Privacy Policy
Draft — last edited 2026-07-11. Not yet reviewed by counsel.
PrivacyInfo.xcprivacy manifest), but has not been reviewed by a lawyer or checked
against every jurisdiction's specific requirements (e.g. GDPR, CCPA, PIPL). Have it reviewed before
linking it from a live App Store listing.
1. What we collect
Test and health data. Results from the fitness tests you run — VO₂max, heart rate, HRV, body fat, strength and power scores, posture angles, and similar. If you connect Apple Health, we read (never write) VO₂max, resting heart rate, body fat, height/weight, and HRV to help fill in your results.
Photos and videos. Jump-test captures, posture scan photos, and meal photos you choose to take within the App.
Free-text notes. Training feedback and injury descriptions you choose to type.
Your name. The first name you enter during setup, used only to personalize greetings in the App.
We do not collect your precise location, contacts, browsing history, or any financial information — subscription payments are handled entirely by Apple, and we never see your card details.
2. How we use it
All of the above is used solely to run the App's core functionality: scoring your tests, showing your history and trends, and — only when you tap to request it — generating an AI Coach reading, posture insight, or meal analysis. We do not use your data for advertising, and we do not build behavioral profiles or track you across other apps or websites.
3. Where it lives
Your test results, photos, and notes are stored locally on your device. There is currently no BodyBench account system and no server that stores your data by default.
When you tap to request an AI reading, the relevant data for that specific request is sent to the third-party AI provider you've selected in Settings (Claude, DeepSeek, Gemini, GLM, or Qwen) so it can generate the response. That data flows directly from your device to the provider you chose — it isn't routed through a BodyBench server (unless the future backend-proxy option described below is in effect, in which case it passes through our proxy on its way to the provider).
4. Third-party AI providers
Each AI provider processes the data you send it under its own privacy policy and data-handling practices, which we don't control. You choose which provider to use in Settings, and no data is sent to a provider unless you actively request a reading.
5. No tracking, no ad SDKs
BodyBench does not include any advertising or analytics SDK, does not use your device's advertising
identifier, and does not track you across apps or websites. This is also declared in the app's
PrivacyInfo.xcprivacy manifest (NSPrivacyTracking = false).
6. Your choices
You can delete your local test data anytime from Settings › Data & privacy › Reset test data. Disconnecting Apple Health in iOS Settings stops future reads immediately. Uninstalling the App removes all locally stored data.
7. Children's privacy
BodyBench is not directed at children under 16. We do not knowingly collect data from children under that age.
8. Security
Data in transit to AI providers is sent over standard HTTPS/TLS. Data at rest on your device is protected by iOS's standard app sandboxing and device encryption.
9. If we add a backend proxy
We're planning to introduce an optional backend proxy for AI requests so API keys don't need to live on individual devices. If and when that ships, this policy will be updated to describe exactly what passes through that proxy and how long it's retained there — at minimum, your test data or photos for that single request, transiently, to be forwarded to the AI provider.
10. Changes to this policy
We'll update the "last edited" date above whenever this policy changes, and — for material changes — try to surface that in the App itself.
11. Contact
Questions about this policy: [support email to be added once available].