Privacy Policy

Last updated: May 19, 2026

1. Introduction

PozeFit ("we," "our," or "us") is a fitness application that uses AI-powered computer vision to analyze exercise form in real time. This Privacy Policy explains what information we collect, how we use it, how we store and protect it, and your rights regarding your data.

By downloading, installing, or using PozeFit, you agree to the practices described in this Privacy Policy. If you do not agree, please do not use the app.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

  • Email address — used for authentication and account recovery.
  • Password — securely hashed; we never store or have access to your plaintext password.
  • OAuth provider data — if you sign in via Google or Apple, we receive your name and email from that provider. We do not receive or store your OAuth password.

2.2 Profile Information

You may optionally provide:

  • Display name / username
  • Height (in centimeters)
  • Weight (in kilograms)
  • Language preference (English, Hebrew, Arabic, or Russian)

This data is stored locally on your device using encrypted storage (Expo SecureStore on native, localStorage on web).

2.3 Camera & Video Data

PozeFit requires access to your device's camera to perform real-time pose analysis during workouts.

  • Camera feed — processed on-device using Apple Vision (iOS) or MediaPipe Pose Landmarker (Android) to extract body joint coordinates (landmarks). The raw camera feed is never uploaded to our servers or any third party.
  • Video recordings — workout video may be temporarily recorded locally for post-set analysis. These recordings are processed on-device and deleted after analysis. Videos are never transmitted off your device.
  • Pose landmarks — the extracted joint coordinate data (x, y, z positions and visibility scores) is sent to Google's Gemini AI API for form scoring and coaching cue generation.
  • Form analysis snapshots — during each set, up to 4 low-resolution camera snapshots are captured to help the AI visually verify your exercise and assess form details that coordinates alone cannot capture (e.g. grip, posture). Faces are automatically detected and blurred before these snapshots leave your device. The blurred snapshots are sent to Google's Gemini AI API alongside the pose data and are not stored on any server — they are used only for real-time analysis and immediately discarded.

2.4 Workout Data

When you complete a workout, we store the following in our cloud database (Supabase):

  • Exercise performed (exercise name/slug)
  • Session timestamps (start and end time)
  • Duration (in seconds)
  • Number of sets and total reps
  • Average form score (0–100)
  • Per-set data: set number, reps, form score, average tempo, and form issues (text descriptions with severity)

2.5 Health & Fitness Data

With your explicit permission, PozeFit can read health data from your device's health platform:

  • Apple HealthKit (iOS): step count, active energy burned, and Apple Exercise Time — read-only access.
  • Health Connect (Android): steps, total calories burned, active calories burned, and exercise sessions — read-only access.

This health data is displayed on your dashboard and is never uploaded to our servers. It remains entirely on your device. We request read-only permissions — PozeFit never writes to your health data.

2.6 Progress Photos

You may optionally capture or upload progress photos (front, side, and back poses). These photos are:

  • Stored locally on your device in the app's private document directory.
  • Automatically face-blurred — PozeFit detects faces in progress photos and applies a blur for privacy before saving.
  • Never uploaded to our servers or any third party, unless you explicitly choose to use the AI comparison feature, in which case a photo may be sent to Google's Gemini API for progress analysis.

You may optionally attach a body weight measurement and a personal note to each photo entry. These are also stored locally.

2.7 Microphone & Audio

PozeFit may access your device's microphone during workout recordings. If you choose to save or share a workout video, audio is captured alongside the video so the recording includes sound. Microphone audio is:

  • Stored locally as part of the video file on your device.
  • Never uploaded to our servers or any third party.
  • Only recorded when you are actively in a workout session with video recording enabled.

2.8 Location Data

PozeFit does not collect, use, or store your location data. A location permission may appear in the app's permission list due to a third-party library dependency. PozeFit never accesses your GPS, Wi-Fi location, or any other location information.

2.9 App Settings & Preferences

We store your app preferences locally on your device, including:

  • Onboarding completion status
  • Countdown timer duration
  • Weekly workout goal
  • Voice coach enabled/disabled
  • Camera facing direction (front or back)
  • Notification reminder preferences (enabled/disabled, scheduled time)
  • Achievement badges and workout routines

2.10 Notification Data

If you enable notifications, PozeFit schedules local push notifications on your device for:

  • Daily workout reminders (at your chosen time)
  • Streak warnings (to prevent losing your workout streak)
  • Weekly goal reminders
  • Inactivity nudges

These notifications are scheduled entirely on-device. No notification data is sent to external servers.

2.11 Device Identifiers & Attribution Data

To measure how users discover PozeFit (for example, from ads on platforms such as TikTok) and whether installs lead to sign-ups, trials, or subscriptions, we use a mobile attribution partner. Depending on your device and permissions, this may include:

  • User ID — your account identifier, linked to your PozeFit account when you sign in or register.
  • Device / advertising identifiers — on iOS, the advertising identifier (IDFA) only if you allow tracking in Apple's App Tracking Transparency prompt; on Android, the advertising ID where available.
  • Install and campaign attribution data — such as which ad or link led to an install.
  • In-app events — such as registration, login, onboarding completion, subscription or trial start, purchase, and high-level workout milestones (for example, that a form analysis session started or completed, including exercise type and scores). We do not send camera video, photos, or pose landmark data to this partner.

On iOS, PozeFit may show Apple's tracking permission dialog before collecting data used for cross-app advertising measurement. You can change this choice anytime in Settings → Privacy & Security → Tracking.

3. How We Use Your Information

  • Provide the core service: analyze your exercise form using AI, deliver real-time voice coaching cues, and generate post-workout summaries.
  • Track your progress: store workout history, form score trends, streaks, and personal bests so you can monitor improvement over time.
  • Personalize your experience: display your name, preferred language, health stats, and workout goals.
  • Improve the AI: pose landmark data sent to Google Gemini is used solely for generating your form analysis and coaching cues in that session. We do not use your data to train models.
  • Send reminders: local notifications to help you maintain your workout routine.
  • Measure marketing effectiveness: understand which campaigns lead to installs, account creation, trials, and subscriptions, and improve our advertising spend. This uses aggregated attribution data via AppsFlyer — not your workout videos, photos, or health data.

4. Third-Party Services

PozeFit uses the following third-party services:

4.1 Supabase (Authentication & Database)

  • Purpose: user authentication (email/password and OAuth via Google/Apple) and cloud storage of workout session data.
  • Data shared: email address, hashed password, workout session records (exercise, duration, sets, reps, scores).
  • Auth tokens are stored securely on-device using Expo SecureStore (native) or localStorage (web).
  • Privacy Policy: supabase.com/privacy

4.2 Google Gemini AI (Form Analysis & Coaching)

  • Purpose: AI-powered exercise form analysis, real-time voice coaching cue generation, post-workout session summaries, and optional progress photo comparison.
  • Data shared for form analysis: numerical pose landmark coordinates (joint positions), exercise context (exercise name, muscle group, coaching guidelines), session duration, and up to 4 low-resolution camera snapshots per set. All snapshots have faces automatically detected and blurred on your device before being sent. No full video is ever transmitted.
  • For progress comparison: if you use the AI progress comparison feature, progress photos may be sent to Gemini. These photos have faces automatically blurred before transmission.
  • Model used: Gemini 2.5 Flash
  • Privacy Policy: policies.google.com/privacy

4.3 On-Device Pose Detection (Apple Vision & Google MediaPipe)

  • Purpose: real-time body pose detection from camera frames.
  • iOS: uses Apple's built-in Vision framework (VNDetectHumanBodyPoseRequest). No data leaves your device.
  • Android: uses Google MediaPipe Pose Landmarker. Runs entirely on your device. No camera data is sent to Google or any external server.
  • Output: body joint coordinates (landmarks) used for form analysis.

4.4 Apple HealthKit & Android Health Connect

  • Purpose: display daily health metrics (steps, calories, active minutes) on your dashboard.
  • Data shared: none — health data is read on-device and never transmitted externally.
  • Permissions: read-only access, requested only when you choose to connect.

4.5 Expo (App Infrastructure)

  • Expo SecureStore: encrypted on-device key-value storage for auth tokens and app settings.
  • Expo Notifications: local push notification scheduling (on-device only).
  • Expo Speech: text-to-speech for voice coaching cues, processed on-device.
  • Expo Camera / Image Picker: access to device camera and photo library for workouts and progress photos.

4.6 AppsFlyer (Mobile Attribution & Analytics)

  • Purpose: measure app installs and in-app conversions from marketing campaigns (including partner ad networks such as TikTok), and analyze which channels drive sign-ups, trials, and subscriptions.
  • Data shared: device and advertising identifiers (where permitted), AppsFlyer-assigned device ID, your PozeFit user ID when logged in, install attribution metadata, and event data such as registration, login, onboarding completion, trial/subscription/purchase events, and high-level workout activity events (exercise type, form scores, rep counts). Camera footage, progress photos, pose landmarks, and health data are not shared with AppsFlyer.
  • Tracking: on iOS, cross-app advertising measurement uses the advertising identifier only if you grant permission via App Tracking Transparency. If you deny permission, attribution still works using privacy-preserving methods where available, but IDFA is not used.
  • Privacy Policy: appsflyer.com/legal/privacy-policy

5. Data Storage & Security

5.1 On-Device Storage

The following data is stored only on your device and never leaves it:

  • Profile information (name, height, weight)
  • App settings and preferences
  • Progress photos (stored in the app's private document directory)
  • Health data from HealthKit / Health Connect
  • Achievement badges and workout routines
  • Notification schedules

On native platforms (iOS/Android), sensitive data is encrypted using Expo SecureStore.

5.2 Cloud Storage

The following data is stored in our cloud database (Supabase):

  • Account credentials (email, hashed password)
  • Workout session records (exercise, timestamps, duration, sets, reps, form scores, issues)
  • Exercise catalog data

Supabase uses Row Level Security (RLS) to ensure you can only access your own data. All data is transmitted over HTTPS/TLS encryption.

5.3 Temporary Data

  • Workout video recordings (Android) are temporarily stored during a workout set, analyzed on-device by MediaPipe, and deleted after the analysis is complete.
  • Pose landmark data is held in memory during a workout session and discarded after the session ends (after being sent to Gemini for scoring).

6. Camera & Microphone Usage

PozeFit uses your device's camera exclusively for:

  • Real-time pose detection during workouts
  • Capturing progress photos (optional)

Camera frames are processed on-device by Apple Vision (iOS) or MediaPipe (Android). Only the resulting numerical landmark data (joint coordinates) is sent externally (to Gemini for form analysis). No raw images or video are ever uploaded.

PozeFit accesses your microphone only during workout video recordings to capture audio alongside the video. Microphone audio is stored locally on your device as part of the video file and is never uploaded to any server. Voice coaching cues are output-only using your device's text-to-speech engine.

7. Data Sharing

We do not sell, rent, or trade your personal information to third parties.

We share data only as described above:

  • Supabase: account and workout data for cloud sync and authentication.
  • Google Gemini AI: pose landmark coordinates (and optionally face-blurred progress photos) for AI analysis.
  • AppsFlyer: device identifiers (where permitted), user ID, install attribution, and in-app conversion events for marketing measurement — as described in Section 2.11 and 4.6.

We do not sell your personal information. We share data with the service providers above only to operate PozeFit and measure our own marketing. AppsFlyer may link data from our app with third-party data for advertising measurement when you allow tracking on iOS, or as permitted on your platform.

8. Your Rights & Choices

  • Camera permission: you can revoke camera access at any time in your device settings. The app will not function for real-time analysis without it.
  • Health data: you can disconnect health data access at any time. PozeFit only requests read-only permissions.
  • Notifications: you can disable all notifications in your device settings or within the app.
  • Progress photos: you can delete any progress photo entry at any time from within the app. Photos are permanently removed from your device.
  • Account deletion: you may request deletion of your account and all associated cloud data by contacting us at the email below. Upon deletion, all workout session records and account credentials are permanently removed from our database.
  • Data export: you may request a copy of your data by contacting us.
  • App tracking (iOS): you can deny or revoke permission for cross-app tracking in Apple's App Tracking Transparency prompt or in Settings → Privacy & Security → Tracking. PozeFit will still work if you deny tracking; attribution measurement may be less precise.
  • Advertising ID (Android): you can reset or limit your advertising ID in your device's Google settings. PozeFit will still work if you opt out.

9. Children's Privacy

PozeFit is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with personal information, please contact us and we will delete that information promptly.

10. Data Retention

  • Account & workout data: retained in our cloud database for as long as your account is active. Deleted upon account deletion request.
  • On-device data: retained until you uninstall the app or manually delete it within the app.
  • Temporary video recordings: deleted immediately after on-device analysis (typically within seconds).
  • Pose landmark data sent to Gemini: processed in real time and not retained by us after the session. Google's retention policies apply to data processed by Gemini — see their privacy policy.

11. International Data Transfers

Your workout data may be processed and stored on servers located outside your country of residence (Supabase infrastructure and Google Cloud for Gemini API). By using PozeFit, you consent to this transfer. All transfers are protected by HTTPS/TLS encryption.

12. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you through the app or by updating the "Last updated" date at the top of this page. Your continued use of PozeFit after changes constitutes acceptance of the updated policy.

13. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights, contact us at:

📧 privacy@pozefit.app