Privacy Policy

Effective: May 28, 2026 · Last updated: May 28, 2026

SHARK-FIT ("the app", "we", "our") is a fitness, nutrition, and wellness tracking application. We respect your privacy and we want this policy to be as clear and direct as possible. This document explains what data we collect, why, where it goes, and what your rights are.

1. What data we collect

Information you give us

• Account credentials. When you sign up we collect your email address and a password. Passwords are hashed using bcrypt before storage — we never see or store your plain-text password.
• Profile information. Your name (optional), age, height, weight, and fitness goals. We use these to personalize your daily calorie and step targets via the Mifflin-St Jeor equation.
• Meal photos and descriptions. When you choose to use AI meal analysis you provide photos of food. See Section 3 for how these are handled.
• Activity entries. Mood (5-emoji daily log), water intake, manually-logged exercise.

Information collected automatically

• Step count from Apple HealthKit (iOS only). With your permission we read your daily step count from HealthKit. This data is read locally on your device only and is never sent to our backend or to any third party. We do not write any data back to Apple Health.
• Push notification device token. Required so we can deliver the scheduled reminders you opted into. The token identifies your device, not you personally.

What we do not collect

• We do not collect your real name unless you choose to enter it.
• We do not use any analytics SDKs (no Firebase, no Google Analytics, no Facebook SDK).
• We do not collect advertising identifiers (IDFA).
• We do not track you across other apps or websites.
• We do not collect your precise location.

2. How we use your data

• To run the app: show you your meal logs, step counts, achievements, and progress.
• To personalize your calorie and step goals using your profile data.
• To send the scheduled notifications you opted into.
• To estimate the nutritional content of meals when you use AI analysis (see Section 3).

We do not use your data for advertising, marketing, profiling, or sale to third parties.

3. AI meal analysis — third-party data processing

If you tap "Continue with AI Analysis" on the in-app consent screen, the following happens:

1. The meal photo you choose is uploaded from your device to our backend server (a FastAPI service hosted on Render.com).
2. Our backend forwards the photo to Google Gemini AI (a service operated by Google LLC) for nutrition estimation.
3. Gemini returns an estimated breakdown of calories, protein, carbohydrates, and fats, plus a description of the foods detected.
4. We store the result alongside your meal entry in your account.

Important caveats:

• Photos are processed by Google as the third-party AI provider. We do not control Google's data handling beyond what their terms specify. See: https://policies.google.com/privacy and Google's generative AI terms: https://policies.google.com/terms/generative-ai.
• Calorie and macro values are estimates — not medical or nutritional advice.
• You can decline AI analysis at any time and use the rest of the app normally.

4. HealthKit data (Apple Health)

If you grant HealthKit permission:

• We read your step count only.
• HealthKit data is used on-device only to display your daily progress.
• HealthKit data is never transmitted to our backend.
• HealthKit data is never transmitted to Google or any other third party.
• HealthKit data is never used for advertising, marketing, or data mining.
• We do not write any data back to Apple Health.

You can revoke HealthKit access at any time via iOS Settings → Privacy & Security → Health.

5. Where your data is stored

• Account credentials and profile data: MongoDB Atlas (encrypted at rest).
• Backend API: Render.com (hosting our FastAPI server).
• Meal images and nutrition results: stored in MongoDB Atlas, associated with your user account.
• HealthKit data: never leaves your device.
• App preferences (language, notification settings): stored locally on your device using AsyncStorage.

6. Who we share data with

We do not share your data with advertisers, data brokers, or any other parties.

7. Your rights

• Access your data. Email us and we'll send you a copy of your account data within 30 days.
• Edit your profile. All profile data is editable in the app's Profile tab.
• Delete your account. Tap Profile → Delete Account in the app. This removes your account, your meal logs, mood entries, water entries, and notification tokens from our database within 30 days. The action is irreversible.
• Revoke permissions. Camera, photo library, HealthKit, and notification permissions can be revoked anytime in iOS Settings.

8. Data retention

• We keep your account data as long as your account is active.
• When you delete your account, we delete your data within 30 days.
• We may keep aggregated, anonymized usage statistics (such as the total number of meals analyzed across all users) for product improvement. This aggregated data cannot be linked back to you.

9. Children's privacy

SHARK-FIT is intended for users aged 13 and over. We do not knowingly collect data from children under 13. If you believe a child under 13 has created an account, please contact us and we will delete the account.

10. International data transfers

Your data may be transferred to and processed in countries other than your own (such as the United States), where our hosting providers operate. We rely on the standard contractual protections offered by Google, MongoDB, and Render to safeguard this data.

11. Changes to this policy

We may update this policy as the app evolves. We'll change the "Last updated" date at the top of this page. For material changes we'll notify you inside the app before they take effect.

12. Contact

For privacy questions, data access requests, or account deletion: