Privacy Policy

Last Updated: April 15, 2026

FitPanda ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your information when you use the FitPanda mobile application (the "App").

1. Interpretation and Definitions

Application refers to FitPanda, the iOS mobile application.

Personal Data means any information that relates to an identified or identifiable individual.

Service refers to the Application and all features provided through it.

You means the individual using the Service.

2. Information We Collect

We collect the following categories of information to provide and improve our Service:

Health and Fitness Information:

• Height, weight, age, and gender (provided during onboarding)
• Nutrition goals, calorie targets, and dietary preferences
• Food logs, meal entries, and water intake records
• Exercise and activity data
• Weight history and BMI tracking data
• Step count and active calories (from Apple Health, with your permission)

User-Generated Content:

• Photos of food (used for AI-based calorie estimation)
• Progress photos
• Scanned barcode data
• Nutrition label photos (processed for nutritional data extraction)

Device and Usage Data:

• Device type, operating system version
• App usage patterns and feature interactions
• Crash reports and performance data

3. How We Use Your Information

We use the information we collect to:

• Provide personalized calorie and nutrition tracking
• Generate custom meal plans based on your goals
• Analyze food photos using AI to estimate nutritional content
• Read nutrition labels from photographs
• Track your progress over time (weight, BMI, streaks, badges)
• Sync with Apple Health for step and activity data
• Improve the accuracy and quality of our Service

4. AI-Powered Food Analysis

When you use the food scanning feature, photos of your food are sent to a third-party AI service (Google Gemini) for analysis. These images are processed to identify food items and estimate nutritional values. The AI provider processes images according to their own privacy policy and does not use your images for model training.

5. Data Storage

Your data is stored both locally on your device and on our secure cloud servers hosted by Supabase (backed by Amazon Web Services). This means:

• Your food logs, weight history, profile data, and progress photos are stored locally on your device for offline access
• A copy of your data is synced to our secure cloud servers for backup, account recovery, and service improvement
• Food scan images and progress photos are uploaded to secure cloud storage
• Your data is protected by row-level security, ensuring only you can access your own data
• If you delete the app, your local data is removed. You may request deletion of your cloud data by contacting us

5a. How We May Use Your Data

We may use aggregated, anonymized data derived from user activity to:

• Improve the accuracy of our AI food recognition and nutritional estimates
• Analyze usage patterns to enhance app features and user experience
• Generate anonymized health and nutrition trend insights

We do not sell your personal data to third parties. However, in the event of a merger, acquisition, or sale of assets, your data may be transferred to the acquiring entity as part of the business transfer. We will notify you of any such change.

6. Third-Party Services

Our App integrates with the following third-party services:

• Supabase: For secure cloud data storage, user authentication, and file storage (hosted on AWS)
• Google Gemini: For AI-powered food photo analysis (food images only)
• Open Food Facts: For barcode-based food lookup (free, open-source database)
• USDA FoodData Central: For food nutrition search (U.S. government database)
• Apple HealthKit: For reading step count and active calories (with your explicit permission)
• RevenueCat: For subscription management and payment processing
• Apple App Store: For in-app purchase transactions

Each third-party service operates under its own privacy policy. We encourage you to review their policies.

7. Apple HealthKit

FitPanda requests access to HealthKit data including step count, active energy burned, and body mass. With your permission, FitPanda may also write weight and nutrition data to HealthKit so you can view all your health info in one place. HealthKit data is used solely within the App and for syncing with Apple Health. We do not share, sell, or transfer HealthKit data to any third party, including for advertising or marketing purposes, in compliance with Apple's HealthKit guidelines. HealthKit data is never uploaded to our cloud servers.

8. Subscription and Payment

Subscription purchases are processed through the Apple App Store and managed by RevenueCat. We do not collect or store your payment information (credit card numbers, billing addresses, etc.). All payment processing is handled by Apple and RevenueCat according to their respective privacy policies.

9. Data Retention

Your data is retained on our servers for as long as your account is active. Food logs older than 365 days may be automatically pruned from your device to maintain app performance, but cloud copies are retained. You can request deletion of all your data by contacting us at support@fitpanda.app, or by using the "Delete My Data" feature in Profile settings.

10. Children's Privacy

Our Service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If we become aware that we have collected personal data from a child under 13, we will take steps to delete that information promptly.

Users between 13 and 17 years of age may use the App with parental or guardian consent. We may limit how we collect, use, and store information of users between 13 and 17 years old. Parents and guardians are responsible for supervising their minor's use of the App.

11. Data Security

We take reasonable measures to protect your information. Your data benefits from iOS built-in security features including device encryption, Face ID/Touch ID protection, and app sandboxing. Cloud-stored data is protected by encryption in transit (TLS) and at rest, with row-level security ensuring only authenticated users can access their own data. Our cloud infrastructure is hosted on Amazon Web Services (AWS) via Supabase. However, no method of electronic storage is 100% secure.

12. Your Rights

You have the right to:

• Access your personal data (visible within the App at all times)
• Request a copy of your data stored on our servers
• Delete your personal data (by using "Delete My Data" in Profile settings, or by contacting us at support@fitpanda.app)
• Revoke HealthKit permissions (through iOS Settings > Privacy > Health)
• Cancel your subscription (through iOS Settings > Subscriptions)
• Opt out of data collection by discontinuing use of the App

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. You are advised to review this Privacy Policy periodically for any changes.

14. Contact Us

If you have any questions about this Privacy Policy, you can contact us:

• By email: support@fitpanda.app