Privacy Policy

Last Updated: May 29, 2026

Welcome to the DoseDay GLP-1 Tracker mobile application (the "App"), operated by Fitura AI, LLC ("Fitura AI," "we," "us," or "our"), a Delaware limited liability company. We respect your privacy and are committed to protecting your information.

Overview

This Privacy Policy explains what information we collect, how we use it, and the choices you have. It applies to information collected when you use the App, related websites, and services (collectively, the "Services").

By using the App, you agree to this Policy. If you do not agree, please do not use the App.

Information We Collect

Account and Identifiers

Firebase Authentication identifiers, including UID and login provider, such as Sign in with Apple or anonymous session.
Sign in with Apple may provide a name and Apple relay email address, depending on the information you choose to share with Apple and the App.
Locally stored preferences and identifiers used to operate the App, such as onboarding status, selected region, notification settings, and analytics preferences.
Privacy-preserving analytics identifiers, such as a pseudonymous Mixpanel distinct ID, used only when analytics is enabled.

Usage and Device Data

Push device token, platform, bundle identifier, and derived region.
Device type, OS version, App version, and locale.
Crash diagnostics, such as crash traces, device type, OS version, and App version, where enabled. We do not attach health values, medication details, notes, report contents, or Apple Health data to crash reports.
Country/region inferred from device settings and network headers. We do not intentionally store raw IP addresses in App user records or analytics events, though service providers may process IP addresses transiently for security, routing, and abuse prevention.
Region assignment and migration history stored locally on your device.

Health and Fitness Data

Information you enter into the App, such as medication schedule, dose history, inventory, reminders, weight, symptoms or side effects, notes, protein, hydration, exercise, and related daily records.
If you choose to connect Apple Health, the App may read selected health and fitness data you authorize, such as activity, sleep, weight, body measurements, vitals, blood glucose, nutrition, hydration, mindfulness, and related trends.
Apple Health access is optional and controlled by you through iOS permissions and iOS Settings.
Health and fitness data is used to provide App features, display trends, support reports you generate, and, where enabled, provide AI-powered wellness tips.
We do not send raw Apple Health records, dose values, body weight values, notes, or symptom details to analytics providers.

App Events and Analytics

If analytics is enabled, we collect limited product interaction events, such as screens viewed, onboarding steps, subscription/paywall interactions, report export actions, and feature usage.
Analytics is OFF by default for EU-region users and can be enabled or disabled at any time in Settings → Privacy & Data.
Analytics events use pseudonymous identifiers and are processed through Mixpanel's EU API host.
We do not send health measurement data, medication dose values, body weight values, notes, side-effect details, report contents, names, email addresses, or Firebase UIDs to analytics providers.
When analytics is disabled, we stop analytics collection and request deletion of the associated analytics profile where supported.

Subscription and Billing

RevenueCat customer identifiers and subscription status.
Payment details are processed by Apple or Google. We do not store financial information.

AI-Generated Wellness Tips

When you use the Tips feature, we send a minimized summary of recent App data to our AI service provider through server-side Cloud Functions.
This summary may include recent protein, hydration, weight, activity, sleep, exercise, blood glucose, active energy, dose adherence, side-effect severity, medication name, inventory-low status, measurement system, and feedback on prior tips.
We do not send your name, email address, Firebase UID, device identifier, free-text notes, or full daily records to the AI provider.
Weight and other numeric values may be rounded, clamped, or otherwise minimized before processing.
Processing occurs server-side only through our Cloud Functions. The App does not communicate directly with the AI provider.
Our AI provider processes these requests according to its commercial/API terms. We do not permit the AI provider to use your data to train models.
Tip requests are rate-limited to prevent abuse and may be logged in your Firestore account for audit, feedback, and product functionality purposes.
AI-powered wellness tips are available with limited free daily generations. Pro subscribers receive a higher daily limit.

Support Communications

Messages and information you send through in-app chat, email, support forms, help articles, automated tools, AI-assisted tools, or other support channels.
Support metadata used to troubleshoot issues, such as account UID, region, platform, OS version, device model, app version, support session ID, correlation ID, and support interaction timestamps.
Support communications may be processed by our support providers and service providers to help us respond to requests, troubleshoot issues, maintain records, improve support quality, and send support-related notifications.
Support communications are retained up to 12 months after your last interaction and deleted within 30 days of account deletion or earlier upon verified request, where technically available through our support providers.

Reports and Exports

If you choose to generate reports or exports, the App may create files containing your medication schedule, dose history, notes, symptoms or side effects, health trends, Apple Health-derived data, and daily records.
Reports and exports are generated at your request and shared only through the sharing options you choose.
We do not automatically send generated reports to healthcare providers, insurers, analytics providers, or other third parties.
You are responsible for reviewing reports and exports before sharing them.

How We Use Information

We use data to:

Provide and improve the App's core functionality.
Manage accounts, subscriptions, and entitlements.
Provide customer support, respond to requests, troubleshoot issues, and send support-related communications.
Deliver reminders, notifications, and region routing.
Generate AI-powered wellness tips based on recent App data and, where enabled, Apple Health-derived data (free tier includes a limited daily allowance; Pro subscribers receive a higher daily limit).
Perform analytics for feature improvement (if enabled).
Prevent abuse, fraud, and maintain security.
Comply with legal and contractual obligations.

We do not sell your information.

No Sale or Advertising Tracking

We do not sell your personal information. We do not use your health data, Apple Health data, medication records, notes, reports, or AI tip data for advertising, marketing profiling, or data broker purposes.

Lawful Bases (GDPR/UK GDPR)

We process data under the following lawful bases:

Contract: to provide the App and services you request.
Legitimate Interest: to maintain and secure the App, diagnose crashes, detect fraud, and improve performance, while minimizing the data used for those purposes.
Consent: for optional analytics and notifications. You can withdraw consent in Settings → Privacy & Data.

Data Sharing and Processors

We share data only with service providers under contractual obligations:

Provider	Purpose
Firebase (Google)	Authentication, database storage, Cloud Functions, push notifications, Remote Config, and Crashlytics diagnostics where enabled. EU-region data is routed to EU infrastructure where supported by the App's regional configuration.
Mixpanel	Privacy-preserving product analytics using pseudonymous identifiers. Analytics is off by default for EU-region users and can be disabled in Settings → Privacy & Data.
RevenueCat	Subscription management
Crisp and support service providers	In-app support chat, email or other support communications, support session metadata, troubleshooting, support notifications, and related support operations.
Apple / Google	App store payments and sign‑in
Anthropic	AI-generated wellness tips. Receives minimized health summaries without direct identifiers through server-side Cloud Functions only. We do not send name, email address, Firebase UID, device identifier, free-text notes, or full daily records to Anthropic.

Crash diagnostics may be collected through Firebase Crashlytics in supported builds. We use crash diagnostics to maintain app reliability and security. We do not attach names, email addresses, health values, medication details, notes, report contents, or Apple Health data to crash reports. Crash diagnostics collection may vary by region and build configuration.

International Transfers and Safeguards

We may process information in the United States, the European Economic Area, and other locations where we or our service providers operate. Where personal data is transferred internationally, we rely on appropriate safeguards such as Standard Contractual Clauses, Data Processing Addenda, provider-specific regional processing commitments, or other lawful transfer mechanisms made available by our processors, including Google/Firebase, Mixpanel, RevenueCat, Crisp and support service providers, Anthropic, Apple, and Google.

Data Retention

Data Type	Retention
User data (Firestore)	Retained while your account is active; deleted when you use "Delete My Data" or "Delete My Account," subject to limited operational logs and legal obligations.
Locally stored App data	Stored on your device to operate the App, including preferences, cache, onboarding state, selected region, and AI tip cache. Cleared when you use deletion controls where applicable.
Push device records	Updated with new registrations; deleted upon account deletion, token invalidation, or when no longer needed for notification delivery.
Support communications	Retained up to 12 months after last interaction; deleted within 30 days after account deletion or upon verified request, where technically available through our support providers.
Analytics	Analytics profiles are deleted when you disable analytics or delete your account, where supported by the analytics provider.
Region migration metadata	Stored in your Firestore account and on your device as needed to route your data and prevent migration loss; deleted when you delete your account or data, except where needed for legal or operational records.
AI tip audit logs	Stored in your Firestore account for App functionality, rate limiting, feedback, and audit purposes; deleted when you delete your account or data.
Reports and exports	Generated on your device or through App functionality at your request. We do not automatically send generated reports to third parties. Copies you share are controlled by the destination you choose.

User Controls and Rights

You may have rights under GDPR and other laws, including:

Access, correction, deletion ("right to be forgotten")
Restriction or objection to processing
Data portability
Withdrawal of consent (analytics, notifications)

To exercise these rights, contact privacy@fitura.ai with "Data Subject Request" in the subject line. Verification may be required.

You may also use in-app controls to delete your App data, delete your account, manage analytics, manage notifications, and control Apple Health permissions through iOS Settings.

International Data Routing and Regional Data Residency

How Your Region is Determined

The App uses a single global build that routes your data to either EU or US infrastructure at runtime based on:

Initial Assignment: When you first use the App, your region is automatically determined based on your device's country code and stored locally on your device.
Persistent Storage: Your region preference is saved in iOS Keychain and persists across app updates and device restarts.
Account Binding: When you sign in with Apple, your region becomes associated with your account and remains consistent across devices.

Data Storage Locations

EU Region Users: App data is routed to EU regional infrastructure where supported, including Firebase Firestore in the EU multi-region and Cloud Functions in an EU region.
US Region Users: App data is routed to US regional infrastructure where supported, including Firebase Firestore in the US multi-region and Cloud Functions in a US region.
Some service providers, such as subscription, analytics, support, AI, app store, or diagnostic providers, may process data in other regions subject to their contractual safeguards and regional processing options.

Region Switching and Migration

Your assigned region is sticky and does not change automatically. We do not move your data based on travel or location changes.
If you need to change your data region, you must contact support at privacy@fitura.ai.
Region switches involve a one-time data migration that copies your data from one regional infrastructure to another. This process is logged with metadata including source region, destination region, and migration timestamp.
After migration, the original data may be flagged for deletion in the source region.

EU Region Privacy Enhancements

Crashlytics (Diagnostic Service): Crash diagnostics may be collected in supported builds to maintain reliability and security. We do not attach names, email addresses, health values, medication details, notes, report contents, or Apple Health data to crash reports. Crash diagnostics collection may vary by region and build configuration.
Analytics Default: Analytics is OFF by default for EU region users and can only be enabled through explicit opt-in in Settings → Privacy & Data.
Data Processing: EU users' analytics data is processed through Mixpanel's EU API endpoint.

Migration Metadata

If you switch regions, we store limited metadata to ensure data integrity:

A region_eu document in your Firestore account containing: pinned status, migration timestamp, source/destination regions, and source/destination user IDs.
Local identifiers on your device to track migration history and prevent data loss during account upgrades.
This metadata is deleted when you delete your account or data.

Security

We use encryption in transit, Firebase security rules, and access controls. While we take reasonable precautions, no security system is infallible.

Children's Privacy

The App is not directed to children under 13 in the U.S. or under 16 in the EEA. We do not knowingly collect data from children below these ages.

Changes to this Policy

We may update this Policy periodically. Material changes will be communicated via in‑app notice or email. The "Last Updated" date reflects the latest revision.

Contact

Questions or privacy inquiries:
Email: privacy@fitura.ai

See our Terms of Use.