Privacy Policy
Quick summary. Refactor Fitness collects the data you enter (account info, body measurements, food, workouts) plus minimal technical data needed to run the app. We do not sell your personal information. We do not share your information for cross-context behavioral advertising. We do not use your data to train AI models. We do not store body, progress, personal-record, or measurement photos. Meal-scan photos taken for AI macro estimation are processed transiently and deleted after the macro estimate is returned to you. The only user-supplied photos we retain are those you voluntarily attach to an in-app support request ("feedback photos"), which expire automatically after 7 days. Most data flows are described in Health Data Privacy; this policy explains the rest, plus your rights under California, Washington, and other US laws.
This Privacy Policy is provided by BOGERT CSN 443, LLC, doing business as Refactor Fitness ("Refactor Fitness", "we", "us", "our"). It explains how we collect, use, and disclose personal information when you use the Refactor Fitness mobile application, web app, and related websites (collectively, the "Service"). For consumer health data, this policy is supplemented by our Consumer Health Data Privacy Policy. For AI features, this policy is supplemented by our AI Data Sharing Consent.
1. Personal Information We Collect
We collect the following categories of personal information. Categories in italics are also "consumer health data" under the Washington My Health My Data Act and "sensitive personal information" under the California Consumer Privacy Act, and are described in greater detail in our Consumer Health Data Privacy Policy.
| Category (CCPA §1798.140) | Examples we collect | Source |
|---|---|---|
| Identifiers | Email address, account user ID, IP address (for consent receipts and security logging), device identifiers used for push notifications | You; your device |
| Personal information categories listed in Cal. Civ. Code §1798.80(e) | Name (optional), email address | You |
| Protected classification characteristics | Age, biological sex (optional, used for resting calorie calculations only) | You |
| Commercial information | Subscription status, purchase history, trial status | Apple App Store; Google Play; RevenueCat |
| Internet or other electronic network activity | App usage events (screens visited, features used), crash reports, performance diagnostics — only if you consent to product analytics (Profile > Settings > Privacy) | Your device; Firebase Analytics & Crashlytics (Google) |
| Geolocation data | Approximate location derived from IP address (country / region only); we do not collect precise location | Your network |
| Sensory data | Meal-scan photos you submit for AI macro estimation are uploaded to a dedicated, non-versioned cloud bucket for the duration of the AI analysis and then deleted; we do not retain them after analysis. Feedback photos you voluntarily attach to an in-app support request are retained on a 7-day TTL and are also removed when you delete your account or withdraw your health-data consent. We do not collect or store body, progress, personal-record, or measurement photos. | You |
| Inferences | Calculated targets (BMR, calorie / macro targets), fitness trends, training-load estimates | Derived by us from data you provide |
| Sensitive personal information — health | Body measurements, weight history, fitness goals, food and nutrition logs, workout logs, fasting records, allergies and dietary restrictions, injury history, AI assistant conversation history about your health | You; optionally Apple Health / Google Health Connect |
| Sensitive personal information — account credentials | Password (managed by AWS Cognito; we never store your password in plain text) | You; AWS Cognito |
We do not collect: Social Security numbers, driver's license numbers, financial account numbers (Apple and Google handle payment), precise geolocation, racial or ethnic origin, religious beliefs, union membership, sex life, sexual orientation, immigration status, genetic data, or biometric identifiers used for unique identification.
2. How We Use Personal Information
We use personal information for the following business purposes:
- Provide the Service: create and authenticate your account, sync data across your devices, calculate fitness metrics, log workouts and nutrition, generate progress charts.
- Provide AI features (Pro subscribers who opt in): generate workout plans, meal suggestions, daily briefings, photo-to-macros estimates, and conversational coaching through Spot. See our AI Data Sharing Consent.
- Process subscriptions: manage trial status, entitlements, renewals, and refunds through Apple, Google, or RevenueCat.
- Customer support: respond to your questions, troubleshoot issues, and honor your privacy requests.
- Security and fraud prevention: detect, investigate, and prevent abuse, fraud, unauthorized access, and violations of our Terms of Use.
- Legal compliance: comply with applicable laws, respond to lawful requests, and enforce our agreements.
- Product analytics & crash diagnostics (consent-gated): measure feature engagement, identify crashes and performance regressions, and prioritize improvements. We process this data only if you have consented in Profile > Settings > Privacy.
We do not:
- Sell personal information for money or other valuable consideration.
- Share personal information for cross-context behavioral advertising (as that term is defined under California law).
- Use personal information to train or fine-tune any AI or machine-learning model.
- Use sensitive personal information for any purpose other than to provide and improve the Service you requested, as permitted by California Civil Code §1798.121.
- Make automated decisions that produce legal or similarly significant effects about you. AI suggestions never change your profile or settings without your explicit confirmation.
3. How We Disclose Personal Information
We disclose personal information to the following categories of recipients, in each case only as necessary to provide the Service:
| Recipient | Role | What they receive |
|---|---|---|
| Amazon Web Services, Inc. ("AWS") | Service provider — cloud infrastructure (DynamoDB, S3, Cognito, Lambda, CloudFront, Bedrock) | All data you sync to the cloud, encrypted at rest and in transit |
| Large language models hosted within AWS Bedrock (data does not leave AWS) | Model layer for Spot AI features (Pro, opt-in). We may use any model available in the AWS Bedrock catalog that we deem appropriate, and the specific model handling a given request may change as we tune AI features for accuracy, safety, and cost. | Only the AI inputs you submit (chat messages, prompts, relevant fitness data); not retained by the model and not used for training. See AI Data Sharing Consent |
| Apple Inc. / Google LLC | App distribution and subscription billing | Account identifier, purchase events; governed by Apple's and Google's privacy policies |
| RevenueCat, Inc. | Service provider — subscription entitlement management | Pseudonymous user ID, purchase and entitlement data. See RevenueCat Privacy |
| Google LLC (Firebase Analytics, Firebase Crashlytics) | Service provider — product analytics and crash reporting |
Pseudonymous App Instance ID, event names, device model and OS version, crash stack traces, and feature-level usage events. We do not send your name, email address, exercise names, weight values, calorie totals, dietary restriction flags, or health integration readings to Firebase. Gating: Product Analytics (Firebase Analytics) requires your affirmative opt-in and is disabled by default. Crash Reporting (Firebase Crashlytics) is on by default as part of providing the Service — it does not receive health-specific fields — and you may turn it off in Profile > Settings > Privacy. Retention: Product Analytics data — 2 months active / up to 14 months backup before auto-deletion. Crash Reporting data — 90 days (Firebase fixed retention, no developer control). See Firebase Privacy Policy |
| Open Food Facts | Public food database lookup | Search query or barcode; no personal identifier. See Open Food Facts Privacy |
| USDA FoodData Central | Public food composition database lookup | Search query; no personal identifier |
| Government, law enforcement, or courts | Legal compliance | Only as required by valid legal process or to protect rights, safety, and property |
| Successors in interest | Corporate transactions (merger, acquisition, sale of assets) | All categories above; we will notify you and honor any choices you have made |
Each recipient identified above as a "service provider" processes personal information only as necessary to provide the Service to us and is contractually prohibited from using, retaining, or disclosing personal information for any other purpose, including for the recipient's own commercial benefit. These contractual restrictions are required by California Civil Code §1798.140(ag) and equivalent state-law provisions.
We do not disclose personal information to advertisers, advertising networks, social media platforms, or data brokers. Our marketing website (refactorfitness.app) does not use cookies, ad pixels, or third-party analytics. All static assets (fonts, stylesheets, scripts, images) are served from our own infrastructure; the marketing website makes no third-party requests when you load it.
4. Where Your Data Is Stored and Protected
- On your device: Data is stored locally using AES-256 encrypted storage with keys managed by Android Keystore or iOS Keychain. Your device is the primary source of truth.
- In the cloud: Data is synced to AWS infrastructure in the us-west-2 (Oregon) region. DynamoDB and S3 storage is encrypted at rest with AES-256. Exports are stored in private S3 buckets behind signed URLs. Meal-scan photos submitted for AI macro estimation are transiently held in a private S3 bucket for the duration of the analysis (deleted after macros are returned, with an automatic lifecycle backstop within 72 hours); they are not retained after analysis. Feedback photos voluntarily attached to in-app support requests are stored in a separate private S3 prefix with an automatic 7-day TTL and are also removed when you delete your account or withdraw your health-data consent. We do not store any other user photos.
- In transit: All traffic between your device and our servers is encrypted with TLS 1.2 or higher.
- Authentication: Account credentials are managed by AWS Cognito. We never see, store, or transmit your password in plain text.
No system is perfectly secure. If we discover a breach affecting your personal information, we will notify you and any required regulators in accordance with applicable law.
5. Data Retention
We retain personal information for the periods described below:
- Account data, including consumer health data: retained while your account is active, then deleted within 30 days of account deletion.
- Account-deletion fraud-prevention record: after deletion, we keep a minimal record (user ID, one-way hash of email, account creation date, deletion date) for up to 12 months to detect abuse. This record contains no health, fitness, or financial data.
- Consent receipts: retained for at least 7 years to demonstrate informed consent under applicable law. Consent receipts are not deleted on account deletion.
- Crash and analytics data (if you consented): retained for up to 14 months by Google Firebase, then deleted automatically.
- Backups: encrypted backups roll over within 35 days; deleted data is purged from backups in the normal rotation.
- Legal holds: if we receive a lawful preservation request, we may retain affected data for the duration of the hold.
6. Your Rights Under US Privacy Laws
Depending on your state of residence, you may have the rights described below. We honor these rights regardless of where you live, except where the law itself draws a distinction (for example, the right to opt out of "sale" applies only where applicable).
6.1 California (CCPA / CPRA)
- Right to know: categories and specific pieces of personal information we have collected, the sources, the business purposes, and the categories of recipients.
- Right to access / data portability: a copy of the personal information we hold about you.
- Right to delete: deletion of personal information we have collected from you, subject to legal exceptions.
- Right to correct: correction of inaccurate personal information.
- Right to opt out of sale or sharing: we do not sell or share personal information for cross-context behavioral advertising. See our Do Not Sell or Share My Personal Information page.
- Right to limit use of sensitive personal information: we already use sensitive personal information only for the purposes permitted by Civil Code §1798.121 (providing the Service you requested). You can also turn off optional analytics processing at any time in Profile > Settings > Privacy.
- Right to non-discrimination: we will not deny service, charge a different price, or provide a different level of service because you exercised your privacy rights.
To exercise these rights, email privacy@refactorfitness.app or use the in-app controls (Profile > Settings > Privacy > Export Data, Delete Account, Withdraw Health Data Consent). We will verify your identity, typically by confirming you control the account email. You may use an authorized agent; we will require written proof of authorization.
We will respond within 45 days. If we need more time we will tell you, and the response time may be extended for an additional 45 days as permitted by law.
6.2 Washington (My Health My Data Act)
Washington residents have specific rights regarding consumer health data, including the right to confirm whether we are processing their consumer health data, access that data, request deletion, withdraw consent, and appeal a denial. These rights and the appeal process are described in our Consumer Health Data Privacy Policy.
6.3 Other states (Colorado, Connecticut, Virginia, Utah, Texas, Oregon, Montana, and others)
Residents of states with comprehensive privacy laws have rights similar to those above, including access, deletion, correction (where applicable), portability, opt-out of sale, opt-out of targeted advertising, and opt-out of profiling that produces legal or similarly significant effects. We do not engage in any of those targeted-advertising or profiling activities. To exercise other rights, contact privacy@refactorfitness.app.
7. Your Choices & Controls
- Export your data: Profile > Settings > Export Data.
- Delete your account: Profile > Settings > Delete Account. All consumer health and fitness data is permanently deleted from our servers within 30 days.
- Withdraw health-data consent: Profile > Settings > Privacy > Withdraw Health Data Consent.
- Turn off AI features: Profile > Settings > AI Feature Consent.
- Turn off product analytics: Profile > Settings > Privacy > Analytics & Crash Reporting.
- Push notifications: manage at the OS level (Settings > Notifications > Refactor Fitness).
- Apple Health / Google Health Connect: manage permissions in the Apple Health app or the Health Connect settings on your Android device.
8. Consumer Health Data & Firebase Analytics (MHMDA)
Under the Washington My Health My Data Act (RCW 19.373), we are required to disclose any third-party sub-processors that receive app telemetry processed alongside user activity. Firebase Analytics and Firebase Crashlytics (Google LLC) receive de-identified app telemetry when you use Refactor Fitness. Affirmative consent is required before any analytics data is shared — Product Analytics is off by default and requires your opt-in (Profile > Settings > Privacy).
Crash Reporting does not receive consumer health data fields. We do not send exercise names, weight values, calorie totals, dietary restriction flags, fasting durations, or health integration readings to Firebase. This exclusion is enforced in the app's event pipeline; health-specific fields are scrubbed before any event is dispatched.
Turning off analytics does not delete data already transmitted. To request deletion of previously transmitted analytics data, use Delete My Analytics Data (Profile > Settings > Privacy). See §9 for the deletion timeline.
Google LLC is an authorized sub-processor under a Google Data Processing Agreement consistent with our obligations under WA RCW 19.373. Google processes app telemetry only for the app stability and improvement services described in this policy.
9. Data Deletion & Response Timelines
We delete your data from active systems within 45 days of a verified deletion request. Our analytics processor (Google) completes deletion from backup systems within an additional 18 days, for a total of up to 63 days from request to full purge. You can trigger deletion of analytics data independently of account deletion via Profile > Settings > Privacy > Delete My Analytics Data.
9.1 Response Timelines
We acknowledge consumer rights requests within 10 business days of receipt (CCPA §1798.130(a)(2)).
We respond to consumer rights requests within 45 days of receipt. If a 45-day extension is needed, we will notify you before the original deadline expires (CCPA §1798.130(a)(2)(B)).
Washington consumer health data requests: we respond within 45 days, with a possible 45-day extension upon notice (RCW 19.373.050).
10. Your Privacy Choices & Controls (Updated)
In addition to the controls listed in §7, the following apply to analytics and crash reporting:
- Turn off product analytics: Profile > Settings > Privacy > Analytics & Crash Reporting. Turning off Product Analytics stops future event delivery to Firebase Analytics. Previously transmitted data is not automatically deleted — use "Delete My Analytics Data" to request deletion.
- Delete analytics data: Profile > Settings > Privacy > Delete My Analytics Data. This submits a deletion request to Firebase's User Deletion API covering all App Instance IDs associated with your account. Google's deletion SLA is up to 72 hours for propagation, with full backup purge within 63 days total.
- Do Not Sell or Share My Personal Information: We do not sell or share your personal information for cross-context behavioral advertising. See our Do Not Sell or Share My Personal Information page (CCPA §1798.135).
11. Children's Privacy
Refactor Fitness is intended for users 18 years of age and older. We do not knowingly collect personal information from anyone under 18. If we learn we have collected personal information from a person under 18, we will promptly delete that information and any associated health data. If you believe a minor has used the Service, contact privacy@refactorfitness.app.
12. International Users
The Service is offered to and intended for users in the United States. We do not target users outside the US, and we do not currently support GDPR, UK GDPR, PIPEDA, LGPD, or other non-US privacy regimes. If you are accessing the Service from outside the US, your information will be transferred to and processed in the United States. If you reside outside the US, you may not be afforded the rights provided by your local law beyond the rights described in this policy. You may delete your Account and your data at any time using the controls described in §7.
13. Changes to This Policy
We may update this Privacy Policy from time to time. The version number and effective date at the top of this page reflect the most recent revision. If we make material changes — for example, adding a new category of personal information, a new category of recipient, or a new purpose of processing — we will notify you in the app and ask for your renewed consent before the change applies to you. Minor clarifications may be made without re-consent.
14. Contact Us
For privacy questions, requests, or complaints, contact:
BOGERT CSN 443, LLC d/b/a Refactor Fitness
Email: privacy@refactorfitness.app
Mailing address: see Terms of Use §22 (Contact Us).
If you are not satisfied with our response, you may also have the right to file a complaint with your state attorney general or, in California, with the California Privacy Protection Agency.