AdaptaFit Privacy Policy

Effective date: 2026-05-10

This Privacy Policy explains what information AdaptaFit (“the App”) collects from you, how we use it, and what choices you have. The App is operated by Dual Core Interactive LLC (“we,” “us,” or “our”).

We’ve structured this policy around what actually happens when you use AdaptaFit. The short version: most of your data stays on your device. We send a minimal, targeted subset to our backend and to AI providers solely to generate personalized workout plans. We do not sell your data and we do not share it with advertisers.

1. Data we collect

1.1 On-device only (we never receive this)

The following data is stored locally on your iPhone or iPad and is not transmitted to our servers:

Completed workout logs (sets, reps, weights, RPE, notes)
Cardio session logs (duration, average and max heart rate, RPE)
Body weight history (logged manually or read from Apple HealthKit)
Streak history and achievements
App preferences (warm-up toggle, calendar colors, units, etc.)
Coaching notes you write after sessions

These remain on your device unless you choose to back them up via your standard iCloud device backup.

1.2 Data used for plan generation

When you generate, regenerate, or adapt a plan, we send a sanitized snapshot of your profile to our backend, which then sends a derived prompt to a third-party AI provider (currently OpenAI or Anthropic). This snapshot includes:

Age, height, weight, and gender (from your profile)
Goal, experience level, and weekly schedule preferences
Available equipment and training location
Days per week, session durations, plan length
Free-text inputs you’ve provided (injuries, additional notes, muscle priorities)
Limited training context (a count of recent completed sessions for adaptation, NOT individual set logs)

Free-text fields are pre-processed to strip obvious personal identifiers before being sent. We do not transmit your name, email address, phone number, or precise location.

1.3 Apple HealthKit data

If you grant HealthKit permission:

The App reads your latest body weight from HealthKit to prefill the body weight tracker
The Apple Watch app reads live heart rate during cardio sessions to color the heart-rate zone indicator and persist average / max readings to your local cardio log

We do not write any HealthKit data, and HealthKit data never leaves your device.

1.4 Subscription data

When you subscribe to AdaptaFit Pro:

Apple’s StoreKit issues a signed transaction (a “JWS”). The App forwards this to our backend so we can verify your subscription tier without trusting the client. The JWS contains your subscription product, expiration, and Apple-internal identifiers — no name, email, or payment information.
Apple separately handles all billing. We do not see your payment method, billing address, or full Apple ID.

1.5 Device identifier

The App generates a random UUID once per install and stores it in your device’s secure Keychain. This identifier (sent in an X-Device-ID HTTP header) lets our backend enforce per-device rate limits — preventing a single device from exhausting our AI infrastructure.

The UUID is not tied to any personal information. It survives reinstalls of the App on the same device but does not follow you to a new device. We do not use it for advertising or tracking across other apps.

1.6 Analytics

We do not currently use third-party analytics SDKs (Google Analytics, Firebase, Amplitude, Mixpanel, etc.). Anonymous server-side request logs are retained for short periods (~30 days) for debugging and abuse prevention.

1.7 Crash reports

Apple may collect crash diagnostics and share them with us through standard App Store mechanisms if you opt in via iOS Settings → Privacy & Security → Analytics & Improvements. These reports include technical info (device model, iOS version, stack traces) and do not include your personal data unless it’s incidentally captured in a stack frame, which is uncommon.

2. How we use data

We use the data described above to:

Generate, regenerate, or adapt your workout plan
Verify your subscription tier and enforce rate limits
Diagnose bugs, performance issues, and abuse
Comply with legal obligations (taxes, applicable consumer protection laws)

We do not use your data for:

Targeted advertising or ad networks
Selling to third parties
Building cross-app behavioral profiles
Training third-party AI models without your consent (see Section 3)

Service	Purpose	What we send
Apple	App Store distribution, StoreKit subscriptions, HealthKit	Subject to Apple’s Privacy Policy
OpenAI and/or Anthropic	AI plan generation	Sanitized profile snapshot + plan request prompt
Cloudflare	Exercise demo video CDN	Standard request metadata (IP, user agent) when streaming videos
Railway	Backend hosting infrastructure	Same data the backend processes

OpenAI and Anthropic each have their own data handling policies. As of this Effective Date, neither uses requests sent through their API for training without explicit opt-in. We do not opt in. You may also wish to review their respective privacy policies before continuing to use AdaptaFit.

4. Data retention

On-device data: retained until you delete the App or clear it through iOS Settings.
Backend logs: retained for approximately 30 days for debugging and abuse prevention, then automatically rotated.
Rate-limit counters: retained on a daily and monthly rolling window in our cache (Redis), automatically expired when the window passes.
Subscription verification cache: verified tier results are cached for 15 minutes, then re-verified.
Onboarding bypass flag: retained indefinitely per device UUID so you cannot abuse the “first plan free” allowance by spamming the endpoint. This flag does not contain personal data.

5. Security

We use industry-standard practices to protect your data:

All network traffic uses HTTPS / TLS 1.2+
Subscription verification uses cryptographic JWS validation against Apple’s published certificate chain
The Keychain UUID is stored in iOS’s hardware-backed secure storage
Our backend is hosted on Railway with managed infrastructure isolation

No system is perfectly secure. If we become aware of a data breach affecting your information, we will notify you in accordance with applicable law.

6. Your rights

Depending on where you live, you may have rights including:

Access: request a copy of any data we hold about you (most of which is on your device anyway and accessible through the App)
Deletion: request deletion of any data we hold. You can delete the local data by uninstalling the App; for any backend-side data tied to your device UUID, contact us
Portability: request data in a machine-readable format
Objection / restriction: request that we stop processing your data in certain ways
Withdraw consent: revoke previously-granted permissions (HealthKit, etc.) via iOS Settings at any time

To exercise any of these rights, contact us at aidan@dualcore-int.com. We will respond within 30 days.

If you are a California, EU, UK, or similar-jurisdiction resident, you have additional specific rights. We honor these rights regardless of where you live.

We do not “sell” personal information as defined under California law, and we do not engage in cross-context behavioral advertising.

7. Children’s privacy

AdaptaFit is not directed at children under 13. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us information, contact us and we will delete it.

Users between 13 and 18 (or the age of majority where they live) should use the App only with the involvement of a parent or guardian.

8. International users

AdaptaFit’s backend is hosted in the United States. If you use the App from outside the US, your information will be transferred to and processed in the US. By using the App, you consent to this transfer.

9. Changes to this Policy

We may update this Privacy Policy from time to time. The “Effective date” at the top of this page reflects the most recent version. For material changes, we will make reasonable efforts to notify you within the App.

10. Contact

If you have questions about this Privacy Policy or want to exercise your rights, contact us at:

Email: aidan@dualcore-int.com Mailing address: Dual Core Interactive LLC, [ADDRESS — optional but recommended for transparency]

Last updated: 2026-05-10