Legal
Privacy Policy
Last updated: May 12, 2026
Effective date: May 12, 2026
1. Who we are
VoxFit ("we", "us") makes a voice-first iOS and watchOS fitness app. This policy explains what data the app collects, why, where it goes, and how to remove it. It applies to the VoxFit iPhone app, the VoxFit Watch companion app, and the website at vox-fit.com.
If you have questions, email support@vox-fit.com.
2. What we collect, why, and where it lives
We group data by where it is stored, because that is the question Apple App Review and most users actually care about.
2.1 Stays on your device only — never leaves your phone
- Apple Health raw samples. When you grant VoxFit Health permission, we read the categories listed in §3 below. We use these samples on-device to compute daily and weekly summaries. The raw samples are never sent to our servers, to Anthropic, or to any third party.
- Voice recordings. When you tap the mic button on iPhone or Apple Watch, audio is recorded locally and transcribed using Apple's on-device Speech framework. The audio file is deleted as soon as the transcript is produced.
- Watch audio clips in transit. A clip recorded on Apple Watch travels to your paired iPhone over Apple's WatchConnectivity (encrypted by iOS). It is transcribed on the phone, then deleted.
2.2 Stored on our backend (Supabase)
We use Supabase (PostgreSQL) hosted on AWS as our backend. Rows are scoped to your user ID and protected by Row-Level Security policies — only your account can read your own rows.
- Account info. Email, password hash (managed by Supabase Auth), display name, age, sex, height, weight, fitness goal mode (cut / maintain / bulk / custom), and (if custom) target weight and target date.
- Logged workouts and meals. What you spoke or typed into VoxFit, parsed into structured rows. We store the parsed rows, not the audio.
- Daily Health aggregates. One row per day per user with summary numbers (total active calories, average resting heart rate, weight midpoint, sleep minutes, etc.). Individual HealthKit samples are never stored here.
- Weekly coaching results. A personalized maintenance-calorie target (TDEE), a confidence band, a one-sentence explanation, and a flag if the target you've set is unusually aggressive.
- Subscription status. Whether you have an active subscription. Managed by RevenueCat (see §4).
2.3 Sent to Anthropic for processing
VoxFit uses Anthropic's Claude models for two narrow tasks:
- Voice parsing (Claude Haiku). When you speak a workout or meal, the transcript is sent to Anthropic to be turned into structured rows. The audio itself is never sent — only the transcript text.
- Weekly TDEE coaching (Claude Sonnet via the Batch API). Once per week, the daily aggregates from §2.2 are bundled into a JSON payload and submitted to Anthropic's Batch API. The payload contains your demographics (age, sex, height, current weight) and your weekly aggregate numbers — never raw HealthKit samples, never your name, email, or device IDs. Anthropic's data policy for Batch API requests is documented at anthropic.com/legal.
We do not train models on your data, and Anthropic does not train on inputs to its API.
2.4 Sent to other vendors
- Apple Push Notification service (APNs). Push-notification delivery (e.g., "Your maintenance calories were updated"). Your device push token is stored on our backend so we can address messages to your specific device; the notification payload itself contains no health data.
- RevenueCat. Subscription management and receipt validation. We send RevenueCat your user ID and your App Store transaction.
- Apple App Store / StoreKit. All purchases happen through Apple. We never see your payment details.
We do not use any advertising SDKs. We do not sell data. We do not share data with data brokers.
3. Apple HealthKit — exact data we read
We request read-only permission for the categories below. We do not write to HealthKit in this version. You can grant or revoke each category individually in iOS Settings → Health → Data Access & Devices → VoxFit.
| Category | Why we read it |
|---|
| Body Mass | TDEE calibration via observed weight change |
| Body Fat % | Lean-mass-aware calorie estimate when available |
| Lean Body Mass | Same |
| Body Mass Index | Trend display |
| Waist Circumference | Optional secondary trend signal |
| Active Energy Burned | Energy-balance equation input |
| Basal Energy Burned | Same |
| Dietary Energy Consumed | Cross-check against your VoxFit logs |
| Step Count | Activity-level signal |
| Walking + Running Distance | Same |
| Apple Stand Time | Same |
| Apple Exercise Time | Same |
| Workouts | Activity-level signal |
| Resting Heart Rate | Recovery signal |
| Heart Rate Variability (SDNN) | Recovery signal |
| Walking Heart Rate Average | Activity signal |
| Heart Rate Recovery (1 min) | Recovery signal |
| Sleep Analysis | Recovery signal for coaching |
| Dietary Protein / Carbohydrates / Fat | Cross-check macros against your VoxFit logs |
| Dietary Water | Hydration trend display |
Apple HealthKit promise
Per Apple's HealthKit guidelines, HealthKit data is never used for advertising, marketing, or any purpose other than providing the in-app fitness coaching features above. HealthKit data is never sold, shared with data brokers, or used to derive demographic profiles for third parties.
4. Subscriptions
VoxFit offers an auto-renewing subscription billed through Apple. Pricing and renewal terms are displayed inside the app before purchase. The subscription auto-renews unless cancelled at least 24 hours before the end of the current period. You can manage or cancel at any time in iOS Settings → [your name] → Subscriptions. RevenueCat acts as our subscription processor and stores the receipt; Apple processes the payment.
5. Data retention and deletion
- In-app deletion. Open Settings → Account → Delete Account. This removes every row associated with your account from our backend, including health aggregates and weekly coaching rows. Deletion is final and cannot be undone.
- HealthKit samples. Even if you delete your account, your HealthKit data remains in Apple's Health app on your device. To remove it, use Apple's Health app directly.
- Backups. Supabase performs encrypted, point-in-time backups for up to 7 days. Deleted rows are purged from backups within that window.
- Inactive accounts. Accounts inactive for 24 months are deleted automatically.
6. Children
VoxFit is not directed at children under 13 and is rated 17+ on the App Store due to references to fitness, nutrition, and weight tracking. We do not knowingly collect data from children. If you believe a child has signed up, email support@vox-fit.com and we will delete the account.
7. International users
VoxFit is operated from the United States. By using the app, you consent to your data being transferred to and stored in the U.S. We comply with applicable data-protection laws (GDPR, UK GDPR, CCPA). If you are in the EU/UK, you may request a copy of your data, correction of inaccurate data, or deletion by emailing support@vox-fit.com. We respond within 30 days.
8. Security
- All network requests use TLS 1.3.
- Backend access is gated by Supabase Row-Level Security policies — your user ID is the only key that unlocks your rows.
- Voice audio and HealthKit raw samples remain on-device.
- We do not store payment details; Apple handles all billing.
We will notify affected users by email within 72 hours of confirming any breach involving their data.
9. Changes to this policy
We will update this page when our practices change. Material changes (new categories of data, new vendors, change in retention) will be announced inside the app at least 14 days before they take effect. The "Last updated" date at the top of this policy reflects the most recent change.
10. Contact
Questions, deletion requests, or data exports: support@vox-fit.com.