1. Introduction
Adelyons Software LLC ("we," "our," or "us") operates the Axis mobile application (the "App"), a fitness and body composition tracking platform powered by AI vision analysis. This Privacy Policy explains how we collect, process, store, and protect your personal data.
Our Privacy Commitment: Your body composition data is sensitive and personal. Axis is designed to keep your photos, measurements, and fitness data on your device. We minimize data transmission and never sell or share your information with third parties.
2. Information We Collect
What We Collect:
- Body Composition Photos: Images you capture for body scanning. Photos are analyzed locally by Google Generative AI (Gemini 1.5 Flash) for body fat estimation and measurements. You control whether to save these photos.
- Measurement Data: Estimated body fat %, neck, chest, waist, thigh, bicep, forearm measurements, and timestamps.
- Nutrition Scans: Optional food photos analyzed for calorie, protein, carb, and fat content.
- Workout Data: If you sync with Hevy, we retrieve your workout history, exercise names, sets, reps, and weight data.
- User Profile: Optional name, age, gender, height, and baseline weight (used for accuracy calibration).
What We DO NOT Collect:
- Location data or GPS coordinates
- Device identifiers (IDFA, GAID) for advertising or tracking
- Behavioral analytics or app usage telemetry
- Contact lists, call logs, or other personal files
- Your Hevy password (we request only OAuth token for API access)
- Biometric data beyond what you voluntarily enter (age, gender, weight)
3. How We Use Your Data
- To Provide AI Analysis: Body and food photos are sent to Google Generative AI API for vision analysis. Results are stored locally; images are not persisted on Google's servers beyond the API call.
- To Sync Fitness Data: Hevy workout data is retrieved via API and cached locally on your device. This enables your unified dashboard.
- To Display Analytics: Measurements are used to generate trend graphs, symmetry comparisons, and body composition insights.
- To Improve the App: Optional crash reporting sends anonymized error logs (no personal data) to help us fix bugs.
- No Advertising: Your data is never used for targeted ads or behavioral profiling.
- No Commercial Sharing: We never sell your measurements, photos, or fitness data to gyms, coaches, insurers, or health platforms.
4. Data Storage & Security
- Local-First Architecture: All body composition data, photos, and measurements are encrypted and stored in SQLite on your device. This data never leaves your phone except when explicitly requested (e.g., Hevy sync).
- Encryption at Rest: SQLite database uses AES encryption for data at rest. Camera photos are stored encrypted in app-sandboxed directories.
- AI Vision Processing: When you analyze a body or food photo, the image is sent to Google Generative AI (Gemini 1.5 Flash) API over HTTPS. This API call does not cache or persist your images. See Google's AI Privacy Policy for details.
- Hevy Integration: OAuth token is securely stored (encrypted). API calls to Hevy use HTTPS. Your Hevy password is never requested or stored.
- No Central Database: Adelyons does not operate servers that store your measurement data. You are the sole owner and custodian of your body composition history.
🔐 Important: Your body photos and measurements stay on your device. Axis does not maintain a server-side database of user body composition data. Only you can access your measurements.
5. Third-Party Services & Data Sharing
Google Generative AI (Gemini API):
- What's Shared: Photos you choose to analyze for body/food composition.
- Purpose: Vision-based analysis (body fat estimation, measurement extraction, food nutrition recognition).
- Data Retention: Google does not persistently store images sent to their API. See Google's Gemini API Data Privacy.
- Opt-Out: You can perform all tracking locally without using AI features (though accuracy may be reduced).
Hevy API:
- What's Shared: Your Hevy OAuth token (no password). When you sync, we fetch your workout history, exercise data, and training volume.
- Purpose: To display your recent Hevy sessions and training volume in the Axis dashboard.
- Hevy's Privacy: Hevy data is governed by Hevy's Privacy Policy.
- Optional Feature: Hevy sync is entirely optional. Axis works fully offline without a Hevy account.
Google Play Services:
- Required for Google Play app distribution. Uses basic Play Services functionality (no Play Analytics or Admob).
No Other Data Sharing:
- We do not share measurement data with Facebook SDK, health platforms (Apple HealthKit, Google Fit), or advertising networks.
- We do not sell or rent your data to fitness companies, nutritionists, or insurance providers.
6. Permissions & Why We Need Them
- Camera: To capture body and food photos for AI analysis. Only activated when you press "Scan."
- Storage: To save analyzed photos and measurement data to your device's local database.
- Internet: To send photos to Google Generative AI API and fetch Hevy workout data.
- No Background Activity: Axis does not access camera, location, or collect data when closed or in the background.
7. Data Retention & Deletion
- Local Deletion: Delete individual scans, measurements, or photos directly in the app with one tap. Deleted data is immediately removed from your device's database.
- Full Profile Deletion: Delete your entire profile and all associated data. This action is permanent.
- App Uninstall: Uninstalling Axis deletes all local data from your device. Adelyons has no backup copy of your data.
- Hevy Data: If you disconnect your Hevy account, Axis clears the cached workout data from your device but does not affect your Hevy account.
- No Archival: Adelyons does not retain archived copies of deleted data.
8. Your Privacy Rights
- Data Access: You can export all your measurement data from within the app (CSV format).
- Data Deletion: Delete your profile and data at any time. No permission required, no waiting period.
- Opt-Out of AI: Use manual entry for measurements instead of AI photo analysis.
- No Tracking Opt-Out Needed: Axis does not use advertising networks or behavioral tracking—there's nothing to opt out of.
9. Children's Privacy (COPPA Compliance)
Axis is designed for fitness enthusiasts of all ages, including minors. We comply with the Children's Online Privacy Protection Act (COPPA):
- For users under 13: We require verifiable parental consent before collecting profile data (age, gender).
- Functional data (measurements) is collected only with parental authorization.
- No behavioral tracking or marketing to minors.
- Parents can review, modify, or delete their child's profile data at any time.
10. International Privacy Laws
GDPR (EU/EEA Users):
- Data Processing: Since most data is stored locally on your device, traditional GDPR processing rules have limited scope. However, we respect your rights under GDPR.
- Your Rights: You can request access to data we hold (limited), delete data anytime, and object to AI processing.
- Legal Basis: Consent (for profile data), legitimate interest (improving the app), and contractual necessity (providing the service).
- Data Transfer: Images sent to Google Generative AI API are transferred to the US. By using Axis, you consent to this transfer.
California Consumer Privacy Act (CCPA):
- Right to Know: You can request what data we collect (limited, mostly local).
- Right to Delete: Delete your profile and all data from Axis anytime in-app.
- Right to Opt-Out of Sales: Axis does not sell personal information, so this right is not applicable.
Other Jurisdictions:
- Axis complies with privacy laws in all jurisdictions where it operates. Contact us with questions about your local privacy rights.
11. Security & Breach Notification
- Encryption: All data is encrypted at rest (AES-256) and in transit (TLS 1.2+).
- No Cloud Backups (Default): Your data stays on your device by default. Optional Supabase sync (when available) will be encrypted end-to-end.
- Vulnerability Disclosure: If you discover a security flaw, email security@adelyons.com. We commit to responding within 48 hours and will credit you if appropriate.
- Breach Notification: If we discover unauthorized access to data we hold (rare, given local-first design), we will notify you within 30 days.
12. Policy Updates
We may update this Privacy Policy as we improve features or comply with new regulations. Material changes will be communicated via app notification. Your continued use of Axis after updates constitutes acceptance of the revised policy.
13. Contact Us
Questions about your data or our privacy practices? Reach out:
Adelyons Software LLC
Email: dev@adelyons.com
Contact Form: adelyons.com
Your Body, Your Data, Your Control
- ✅ Local First: Measurements stay on your device
- ✅ Encrypted: All data encrypted at rest and in transit
- ✅ No Selling: Your body composition data is never sold
- ✅ Easy Deletion: One-tap permanent data removal
- ✅ Optional AI: Use manual entry if you prefer not to share photos
- ✅ No Ads: Zero advertising, zero behavioral tracking