BodyIQ Privacy Policy

Last Updated: August 25, 2025

Introduction

Welcome to BodyIQ, a comprehensive fitness and body analysis mobile application. This Privacy Policy explains how Meghraj Ranaware ("we," "us," or "our") collects, uses, protects, and shares your information when you use our BodyIQ mobile application ("App," "Service," or "Application").

We are committed to protecting your privacy and ensuring transparency in our data practices. By using BodyIQ, you agree to the collection and use of information in accordance with this policy.

Face Data and Body Image Collection - Apple App Store Compliance

What Face Data and Body Images Does BodyIQ Collect?

Face Data Collected:

Facial images captured through the app's camera functionality
Facial feature measurements and proportions for fitness analysis
Facial symmetry data for overall health assessment
Face-based body fat percentage estimates

Body Images Collected:

Biceps images for muscle tone analysis
Back images for posture and muscle symmetry assessment
Leg images for muscle development evaluation
Abdominal images for core strength analysis
Full body images for overall physique assessment

Complete Explanation of All Planned Uses of Face Data and Body Images

Primary Uses:

Fitness Analysis: Generate personalized fitness scores and body composition estimates
Progress Tracking: Monitor changes in facial features and body measurements over time
Health Insights: Provide recommendations for fitness improvements based on facial and body analysis
Comparison Features: Enable friend-to-friend comparisons and soulmate compatibility assessments (processed locally)
Statistical Generation: Create detailed fitness statistics and body composition reports

Third-Party Sharing and Data Storage Location

IMPORTANT CLARIFICATION: NO IMAGES ARE COLLECTED OR STORED BY BODYIQ SERVERS

Image Storage: All face data and body images are stored EXCLUSIVELY on the user's local device memory using Redux store
Server Storage: ZERO face data or body images are stored on our servers, databases, or cloud storage
Third-Party Sharing: Face data and body images are temporarily processed by Google Gemini AI for analysis purposes only, then immediately discarded
Google Gemini AI: Images are sent for temporary analysis only - Google does not store or retain these images
No Permanent External Storage: No face data or body images are permanently stored with any third-party service

Data Retention Period for Face Data and Body Images

Local Device Storage: Face data and body images remain on the user's device until the app is uninstalled or the user manually deletes the data
Server Retention: ZERO retention period - no face data or body images are stored on our servers
AI Processing Retention: Google Gemini AI processes images temporarily and immediately discards them after analysis (no retention)
User Control: Users have complete control over their face data and can delete all images at any time through the app

Data Collection Summary for Apple Compliance

What We Actually Collect and Store in Our Database:

Email addresses (via email/OTP verification)
Subscription status and payment information
In-app product purchase information and transaction records
User account preferences

What We DO NOT Collect or Store:

Face images (stored locally on user device only)
Body images (stored locally on user device only)
Biometric data (processed locally, not stored on servers)
Personal photos (remain on user device only)

Information We Collect

Personal Information You Provide

Account Information:

Email address (for account creation and OTP verification)
User ID (generated automatically)
Age and gender (for personalized analysis)
Profile preferences and settings

Authentication Methods:

Email + OTP Verification: Direct email registration with one-time password verification

Subscription and Purchase Data:

Subscription Services:

Subscription status and payment history
Weekly subscription preferences and settings
Subscription renewal and cancellation records
Free trial usage and scan count tracking

In-App Products:

Individual feature purchases (premium analysis, advanced comparisons, etc.)
One-time purchase transaction records
Product activation status and usage tracking
Purchase receipts and payment confirmations
Lifetime access purchases and their activation status

Payment Processing:

Transaction IDs and purchase timestamps
Payment method information (processed by RevenueCat)
Refund requests and processing status
Regional pricing and currency information

Body Analysis Data (Stored Locally ONLY):

Face images and facial feature analysis data
Biceps images and muscle tone measurements
Back images and posture/muscle symmetry data
Legs images and muscle development statistics
Abdominal (Packs) images and core strength analysis
Full body images and overall physique assessments
AI-generated fitness statistics and body composition estimates
Progress tracking data and historical measurements

CRITICAL NOTE: All body analysis data including face images are stored exclusively on the user's device and are never uploaded to or stored on our servers.

Comparison Feature Data (Processed Locally):

Friend comparison requests and results
Soulmate comparison data and compatibility scores
Shared comparison preferences and settings
Comparison history and saved results

Information Automatically Collected

Device and Usage Information:

Device IP address
Device type, model, and operating system
App usage patterns and feature interactions
Time spent on different app sections
Crash reports and error logs
Performance and diagnostic data

How We Use Your Information

Primary Purposes

Body Analysis and Assessment:

Analyze uploaded images using AI algorithms (powered by Google Gemini AI)
Generate fitness scores and body composition estimates
Provide personalized improvement recommendations
Track progress over time across all six body categories (stored locally on device)

Comparison Features:

Process friend-to-friend body analysis comparisons (locally processed)
Generate soulmate compatibility assessments (locally processed)
Create comparative statistics and visual reports (locally stored)
Store comparison results for future reference (in device memory only)

App Functionality:

Maintain your account and user profile (email and subscription/purchase data stored in database)
Send email confirmations and OTP verification codes (via Resend service)
Process subscription management and in-app product purchases (via RevenueCat)
Provide customer support and respond to inquiries
Improve app performance and user experience

Data Storage and Processing

Storage Infrastructure

Primary Database: Supabase (stores ONLY email addresses, subscription data, and in-app purchase information)
Image Storage: Local device memory via Redux store (NO cloud storage - all images remain on user's device)
Email Services: Resend for email confirmations and OTP verification
AI Processing: Google Gemini AI for image analysis (temporary processing only - no storage)
Payment Processing: RevenueCat for subscription and in-app product purchase handling

Data Processing Flow

Images captured and stored locally in Redux store on your device
Images temporarily sent to Google Gemini AI for analysis (not stored by Google)
AI analysis results returned and stored locally on your device
Original images remain only on your device (never uploaded to any server for storage)
Analysis results displayed in app interface
Only email addresses, subscription data, and in-app purchase information are stored in our Supabase database

            Local Data Storage
            All images and analysis data are stored locally on your device
No images are uploaded to or stored on our servers
Data persists only as long as the app is installed on your device
Uninstalling the app will permanently delete all locally stored data

        

Data Sharing and Disclosure

With Service Providers

We share limited data with trusted third-party service providers:

Supabase: Email address, subscription data, and in-app purchase information storage ONLY
RevenueCat: Subscription management, in-app product purchase processing, and payment handling
Google Gemini AI: Temporary image analysis processing (images not stored by Google)
Resend: Email delivery and OTP verification services
App Store Platforms: Google Play Services and Apple App Store

IMPORTANT: No face data or body images are shared with or stored by any service provider. Images are only temporarily processed by Google Gemini AI for analysis purposes.

Comparison Features

Friend Comparisons: Processed locally on your device with explicit consent from both parties
Data Isolation: Each user's data remains on their respective devices
Temporary Processing: Comparison data is processed locally and not shared externally

Legal Requirements

We may disclose your information when required by law, including:

Compliance with legal obligations or court orders
Protection of our rights and property
Investigation of fraud or security issues
Response to government requests or law enforcement

Note: Since images are stored locally, we cannot access or disclose image data unless required by law and with appropriate legal process directly from the user's device.

Data Retention Policy

Database-Stored Data

Email addresses: Retained while account is active plus 30 days after deletion
Subscription data: Retained for 7 years for tax and legal compliance
In-app purchase data: Retained for 7 years for tax and legal compliance
Free trial usage data: Retained while account is active plus 30 days after deletion
Account data: Retained while account is active plus 30 days after deletion

Locally Stored Data (Face Data and Body Images)

All images and analysis data: Retained until app is uninstalled or data is manually deleted by user
Face data retention: Stored on device only until user removes the app or clears data
Progress tracking: Available as long as app remains installed
Comparison results: Stored locally until manually deleted or app uninstalled
Zero server retention: No face data or body images are retained on any servers

Data Security

Technical Safeguards

Database Encryption: Email, subscription, and purchase data encrypted in transit and at rest
Local Storage Security: Data encrypted within Redux store on device
Access Controls: Limited access to database data by authorized personnel only
Regular Audits: Periodic security assessments and updates

AI Processing Security

Images sent to Google Gemini AI are processed temporarily
No permanent storage of images by AI service
Secure API connections with encryption
Immediate deletion after analysis completion

Local Data Security

Device-Based Security: Your images never leave your device except for temporary AI processing
Redux Store Encryption: Local data storage is secured within the app
No Cloud Backup: Images are not backed up to any cloud service
User Control: Complete control over local data deletion

Your Privacy Rights

Access and Control

View Your Data: Access email, subscription, and purchase information we have stored
Update Information: Correct or modify your email and account settings
Download Data: Export your email, subscription, and purchase data in a portable format
Delete Account: Permanently remove your account and data from our database
Local Data Control: Manage all images and analysis data through app settings

Communication Preferences

Email Notifications: Control what emails you receive
OTP Verification: Manage email-based authentication preferences
Push Notifications: Manage app notification settings
Marketing Communications: Opt out of promotional messages
Social Sharing: Control what data appears in shared content

Regional Privacy Rights

United States Residents (CCPA)

California residents have additional rights including:

Right to know what personal information is collected
Right to delete personal information
Right to opt-out of sale of personal information (we don't sell data)
Right to non-discrimination for exercising privacy rights

European Union/UK Residents (GDPR)

EU and UK residents have rights including:

Right of access to personal data
Right to rectification of inaccurate data
Right to erasure ("right to be forgotten")
Right to restrict processing
Right to data portability
Right to object to processing

Children's Privacy

BodyIQ is not intended for use by children under 13 years of age. We do not knowingly collect personal information from children under 13. If we become aware that a child under 13 has provided us with personal information, we will immediately delete such information from our servers.

Parents and guardians who believe their child has provided us with personal information should contact us immediately.

Third-Party Services

Our app integrates with several third-party services, each with their own privacy policies:

RevenueCat: Subscription management, in-app product purchase processing, and payment handling
Apple App Store / Google Play Store: Payment processing
Google Gemini AI: Temporary image analysis (images not stored)
Supabase: Email, subscription, and purchase data storage
Resend: Email communications and OTP verification

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

Posting the updated policy in the app
Sending an email notification to registered users
Displaying a prominent notice in the app

Your continued use of the app after any changes indicates your acceptance of the updated policy.

Data Breach Notification

In the unlikely event of a data breach that affects your personal information, we will:

Notify affected users within 72 hours of discovery
Provide details about what information was involved
Explain the steps we're taking to address the breach
Offer guidance on protective measures you can take

Note: Since images are stored locally on your device, they are not subject to server-based data breaches.

Contact Information

For questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us:

Email: meghraj.ranaware22@vit.edu
Developer: Meghraj Ranaware
App: BodyIQ

Response Time: We aim to respond to all privacy-related inquiries within 7 business days.

Compliance and Certifications

This Privacy Policy is designed to comply with:

General Data Protection Regulation (GDPR)
California Consumer Privacy Act (CCPA)
Children's Online Privacy Protection Act (COPPA)
Apple App Store Review Guidelines
Other applicable privacy laws and regulations

Effective Date: August 25, 2025