title: Privacy Policy version: 0.1 effective_from: TBD language: en slug: privacy-policy
Talivio Fit Privacy Policy
DRAFT — has not been reviewed by legal counsel.
Last updated: TBD · Version: 0.1
Talivio Fit ("we", "us", "the App") cares about your privacy. This policy explains what we collect, why, who we share it with, and your rights.
1. TL;DR
- 🇩🇪 Your data lives on EU servers in Germany.
- 🤖 Meal photos are sent to Google Gemini AI for recognition only at the moment of upload; the photo is deleted within 30 days.
- ⌚ Apple Health / Health Connect data is read with your permission only — read-only by default.
- 🔒 Health data is always encrypted and tied only to your account.
- 🚪 Delete your account anytime — your data is fully removed within 30 days.
- 📥 Download your data — Settings → Export my data.
2. What we collect
2.1. Information you give us
- Account: email, password (hashed), name (optional), date of birth, gender, country
- Health profile: height, weight, allergies, food dislikes, goals
- Meals: photos you take, manual food entries
- Workouts: activities you log, duration, sets/reps
- Manual entries: water, sleep, stress level, menstrual cycle (optional)
- Community content: posts, messages, profile photo
2.2. Automatically collected
- Device: model, OS version, app version, language
- Usage: which screens you view, when you use the app (anonymized via Firebase Analytics)
- Crash logs (Sentry — no personal info)
- IP address (for session security)
2.3. Sources you connect with consent
- Apple Health (iOS): steps, heart rate, sleep, calories — read-only
- Health Connect (Android): same categories — read-only
- App Store / Google Play: subscription status
3. Why we collect it
| Purpose | Legal basis (GDPR) |
|---|---|
| Operating your account | Contract (Art. 6/1/b) |
| Health data processing | Explicit consent (Art. 9/2/a) |
| AI meal recognition + plan generation | Consent + Contract |
| Security, fraud prevention | Legitimate interest (Art. 6/1/f) |
| Legal obligations (tax, audit) | Legal obligation (Art. 6/1/c) |
| Marketing communications | Consent (opt-in) |
4. AI processing
Talivio Fit uses Google's Gemini AI for two purposes:
4.1. Meal recognition (Gemini Flash)
- Your photo is sent to Google only at the moment of recognition
- Per our API agreement, Google does not use your photos to train its models
- The result (food names + macro estimates) is stored in your account
- The original photo is deleted after 30 days (you can delete sooner)
4.2. Plan generation (Gemini Pro)
- Only anonymised summary data is sent:
- Age range (10-year buckets), gender, goals
- Last 7 days' summary metrics (avg HR, total steps, etc.)
- Name, email, exact date, location are NEVER sent
4.3. Important caveats
- AI estimates are not exact. Recognition, calorie counts, and workout suggestions are approximate
- AI does not replace medical advice. Consult your doctor
- You can override or reject any AI suggestion
5. Who we share with
We do not sell, rent, or expose your data to advertising networks. Only essential service providers:
| Provider | Purpose | Location | Safeguards |
|---|---|---|---|
| Hetzner Cloud / AWS | Server hosting | Germany | DPA + EU GDPR |
| Google LLC | Gemini AI | USA | Standard Contractual Clauses |
| Google Firebase | Push, analytics | USA | SCC |
| Apple Inc. | iOS push | USA | SCC |
| Mailgun (EU) | Email delivery | Ireland | DPA + EU GDPR |
| Stripe / RevenueCat | Subscriptions (planned) | USA/Ireland | SCC |
Assigned real coaches access only your health + goals data for the duration of an active engagement. PII stays hidden.
6. Retention
| Data | Retention |
|---|---|
| Active account data | Until you delete |
| Personal data after deletion | Removed within 30 days |
| Billing records | 10 years (legal obligation) |
| Anonymised analytics | Indefinite |
| Meal photos | 30 days (auto-deleted) |
| AI call logs | 1 year |
| Community posts (deleted user) | Anonymised, user ID stripped |
7. Your rights (GDPR)
- Access — find out what data we hold about you
- Rectification — correct inaccurate data
- Erasure — delete your account and data
- Portability — download all your data in machine-readable format
- Object — to automated decision-making
- Withdraw consent — at any time
How to exercise
In-app:
- Delete account → Settings
- Export my data → Settings (JSON download link valid for 7 days)
- Notification/marketing preferences → Settings
By email:
- 📧 [email protected]
- We respond within 30 days
Complaints
If you're unhappy with our handling, you may complain to your local Data Protection Authority — for EU users, edpb.europa.eu lists national authorities.
8. Children
Talivio Fit does not accept users under 13. Users under 18:
- Cannot access the social module
- Cannot be matched with a real coach
- May require parental consent in some jurisdictions
If we learn a child under 13 has provided data, we delete the account immediately.
9. Cookies & tracking
The mobile app does not use browser cookies. It does use:
- Apple/Google advertising ID (analytics, anonymised)
- Push notification token
- Local storage (session, preferences)
A separate cookie policy applies to the website (talivio.com).
10. Security
- All traffic encrypted with TLS 1.2+
- Passwords hashed with bcrypt
- Health data encrypted at rest with AES-256
- Servers in Germany under EU GDPR protection
- Annual penetration testing (planned)
- Two-factor authentication (coming soon)
In the event of a data breach:
- Affected users notified within 72 hours
- Reported to relevant DPAs (GDPR Art. 33)
11. Updates to this policy
For material changes (new data categories, new third-party sharing):
- An in-app notice is shown
- New consent is requested
- Older versions remain accessible in
legal/archive/
Minor changes (typos, formatting) do not trigger re-consent but version is bumped.
12. Contact
- Email: [email protected]
- Data Controller: Talivio OÜ, Estonia
- DPO: [TBD]
Effective: TBD Version: 0.1 (DRAFT)
Versiyon: 0.1