Privacy Policy

1. Introduction

Chiseled ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you download or use the Chiseled mobile application ("App") and visit getchiseled.app ("Site"). Please read this policy carefully. If you disagree with its terms, please discontinue use of the App immediately.

This policy complies with applicable privacy laws including the California Consumer Privacy Act (CCPA), the General Data Protection Regulation (GDPR) where applicable, and Apple's App Store privacy requirements.

2. Information We Collect

We collect the following categories of personal information:

2a. Information You Provide Directly

• Account credentials: email address and password (hashed)
• Profile data: name (optional), date of birth, gender
• Body stats: height, weight, body fat percentage (if provided)
• Fitness goals: target weight, goal type (cut / bulk / recomp / maintain)
• Activity data: training frequency, activity level
• Food logs: meal names, quantities, and photos you choose to log
• Weight logs: weigh-in entries and progress notes
• Communications: emails or messages you send to our support team

2b. Information Collected Automatically

• Device identifiers: device model, OS version, unique device ID
• App usage data: features accessed, session duration, crash reports
• IP address and general location (country/region level only)
• Push notification tokens (if you enable notifications)

2c. Health & Fitness Data (with your explicit permission)

• Step count and active calorie burn from Apple Health
• Workout data if you grant HealthKit access

Apple Health data is processed on-device to calculate your adjusted daily calorie budget. Raw HealthKit data is never transmitted to or stored on our servers.

3. How We Use Your Information

We use your personal information only for the following purposes:

• Service delivery: Calculate your TDEE, macro targets, calorie budgets, and progress metrics
• AI food analysis: Process meal photos to estimate calories and macronutrients
• Account management: Create and maintain your user account
• Notifications: Send daily reminders and progress alerts (only if you enable them)
• Customer support: Respond to your inquiries and troubleshoot issues
• App improvement: Analyze anonymized, aggregated usage patterns to improve features
• Billing: Process subscription payments via Apple App Store (we never handle payment data directly)
• Legal compliance: Comply with applicable laws and enforce our Terms of Service

We do not sell, rent, or trade your personal data to any third party. Ever.

4. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), our legal bases for processing your personal data are:

• Contract performance: Processing necessary to provide the App services you requested
• Legitimate interests: App security, fraud prevention, and product improvement
• Consent: Processing health data, sending push notifications, and optional analytics
• Legal obligation: Compliance with applicable laws and regulations

5. Data Sharing & Disclosure

We may share your information only in the following limited circumstances:

• Service providers: Third-party vendors who help operate our infrastructure (cloud hosting, analytics, crash reporting) under strict confidentiality agreements and only to the extent necessary
• Apple App Store: Subscription and billing information is governed by Apple's Privacy Policy
• Legal requirements: If required by law, court order, or governmental authority
• Business transfers: In the event of a merger, acquisition, or asset sale, your data may be transferred — we will notify you before this occurs and you will have the option to delete your account
• Safety: To protect the rights, property, or safety of Chiseled, our users, or others

6. Data Retention

We retain your personal data for as long as your account is active or as needed to provide services. Specifically:

• Account data is retained until you request deletion
• Food log photos used for AI analysis are deleted from our servers within 24 hours of processing
• Anonymized, aggregated analytics data may be retained indefinitely
• Support communications are retained for 3 years for quality and legal purposes
• After account deletion, all personal data is purged within 30 days, except where retention is required by law

7. Data Security

We implement industry-standard technical and organizational security measures to protect your personal information, including:

• AES-256 encryption at rest for all stored personal data
• TLS 1.2+ encryption in transit for all data transmissions
• Password hashing using bcrypt with a strong salt
• Access controls limiting employee access to personal data on a need-to-know basis
• Regular security audits and vulnerability assessments

No method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

8. Apple HealthKit

Chiseled integrates with Apple HealthKit solely to read step count and active energy data to adjust your daily calorie budget. We adhere strictly to Apple's HealthKit guidelines:

• HealthKit data is never used for advertising or shared with third-party advertisers
• HealthKit data is never sold or disclosed to data brokers
• HealthKit access is entirely optional and can be revoked at any time via iOS Settings > Privacy > Health
• Raw HealthKit data is never stored on our servers

9. Your Privacy Rights

Depending on your location, you may have the following rights regarding your personal data:

All Users

• Access: Request a copy of the personal data we hold about you
• Correction: Request correction of inaccurate or incomplete data
• Deletion: Request permanent deletion of your account and all associated data
• Opt-out: Unsubscribe from marketing communications at any time

EEA / UK Users (GDPR)

• Data portability: Receive your data in a structured, machine-readable format
• Restriction: Request we restrict processing of your data in certain circumstances
• Objection: Object to processing based on legitimate interests
• Withdraw consent: Withdraw consent at any time where processing is based on consent
• Lodge a complaint: File a complaint with your local supervisory authority

California Users (CCPA)

• Right to know what personal information we collect, use, and disclose
• Right to delete personal information we have collected
• Right to opt-out of the sale of personal information (we do not sell personal data)
• Right to non-discrimination for exercising your privacy rights

To exercise any of these rights, email privacy@getchiseled.app with your request. We will respond within 30 days (or within the timeframe required by applicable law).

10. Children's Privacy (COPPA)

Chiseled is not directed to children under the age of 13 in the United States or under 16 in the EEA. We do not knowingly collect personal information from children. If we discover that a child has provided us personal information without verifiable parental consent, we will delete such information immediately. If you believe a child has submitted personal data to us, contact us at privacy@getchiseled.app.

11. International Data Transfers

Chiseled is operated from the United States. If you are accessing the App from the EEA, UK, or other regions with laws governing data collection and use, please be aware your information may be transferred to and processed in the United States. Where required, we implement appropriate safeguards such as Standard Contractual Clauses (SCCs) approved by the European Commission.

12. Third-Party Links

The App may contain links to third-party websites or services. We are not responsible for the privacy practices of those third parties. We encourage you to read the privacy policy of any third-party service you visit.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy in the App and/or sending an email notification at least 14 days before the changes take effect. The "Last updated" date at the top of this page reflects the most recent revision. Your continued use of the App after the effective date constitutes acceptance of the revised policy.

14. Contact & Data Controller

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

• Email: privacy@getchiseled.app
• Website: getchiseled.app