Privacy Policy

V2 — March 23, 2026

Effective Date: March 23, 2026

Refactor Fitness ("we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your personal information when you use the Refactor Fitness mobile application and web app (the "Service").

1. Information We Collect

We collect the following categories of information:

Account information: Email address and name (optional) provided during registration.
Body measurements: Age, height, weight, goal weight, and optional biological sex (used to estimate resting calorie burn).
Nutrition data: Food entries, meal photos, calorie and macro targets, saved meals, water intake, and fasting logs.
Workout data: Workout logs, exercise sets, personal records, and workout templates.
Progress data: Weight history, progress photos (front, side, back), and notes.
App preferences: Activity level, workout split, display settings, and notification preferences.
Consent records: When you accept our terms, policies, or consent agreements, we record your IP address as part of the consent receipt.

2. How We Store Your Data

Local storage: Your data is stored locally on your device using AES-256 encrypted storage. Encryption keys are managed by the platform's secure storage (Android Keystore / iOS Keychain). Your device is the primary source of truth.
Cloud sync: Data is synced to Amazon Web Services (AWS) infrastructure in the us-west-2 (Oregon) region for backup and multi-device access. All cloud data is encrypted at rest using AES-256 encryption (DynamoDB default encryption for structured data, S3 server-side encryption for photos and files).
In transit: All data transmitted between your device and our servers is encrypted using TLS 1.2 or higher. API connections and content delivery are secured via HTTPS.
Authentication: Account credentials are managed through AWS Cognito with industry-standard security practices. Passwords are never stored by the application.

3. How We Use Your Data

We use your data solely to:

Provide app functionality (tracking nutrition, workouts, and progress).
Sync your data across devices.
Calculate fitness metrics (BMR, macro targets, personal records).
Generate personalized AI-powered workout and nutrition suggestions through Spot, the in-app AI assistant (Pro subscribers only).

We do not:

Sell your data to third parties.
Use your data for advertising or marketing purposes.
Share your data with data brokers.
Use your data for automated decision-making that produces legal or similarly significant effects.

Note: The app uses your profile information (such as fitness goals, body measurements, dietary preferences, and workout history) to personalize AI-generated content including workout plans and meal suggestions. Any AI-proposed changes to your profile settings require your explicit confirmation before being applied.

4. Third-Party Services

We use the following third-party services to operate the app:

Amazon Web Services (AWS): Cloud infrastructure including DynamoDB (database), S3 (file storage), Cognito (authentication), Lambda (server functions), and CloudFront (content delivery). AWS acts as a data processor on our behalf.
Anthropic Claude (via AWS Bedrock): AI model used to power Spot, the in-app AI assistant. Your fitness profile data and conversation messages are processed by the AI model to generate personalized suggestions. This processing occurs within AWS infrastructure. No data is retained by the AI model after processing.
RevenueCat: Subscription and in-app purchase management. Receives your anonymous user identifier and purchase information for payment and entitlement verification. See RevenueCat's privacy policy.
Open Food Facts: A public, open-source food database used for barcode scanning and food search. Search queries and barcodes are sent to Open Food Facts servers. No personal identifying information is shared. See Open Food Facts' privacy policy.
USDA FoodData Central: A public food composition database maintained by the U.S. Department of Agriculture, used for nutrition facts lookup when searching for foods. Search queries are sent to USDA servers. No personal identifying information is shared. See USDA FoodData Central.

We do not integrate with any advertising networks, analytics platforms, or social media services.

5. Data Retention

Your data is retained as long as your account is active. You may delete your account at any time through the app's Profile settings. Upon deletion, all of your health and fitness data — including workouts, nutrition logs, progress photos, body measurements, fasting records, and AI conversation history — is permanently and irrecoverably deleted from our servers.

For fraud prevention purposes, we retain a minimal record containing your user ID, a one-way cryptographic hash of your email address (not the email itself), your account creation date, and your deletion date. This record contains no health or fitness data. It is retained for up to one year, after which it is automatically deleted.

Consent records (documenting which policies you agreed to, when, and from which IP address) are retained for a minimum of 7 years for legal compliance and defense purposes. These records are not deleted when you delete your account, as they serve as proof of informed consent under applicable law.

6. Your Rights

You have the right to:

Access your data by exporting it through the app's Profile > Export Data feature.
Delete your data by using the "Delete Account" option in Profile > Settings.
Correct your data by editing your profile and entries within the app.

7. Age Requirement

Refactor Fitness is intended for users 18 years of age and older. We do not knowingly collect personal information from anyone under 18. If we learn that we have collected information from a person under 18, we will promptly delete that information, including any photos or health data associated with the account.

8. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes through the app. Your continued use of the Service after changes constitutes acceptance of the updated policy.

9. Contact Us

If you have questions about this Privacy Policy or your data, please contact us at:

Email: support@refactorfitness.app