Privacy Policy

Last updated: April 4, 2026

1. Overview

Trift ("we", "our", "the app") is a fitness tracking application. We are committed to protecting your privacy. This policy explains what data we collect, how we use it, and your rights.

2. Data We Collect

2.1 Health & Fitness Data (Stored Locally)

All fitness data is stored locally on your device using SQLite. This includes:

• Body measurements (weight, height, body fat, waist, chest, arm, thigh, hip circumference)
• Food logs (meals, calories, macronutrients)
• Workout logs (exercises, sets, reps, weight)
• Progress photos
• Daily check-ins (mood, energy, sleep ratings)
• Goals and preferences

2.2 Apple HealthKit Data

With your permission, Trift reads and writes data from Apple Health:

• Reads: Steps, active energy burned, and weight
• Writes: Weight logs, food calories, and workouts

HealthKit data is used solely to display on your dashboard and keep your logs in sync. We never share HealthKit data with third parties or use it for advertising.

2.3 Cloud Sync (Optional)

If you enable cloud sync, your fitness data is synced to Supabase (our cloud provider) under an anonymous account. No email or personal identity is required. A recovery code is provided so you can restore data on a new device.

Synced data includes: profile, weight logs, food logs, exercise logs, routines, achievements, and progress photos.

2.4 AI Coach (OpenAI)

The AI Coach feature uses OpenAI's API. You provide your own OpenAI API key, which is stored securely on your device using the system keychain (expo-secure-store). Trift does not have access to your OpenAI account.

When you use AI features (food photo analysis, meal suggestions, coaching chat), your fitness context is sent to OpenAI to generate responses. We do not store these conversations on our servers.

2.5 Analytics

We use PostHog (EU-hosted) for anonymous usage analytics. We track:

• Feature usage events (e.g., "workout started", "meal logged") without the content of your data
• Screen views
• App lifecycle events

Analytics data is associated with an anonymous user ID. We do not track your name, email, location, or any personally identifiable information.

2.6 Photos

Meal photos and progress photos are stored locally on your device. If cloud sync is enabled, photos may be uploaded to our secure storage (Supabase Storage). Photos are only accessible to your account.

3. How We Use Your Data

• To provide the core fitness tracking experience
• To generate AI-powered recommendations and meal suggestions
• To sync data across your devices (if enabled)
• To improve the app based on anonymous usage patterns

4. Data Sharing

We do not sell, rent, or share your personal data with third parties for advertising or marketing purposes. Data is only shared with:

• OpenAI — when you use AI features (via your own API key)
• Supabase — for cloud sync (if enabled), governed by their privacy policy
• PostHog — anonymous usage analytics only
• RevenueCat — subscription management (purchase data only)

5. Data Storage & Security

Your fitness data is stored locally on your device by default. Cloud-synced data is stored in Supabase's secure infrastructure. Your OpenAI API key is stored in the iOS Keychain via expo-secure-store, never in plain text or transmitted to our servers.

6. Data Deletion

You can delete all your data at any time by signing out of the app (Profile > Sign Out). This permanently removes all local data from your device. If cloud sync was enabled, you can request deletion of cloud data by contacting us at support@trift.co.in.

7. Children's Privacy

Trift is not intended for children under 13. We do not knowingly collect data from children under 13.

8. Changes to This Policy

We may update this policy from time to time. The "Last updated" date at the top will reflect the most recent revision. Continued use of the app after changes constitutes acceptance.

9. Contact Us

If you have questions about this privacy policy or your data, contact us at support@trift.co.in.