Privacy Policy

Last updated: March 25, 2026

1. Introduction

PozeFit ("we," "our," or "us") is a fitness application that uses AI-powered computer vision to analyze exercise form in real time. This Privacy Policy explains what information we collect, how we use it, how we store and protect it, and your rights regarding your data.

By downloading, installing, or using PozeFit, you agree to the practices described in this Privacy Policy. If you do not agree, please do not use the app.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

  • Email address — used for authentication and account recovery.
  • Password — securely hashed; we never store or have access to your plaintext password.
  • OAuth provider data — if you sign in via Google or Apple, we receive your name and email from that provider. We do not receive or store your OAuth password.

2.2 Profile Information

You may optionally provide:

  • Display name / username
  • Height (in centimeters)
  • Weight (in kilograms)
  • Language preference (English, Hebrew, Arabic, or Russian)

This data is stored locally on your device using encrypted storage (Expo SecureStore on native, localStorage on web).

2.3 Camera & Video Data

PozeFit requires access to your device's camera to perform real-time pose analysis during workouts.

  • Camera feed — processed on-device using MediaPipe Pose Landmarker to extract body joint coordinates (landmarks). The raw camera feed is never uploaded to our servers or any third party.
  • Video recordings — on Android, workout video is temporarily recorded locally for post-set analysis via our native VideoAnalyzerModule (MediaPipe). These recordings are processed on-device and deleted after analysis. Videos are never transmitted off your device.
  • Pose landmarks — the extracted joint coordinate data (x, y, z positions and visibility scores) is sent to Google's Gemini AI API for form scoring and coaching cue generation. This data contains no images or video — only numerical body position coordinates.

2.4 Workout Data

When you complete a workout, we store the following in our cloud database (Supabase):

  • Exercise performed (exercise name/slug)
  • Session timestamps (start and end time)
  • Duration (in seconds)
  • Number of sets and total reps
  • Average form score (0–100)
  • Per-set data: set number, reps, form score, average tempo, and form issues (text descriptions with severity)

2.5 Health & Fitness Data

With your explicit permission, PozeFit can read health data from your device's health platform:

  • Apple HealthKit (iOS): step count, active energy burned, and Apple Exercise Time — read-only access.
  • Health Connect (Android): steps, total calories burned, active calories burned, and exercise sessions — read-only access.

This health data is displayed on your dashboard and is never uploaded to our servers. It remains entirely on your device. We request read-only permissions — PozeFit never writes to your health data.

2.6 Progress Photos

You may optionally capture or upload progress photos (front, side, and back poses). These photos are:

  • Stored locally on your device in the app's private document directory.
  • Automatically face-blurred — PozeFit detects faces in progress photos and applies a blur for privacy before saving.
  • Never uploaded to our servers or any third party, unless you explicitly choose to use the AI comparison feature, in which case a photo may be sent to Google's Gemini API for progress analysis.

You may optionally attach a body weight measurement and a personal note to each photo entry. These are also stored locally.

2.7 App Settings & Preferences

We store your app preferences locally on your device, including:

  • Onboarding completion status
  • Countdown timer duration
  • Weekly workout goal
  • Voice coach enabled/disabled
  • Camera facing direction (front or back)
  • Notification reminder preferences (enabled/disabled, scheduled time)
  • Achievement badges and workout routines

2.8 Notification Data

If you enable notifications, PozeFit schedules local push notifications on your device for:

  • Daily workout reminders (at your chosen time)
  • Streak warnings (to prevent losing your workout streak)
  • Weekly goal reminders
  • Inactivity nudges

These notifications are scheduled entirely on-device. No notification data is sent to external servers.

3. How We Use Your Information

  • Provide the core service: analyze your exercise form using AI, deliver real-time voice coaching cues, and generate post-workout summaries.
  • Track your progress: store workout history, form score trends, streaks, and personal bests so you can monitor improvement over time.
  • Personalize your experience: display your name, preferred language, health stats, and workout goals.
  • Improve the AI: pose landmark data sent to Google Gemini is used solely for generating your form analysis and coaching cues in that session. We do not use your data to train models.
  • Send reminders: local notifications to help you maintain your workout routine.

4. Third-Party Services

PozeFit uses the following third-party services:

4.1 Supabase (Authentication & Database)

  • Purpose: user authentication (email/password and OAuth via Google/Apple) and cloud storage of workout session data.
  • Data shared: email address, hashed password, workout session records (exercise, duration, sets, reps, scores).
  • Auth tokens are stored securely on-device using Expo SecureStore (native) or localStorage (web).
  • Privacy Policy: supabase.com/privacy

4.2 Google Gemini AI (Form Analysis & Coaching)

  • Purpose: AI-powered exercise form analysis, real-time voice coaching cue generation, post-workout session summaries, and optional progress photo comparison.
  • Data shared: numerical pose landmark coordinates (joint positions), exercise context (exercise name, muscle group, coaching guidelines), and session duration. No images, video, or personally identifiable information is sent to Gemini for form analysis.
  • For progress comparison: if you use the AI progress comparison feature, progress photos may be sent to Gemini. These photos have faces automatically blurred before transmission.
  • Model used: Gemini 2.5 Flash
  • Privacy Policy: policies.google.com/privacy

4.3 Google MediaPipe (On-Device Pose Detection)

  • Purpose: real-time body pose detection from camera frames.
  • Processing: runs entirely on your device. No camera data is sent to Google or any external server.
  • Output: body joint coordinates (landmarks) used for form analysis.

4.4 Apple HealthKit & Android Health Connect

  • Purpose: display daily health metrics (steps, calories, active minutes) on your dashboard.
  • Data shared: none — health data is read on-device and never transmitted externally.
  • Permissions: read-only access, requested only when you choose to connect.

4.5 Expo (App Infrastructure)

  • Expo SecureStore: encrypted on-device key-value storage for auth tokens and app settings.
  • Expo Notifications: local push notification scheduling (on-device only).
  • Expo Speech: text-to-speech for voice coaching cues, processed on-device.
  • Expo Camera / Image Picker: access to device camera and photo library for workouts and progress photos.

5. Data Storage & Security

5.1 On-Device Storage

The following data is stored only on your device and never leaves it:

  • Profile information (name, height, weight)
  • App settings and preferences
  • Progress photos (stored in the app's private document directory)
  • Health data from HealthKit / Health Connect
  • Achievement badges and workout routines
  • Notification schedules

On native platforms (iOS/Android), sensitive data is encrypted using Expo SecureStore.

5.2 Cloud Storage

The following data is stored in our cloud database (Supabase):

  • Account credentials (email, hashed password)
  • Workout session records (exercise, timestamps, duration, sets, reps, form scores, issues)
  • Exercise catalog data

Supabase uses Row Level Security (RLS) to ensure you can only access your own data. All data is transmitted over HTTPS/TLS encryption.

5.3 Temporary Data

  • Workout video recordings (Android) are temporarily stored during a workout set, analyzed on-device by MediaPipe, and deleted after the analysis is complete.
  • Pose landmark data is held in memory during a workout session and discarded after the session ends (after being sent to Gemini for scoring).

6. Camera & Microphone Usage

PozeFit uses your device's camera exclusively for:

  • Real-time pose detection during workouts
  • Capturing progress photos (optional)

Camera frames are processed on-device by MediaPipe. Only the resulting numerical landmark data (joint coordinates) is sent externally (to Gemini for form analysis). No raw images or video are ever uploaded.

PozeFit does not access your microphone. Voice coaching cues are output-only using your device's text-to-speech engine.

7. Data Sharing

We do not sell, rent, or trade your personal information to third parties.

We share data only as described above:

  • Supabase: account and workout data for cloud sync and authentication.
  • Google Gemini AI: pose landmark coordinates (and optionally face-blurred progress photos) for AI analysis.

We do not use any analytics, advertising, or tracking SDKs. We do not share data with advertisers.

8. Your Rights & Choices

  • Camera permission: you can revoke camera access at any time in your device settings. The app will not function for real-time analysis without it.
  • Health data: you can disconnect health data access at any time. PozeFit only requests read-only permissions.
  • Notifications: you can disable all notifications in your device settings or within the app.
  • Progress photos: you can delete any progress photo entry at any time from within the app. Photos are permanently removed from your device.
  • Account deletion: you may request deletion of your account and all associated cloud data by contacting us at the email below. Upon deletion, all workout session records and account credentials are permanently removed from our database.
  • Data export: you may request a copy of your data by contacting us.

9. Children's Privacy

PozeFit is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with personal information, please contact us and we will delete that information promptly.

10. Data Retention

  • Account & workout data: retained in our cloud database for as long as your account is active. Deleted upon account deletion request.
  • On-device data: retained until you uninstall the app or manually delete it within the app.
  • Temporary video recordings: deleted immediately after on-device analysis (typically within seconds).
  • Pose landmark data sent to Gemini: processed in real time and not retained by us after the session. Google's retention policies apply to data processed by Gemini — see their privacy policy.

11. International Data Transfers

Your workout data may be processed and stored on servers located outside your country of residence (Supabase infrastructure and Google Cloud for Gemini API). By using PozeFit, you consent to this transfer. All transfers are protected by HTTPS/TLS encryption.

12. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you through the app or by updating the "Last updated" date at the top of this page. Your continued use of PozeFit after changes constitutes acceptance of the updated policy.

13. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights, contact us at:

📧 privacy@pozefit.app