Privacy Policy

Effective Date: April 2, 2026

1. Introduction

StatsKey ("StatsKey," "we," "us," or "our") operates a nutrition, fitness, and biometric tracking application. This Privacy Policy describes the information we collect, how we use and share it, and your choices. By using StatsKey you agree to the practices described here. If you do not agree, do not use the application.

2. Information We Collect

Account Information. Name (optional), email address, federated sign-in identifiers (Apple ID or Google), and an internal user ID.

Health & Fitness Data. Meals and nutrition entries, food photographs and text descriptions, exercise activities, durations, caloric estimates, weight and body metrics, custom goals, continuous glucose monitor (CGM) data, wellness logs, and — if you grant permission — Apple HealthKit data (including but not limited to energy, macronutrients, weight, heart rate, and workout data).

Location Data. If you enable location services, we collect GPS data during active workout recording to track route, distance, pace, and elevation. Background location access occurs only while a workout session is in progress and ceases when the session ends or is paused. We do not collect location data outside of workout recording.

Subscription & Transaction Data. Purchase history, subscription status, Apple receipt tokens, and limited device and application identifiers used for receipt validation and fraud prevention.

Device & Usage Data. Device model, operating system version, application version, feature usage patterns, and performance event data.

Diagnostics. Crash logs, error reports, and performance diagnostics.

Support Communications. Messages and attachments you send to our support channels.

3. How We Use Your Information

  • Service delivery: Account creation, authentication, data synchronization, and core application functionality.
  • AI-powered analysis: Processing food photographs and text descriptions through third-party AI services to generate nutritional estimates. These estimates are approximations only and should not be relied upon for medical, dietary, or clinical decisions.
  • Personalization: Tailoring recommendations and goals based on your profile and historical data.
  • Health integrations: Reading and/or writing HealthKit data strictly to power health and fitness features you explicitly enable.
  • Analytics and quality: Understanding feature usage, diagnosing errors, and improving application performance.
  • Security and fraud prevention: Validating purchases, preventing abuse, and protecting user accounts.
  • Communications: Sending service-related notices (e.g., subscription status changes, material changes to terms).

4. Apple HealthKit Disclosure

  • HealthKit data is used exclusively to provide or improve health and fitness features within the application.
  • HealthKit data is never used for marketing, advertising, or data brokering and is never sold to any party.
  • HealthKit data is not shared with third parties except as necessary to process it on your behalf to provide the service, and never for independent use by those parties.
  • You may revoke Health permissions at any time through Apple Health settings. Revocation stops new data flows but does not automatically delete previously stored data — see Section 10 ("Your Rights").

5. AI Processing

We transmit content you submit (e.g., meal photographs, text descriptions) to third-party AI processors — currently including Google (Gemini) and Anthropic (Claude) — to generate nutritional estimates and provide conversational features.

  • We do not send account identifiers, contact details, or other personal identifiers with this content.
  • AI-generated outputs are estimates and approximations. They may be inaccurate, incomplete, or incorrect. You should not rely on them for medical, clinical, or critical dietary decisions.
  • We do not opt in to having your data used to train third-party AI models. Providers may temporarily retain data for abuse prevention and diagnostics in accordance with their respective policies.
  • AI providers and the specific models used may change at any time without notice.

6. Third-Party Service Providers

We use the following categories of service providers to operate the application:

  • Firebase / Google Cloud Platform: Authentication, secure data storage, analytics, and crash reporting.
  • AI Providers (Google Gemini, Anthropic Claude): AI-powered food analysis, nutrition estimation, and conversational features.
  • Apple HealthKit: Optional health data synchronization with your explicit permission.
  • CGM Providers (Dexcom, Abbott, Nightscout): Optional continuous glucose monitor data integration with your explicit permission.
  • Nutrition data sources: Public or licensed databases to enrich nutritional information. We transmit only food context, not personal identifiers.

All processors are required to protect your information and use it only in accordance with our instructions and applicable law.

7. Data Sharing

  • No sale: We do not sell your personal data. We do not share data with third parties for cross-context behavioral advertising.
  • Service providers: Shared only as necessary to provide the application, subject to confidentiality and security obligations.
  • Legal compliance: We may disclose information if required by law, subpoena, court order, or governmental request, or if we believe in good faith that disclosure is necessary to protect rights, safety, or property.
  • Aggregated data: We may share non-identifiable, aggregated statistics that cannot reasonably be linked to any individual.
  • Business transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change.

8. Data Security

We employ encryption in transit (TLS) and at rest, access controls, least-privilege principles, and industry-standard security practices. However, no method of electronic transmission or storage is completely secure. We cannot and do not guarantee absolute security of your data. You use the application and transmit information at your own risk.

9. Data Retention

  • Account data: Retained while your account is active. Upon account deletion, we delete or de-identify associated personal data within 30 days, except where retention is required by law or for legitimate business purposes (e.g., fraud prevention, financial records).
  • Purchase records: Retained as required for financial, audit, and fraud-prevention obligations.
  • Analytics and diagnostics: Typically retained up to 24 months unless longer retention is required for security or legal compliance.
  • You may delete individual entries (meals, workouts, photos) within the application at any time.

10. Your Rights and Choices

Depending on your jurisdiction, you may have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate or incomplete data.
  • Delete your account and associated personal data.
  • Export your data in a common, machine-readable format.
  • Withdraw consent (e.g., HealthKit permissions, location services).
  • Opt out of non-essential analytics where available.

To exercise these rights, use in-app settings or contact us at the address below. We may need to verify your identity before processing a request and may decline requests where permitted by applicable law.

11. California Residents (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act and California Privacy Rights Act, including:

  • The right to know what personal information is collected, used, shared, or sold.
  • The right to delete personal information held by us.
  • The right to opt out of the sale or sharing of personal information. We do not sell personal information.
  • The right to non-discrimination for exercising your privacy rights.

12. EEA/UK Residents (GDPR)

Our legal bases for processing personal data include:

  • Contract: To provide the application and fulfill our agreement with you.
  • Consent: For HealthKit access, location services, and certain analytics.
  • Legitimate interests: Application safety, fraud prevention, quality improvement — balanced against your rights.
  • Legal obligation: Compliance with applicable laws.

We may process and store data in the United States and other countries. Where required, we use appropriate safeguards (e.g., Standard Contractual Clauses) for international transfers.

13. Children's Privacy

StatsKey is not directed to children under the age of 13. We do not knowingly collect personal data from children under 13. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

14. Camera & Photos

  • Camera access is used solely to capture meal photographs you choose to log.
  • Photographs are processed to identify foods and generate nutritional estimates.
  • Original photographs remain on your device unless you choose to synchronize them with the application.
  • We do not access your photo library without your explicit permission.

15. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you through the application or by other reasonable means. Your continued use of StatsKey after the effective date of any changes constitutes your acceptance of the updated policy.

16. Contact

If you have questions about this Privacy Policy or wish to exercise your rights:

Email: ryanws@statskeybiometrics.com