Privacy Policy

Welcome to Phyze ("we," "our," or "us"). We are committed to protecting your privacy. This Privacy Policy explains how we collect, use, and disclose information about you when you use our mobile application ("Phyze") and our website. Our support email is entelix.group@gmail.com.

1. Information We Collect

We collect information to provide a personalized fitness coaching experience. This includes:

• Account Information: When you sign up using email, Apple Sign-In, or Google Sign-In, we collect your email address, name, and user ID.
• Health & Fitness Data (HealthKit & Google Fit): If you grant permission, Phyze reads metrics from Apple HealthKit and/or Google Fit, such as steps, active energy burned (calories), heart rate, sleep duration, weight, and workouts.
• Workout Details: Exercises you track, sets, reps, weights, and workout duration.
• AI Coach Conversations: The chat messages you send to the AI Coach to generate and adjust workout routines and get health tips.

2. How We Use Your Information

We use the collected information for the following purposes:

• To customize your workout plans and calculate exercise recommendations via the AI Coach.
• To display progress metrics, charts, and history inside the application.
• To handle premium subscriptions and transactions securely via RevenueCat.
• To identify and resolve application crashes and improve performance using Firebase Crashlytics.

3. Critical Policy Regarding Health Data

Important for Apple HealthKit & Google Fit users:

• Phyze does NOT use health data collected via HealthKit or Google Fit for marketing or advertising purposes.
• We do NOT sell or share your health data with any third-party advertisers, data brokers, or information resellers.
• Your health metrics are processed locally on your device or securely transmitted to our database solely for the purpose of running the AI Coach features. Data is isolated from marketing systems.
• You can modify or completely revoke Phyze's access to Apple HealthKit or Google Fit data at any time through your device system settings (e.g., Settings > Privacy > Health on iOS, or Health Connect settings on Android).

4. Third-Party Services

We partner with secure third-party services to run our application:

• Firebase (Google LLC): Used for database storage, authentication, and Crashlytics analytics.
• RevenueCat: Used to manage and validate App Store and Google Play subscriptions.
• AI Service Providers: Anonymous user context is sent to secure language model servers (OpenAI, Anthropic, Gemini) for processing biohacking and coaching answers. All personal identifiers are stripped prior to transmission.

5. Data Encryption & AI Anonymization

We prioritize your privacy and implement industry-standard security protocols to protect your information:

• Data Encryption: All personal account data, fitness logs, and health-related metrics are encrypted in transit using secure HTTPS/TLS protocols and encrypted at rest in our databases using AES-256 encryption.
• AI Context Anonymization: When data is processed by artificial intelligence APIs (such as OpenAI, Anthropic, or Gemini) to generate personalized biohacking, sleep, or training feedback, all personal identifiers (including name, email address, and user ID) are completely stripped. The AI model receives only raw, anonymized context (e.g., 'male, 30 years old, 7 hours sleep, took zinc and magnesium').
• No Model Training: Our integrations with AI providers utilize secure enterprise APIs. Your processed data is processed in transient memory only, is not stored by AI providers, and is never used to train public or private AI models.

6. Data Retention & Deletion

We retain your account and workout history as long as your account is active. You can request the deletion of your account and all associated personal data at any time in two ways:

• Using the account deletion feature directly inside the App settings.
• By contacting us via email at entelix.group@gmail.com. We will process your deletion request and erase all personal and health-related data from our databases within 30 days.

7. Your GDPR & CCPA Data Rights

Depending on your location (such as the European Economic Area or California), you have specific rights regarding your personal data:

• Right to Access & Portability: You can request a copy of the personal data we hold about you.
• Right to Rectification: You have the right to request that we correct any inaccurate or incomplete information.
• Right to Erasure (Right to be Forgotten): You can request that we delete all your personal data.
• Right to Withdraw Consent: You can withdraw your consent to data processing (such as HealthKit integration) at any time through your device settings.

8. Children's Privacy

Phyze is not intended for use by children under the age of 13. We do not knowingly collect personal information from children under 13. If we discover that a child under 13 has provided us with personal info, we immediately delete this from our servers.

9. Changes to This Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by updating the date at the top of this page. We encourage you to review this Privacy Policy periodically.

10. Contact Us

If you have any questions or concerns about this Privacy Policy, please contact us at entelix.group@gmail.com.