Privacy Policy

Last updated: March 16, 2026

EchoFit ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your information when you use our application.

1. Information We Collect

Account Information: Email address and password (or Google OAuth token) when you create an account.

Profile Information: Display name, age, gender, height, body weight, experience level, and fitness goals — provided voluntarily to personalize your experience.

Workout Data: Exercise names, sets, reps, weights, duration, and dates that you log via voice or manual entry.

Voice Data: Audio recordings are processed in real-time for speech-to-text conversion. We do not store audio recordings. Only the resulting text transcript is saved.

Usage Data: Interaction logs (timestamps, feature usage) collected to improve the app experience. No personally identifiable information is included.

2. How We Use Your Information

Provide and personalize the EchoFit service
Generate training insights, strength standards, and recovery recommendations
Send weekly email intelligence reports (opt-in only)
Improve voice recognition accuracy and app reliability
Prevent abuse and enforce rate limits

3. Data Storage & Security

Your data is stored securely on Supabase (hosted on AWS) with:

Row Level Security (RLS): You can only access your own data
PII Encryption: Sensitive fields (age, gender, height) are encrypted at rest using pgcrypto
HTTPS: All data in transit is encrypted via TLS
Rate Limiting: Protects against unauthorized access and abuse

4. Third-Party Services

We use the following third-party services:

OpenAI Whisper: Speech-to-text conversion (audio is processed and discarded — not stored by OpenAI per our API agreement)
Google Gemini: AI workout extraction and coaching (text only — no PII sent)
Sentry: Error monitoring (no PII collected — sendDefaultPii is disabled)
Resend: Email delivery for weekly reports
Supabase: Database and authentication

5. Data Retention

We retain your data for as long as your account is active. You can:

Export your data at any time via Settings → Export CSV
Delete your account and all associated data by contacting us
Clear local data via Settings → Clear All Data

Interaction logs older than 90 days are automatically purged.

6. Your Rights

You have the right to:

Access your personal data
Correct inaccurate data via your profile settings
Delete your data and account
Export your workout history
Opt out of marketing emails

7. Children's Privacy

EchoFit is not intended for children under 13. We do not knowingly collect information from children under 13.

8. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via email or in-app notification.

9. Contact Us

If you have questions about this Privacy Policy, contact us at:
ahmad@echofit.app