use data sent via their API to train their models. Learn more about OpenAI's data usage policies.

3.3 Service Operations

• Account management: Authentication, password resets, account recovery
• Communication: Respond to your support requests and questions
• Improvement: Analyze usage patterns to improve the App (aggregated and anonymized)
• Security: Detect and prevent fraud, abuse, and security incidents
• Legal compliance: Comply with applicable laws and regulations

4. How We Store and Protect Your Information

4.1 Data Storage

Your data is stored using the following secure cloud services:

• Supabase: Database and authentication, with servers in the United States
• Supabase Storage: Encrypted cloud storage for photos and files
• Railway: Backend application hosting

All data is encrypted both in transit (using TLS/SSL) and at rest.

4.2 Security Measures

• Encryption: All data transmissions use industry-standard encryption (HTTPS/TLS 1.3)
• Authentication: Passwords are hashed using bcrypt; we never store plain-text passwords
• Access Controls: Strict access controls and role-based permissions limit who can access your data
• Monitoring: Continuous monitoring for security threats and vulnerabilities
• Regular Updates: We keep our systems updated with the latest security patches
• Database Security: Row-level security policies ensure users can only access their own data

4.3 Data Retention

• Active accounts: We retain your data as long as your account is active
• Deleted accounts: When you delete your account, all personal data is permanently deleted within 30 days, including:
  • All food logs and nutrition data
  • All workout logs and training data
  • All progress photos
  • All check-in data
  • Your user profile
• Legal requirements: We may retain certain data if required by law (e.g., for tax purposes or legal disputes)
• Backups: Deleted data may remain in encrypted backups for up to 90 days before permanent deletion

5. Data Sharing and Disclosure

5.1 We Do NOT Sell Your Data

We do not and will never sell, rent, or trade your personal information to third parties for marketing purposes. Period.

5.2 Third-Party Services

We use the following third-party services to operate the App:

• Supabase: Database, authentication, and file storage (subject to their Privacy Policy)
• OpenAI: AI processing for coaching features (subject to their Privacy Policy)
• Railway: Backend hosting infrastructure

These services have their own privacy policies and security practices. We only share the minimum data necessary for them to provide their services, and all are GDPR and SOC 2 compliant.

5.3 Wearable Device Integrations

If you connect wearable devices:

• Data is pulled from Apple HealthKit, Google Fit, or the device manufacturer's API
• We only access data you explicitly grant permission for
• We do not share your wearable data with any third parties
• Device manufacturers (Apple, Oura, Fitbit, etc.) may have their own privacy policies governing their data collection
• You can revoke access at any time through App settings or your device's privacy settings

5.4 Legal Disclosure

We may disclose your information if required to do so by law or in response to:

• Valid legal processes (subpoenas, court orders, search warrants)
• Requests from law enforcement or government agencies (where legally required)
• Situations involving potential threats to public safety or to prevent harm
• Protection of our legal rights or defense of legal claims
• Enforcement of our Terms of Service

When legally permitted, we will notify you of such requests unless prohibited by law.

5.5 Business Transfers

If Integrative AI Solutions is involved in a merger, acquisition, or sale of assets, your information may be transferred. We will provide notice before your information is transferred and becomes subject to a different privacy policy.

6. Your Rights and Choices

6.1 Access and Portability

• View your data: You can view all your data within the App at any time
• Export your data: Contact us at support@integrativeaisolutions.com to request a complete export of your data in JSON format (includes all food logs, workouts, check-ins, and profile data)

6.2 Correction and Updates

• You can update your profile, goals, and preferences at any time through the Settings screen
• You can edit or delete individual food logs, workouts, and photos
• Contact us if you need help correcting inaccurate data

6.3 Deletion

• Delete specific data: You can delete individual food logs, workouts, or photos within the App
• Delete your account: Go to Me → Settings → "Delete My Account" to permanently delete all your data
• Right to be forgotten: Upon account deletion, all personal data is permanently erased within 30 days (may remain in encrypted backups for up to 90 days)

6.4 Opt-Out Options

• Notifications: Disable notifications in Settings or your device settings
• Wearables: Disconnect wearable devices at any time in Settings
• Camera/Photos: Revoke permissions in your device's privacy settings (this will disable photo-related features)
• Marketing emails: Unsubscribe via the link in any marketing email (we send very few of these)

6.5 California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

• Right to know: You can request what personal information we collect, use, disclose, and sell
• Right to delete: You can request deletion of your personal information
• Right to opt-out: You can opt-out of the sale of personal information (note: we don't sell your data)
• Right to non-discrimination: We will not discriminate against you for exercising your rights

To exercise these rights, email support@integrativeaisolutions.com with "CCPA Request" in the subject line.

6.6 European Privacy Rights (GDPR)

If you are in the European Economic Area (EEA), United Kingdom, or Switzerland, you have rights under GDPR:

• Right to access: Request a copy of your data
• Right to rectification: Correct inaccurate data
• Right to erasure: "Right to be forgotten" - delete your data
• Right to restrict processing: Limit how we process your data
• Right to data portability: Receive your data in a portable format
• Right to object: Object to processing of your data
• Right to withdraw consent: Withdraw consent for data processing
• Right to lodge a complaint: File a complaint with your local data protection authority

Legal basis for processing: We process your data based on:

• Your consent (for wearables, photos, notifications)
• Performance of a contract (providing the App services)
• Legitimate interests (improving the App, security)

7. Children's Privacy

Pocket Coach is intended for users 18 years of age and older. We do not knowingly collect personal information from individuals under 18. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately at support@integrativeaisolutions.com, and we will delete such information within 48 hours.

By creating an account, you affirm that you are at least 18 years old and have the legal capacity to enter into this agreement.

8. Health Disclaimer

9. International Users

My Pocket Coach is operated in the United States. If you are accessing the App from outside the United States, please be aware that your information will be transferred to, stored, and processed in the United States.

By using the App, you:

• Consent to the transfer of your information to the United States
• Agree that U.S. law will govern the collection and use of your information
• Acknowledge that U.S. privacy laws may be different from those in your country

For EEA/UK users: We rely on Standard Contractual Clauses (SCCs) approved by the European Commission for data transfers to the United States.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

• Notification: We will notify you of material changes via:
  • Email to your registered email address
  • In-app notification
  • Prominent notice on our website
• Effective date: Changes take effect on the date specified at the top of the updated policy
• Your continued use: Continued use of the App after changes constitutes acceptance of the updated policy
• Review regularly: We encourage you to review this policy periodically
• Version history: Previous versions are available upon request

11. Third-Party Links

The App may contain links to third-party websites or services (e.g., wearable device manufacturer websites, Apple HealthKit, Google Fit). We are not responsible for the privacy practices or content of these third parties. We encourage you to read their privacy policies before providing any information.

12. Cookies and Tracking

The mobile App itself does not use cookies. However:

• Our third-party service providers (Supabase, OpenAI, Railway) may use cookies or similar technologies for authentication and service operation
• If you access our website, standard web cookies may be used
• We do not use third-party advertising or tracking cookies

Refer to our service providers' privacy policies for more information on their use of cookies.

13. Data Breach Notification

In the unlikely event of a data breach that affects your personal information:

• We will notify affected users within 72 hours of discovering the breach
• Notification will be sent via email and in-app notification
• We will provide details about what data was affected and steps you should take
• We will report the breach to relevant authorities as required by law

15. Consent

By using My Pocket Coach, you acknowledge that you have read and understood this Privacy Policy and consent to the collection, use, and disclosure of your information as described herein.

For wearable device integration and photo features, we will request explicit consent before accessing that data.