PRIVACY POLICY

Information you provide:

• Account information: email address, username, display name, date of birth, gender, profile photo
• Body metrics: height, weight, body measurements, and unit preferences
• Workout data: exercises, sets, reps, weight, duration, distance, RPE, and workout notes
• Nutrition data: food logs, nutrition targets, saved meals, meal scan photos, food search terms, barcode lookups, and meal scan notes or corrections
• Progress data: progress photos, body scan photos and results when you choose to save them, body composition estimates, and comparison history
• Training routines and custom exercises you create
• AI feature inputs: AI Coach messages, in-workout coach messages, workout/routine builder preferences, body scan context, and optional food scan descriptions

Information collected automatically:

• Product analytics: which screens you view, which features you use, onboarding step progression, workout completions, AI feature usage, food scan outcomes, body scan summary scores, and subscription funnel events. We process this via PostHog (see Section 4). We do not send your raw workout content, AI chat messages, body scan photos, meal photos, or free-text personal goals to PostHog.
• Crash reports and error diagnostics (stack traces, device model, OS version, app version) via Sentry to identify and fix bugs.
• Device information (operating system, app version, locale, theme preference, and device identifiers used for anti-abuse limits) for compatibility, fraud prevention, and personalization.
• Authentication tokens for maintaining your session.

We use your information to:

• Provide, maintain, and improve the App and its features
• Sync your workout data across devices via secure cloud backup
• Power AI features by sending the required messages, prompts, context, photos, or meal descriptions to our AI processing providers (see Section 4)
• Analyze meal photos, search food databases, and support barcode lookup for nutrition logging
• Send important service notifications (e.g., account security alerts)
• Respond to support requests and communications
• Detect and prevent fraud, abuse, and violations of our Terms
• Process subscriptions, restore purchases, and maintain entitlement records

We do not sell your personal data to third parties. We do not use your workout data for advertising purposes.

Buffro is operated by PT DUO DIGITAL INTERNASIONAL. References to “we,” “us,” and “our” in this policy mean PT DUO DIGITAL INTERNASIONAL.

Local storage: Core workout data — including all exercises, sets, routines, and your AI chat history — is stored locally on your device. Workout, nutrition, and progress records use SQLite; app preferences and some cached images use device storage. This data is available offline and does not require a network connection.

Cloud storage: When you are connected to the internet, account data, workout data, nutrition data, progress data, saved photos, and support attachments may be synced to secure cloud servers hosted by Supabase (see Section 4). Cloud backup allows you to restore your data on a new device or after reinstalling the App.

We implement industry-standard security measures including encrypted connections (TLS), row-level security policies, and access controls. However, no system is completely secure, and we cannot guarantee absolute security of your data.

Buffro uses the following third-party services to power the App:

Supabase (database & authentication): We use Supabase to store cloud-synced workout data and manage user authentication. Your data is stored in Supabase's secure infrastructure. Supabase's privacy policy is available at supabase.com/privacy.

OpenAI (AI Coach feature): We use OpenAI's API for AI Coach, in-workout coach, workout and routine generation, and body scan analysis. Depending on the feature, we may send your message, recent chat history, workout context, builder preferences, training context, body metrics, and body scan photos to OpenAI for processing. We do not send your account email to OpenAI as part of these AI requests. OpenAI says API data is not used to train or improve its models unless the API customer opts in; OpenAI may retain abuse-monitoring logs according to its API data controls. Do not share sensitive, confidential, proprietary, or emergency medical information through AI features. AI chat history is stored locally on your device. OpenAI's privacy policy is available at openai.com/privacy.

Google (authentication and AI meal scan): If you choose to sign in with Google, Google will share your email address and profile information with us for authentication purposes. For AI meal scan, meal photos, food descriptions, and corrections may be sent to Google's Gemini / Generative Language API for image analysis. Google's privacy policy applies to your use of Google Sign-In and Google AI services.

Apple (authentication): If you choose to sign in with Apple, Apple provides an identity token and may provide your name or email address for account creation, depending on your Apple settings. Apple's privacy policy applies to your use of Sign in with Apple.

FatSecret (nutrition database): We use FatSecret to power remote food search, barcode lookup, and nutrition detail lookup. We send food search terms, barcode values, and food IDs to FatSecret through our server proxy; we do not intentionally send your Buffro account email or profile details to FatSecret.

PostHog (product analytics): We use PostHog to understand how users interact with the App — which features are used, where users drop off in onboarding, and subscription funnel conversion. PostHog receives an user identifier, your account email, app version, app build, platform, locale, theme preference, account creation date, subscription status, and limited event metadata such as feature counts, error categories, food scan outcomes, and body scan summary score. We do not send raw workout content, AI chat messages, body scan photos, meal photos, or free-text personal goals to PostHog. We do not use PostHog data for advertising. PostHog's privacy policy is available at posthog.com/privacy.

RevenueCat (subscription management): If you purchase a Buffro Pro subscription, RevenueCat processes the purchase, manages renewals, and forwards anonymized subscription lifecycle events (purchase, renewal, cancellation, refund) to our analytics. RevenueCat receives a pseudonymous user identifier and your purchase data — never your workout content or personal goals. RevenueCat's privacy policy is available at revenuecat.com/privacy.

Sentry (crash and error reporting): We use Sentry to collect crash reports and error diagnostics so we can fix bugs. Sentry receives stack traces, device model, OS version, app version, and a pseudonymous user identifier. We have configured Sentry to not send personally identifiable information by default. Sentry's privacy policy is available at sentry.io/privacy.

Support and reporting tools: If you submit a bug report, feedback, feature request, or exercise database correction, we process the text you provide, device/app details you include, and any screenshots you attach. These reports may be routed through our internal support tools, including Discord, so our team can review and respond.

We retain your account and workout data for as long as your account is active. If you delete your account, your account data and associated cloud-synced records will be removed from our cloud systems within 30 days, subject to legal retention requirements and store/payment records we are required to keep.

AI chat messages are stored locally on your device and are automatically cleared after the current conversation window, deleted when you manually clear chat history, or removed when you uninstall the App. We do not keep a separate AI chat transcript database on our own servers, but AI providers may retain API request logs according to their own data-control and abuse monitoring policies.

Body scan photos are stored in cloud storage only when you choose to save them for history. Meal scan photos may be stored so you can review or correct scan results. Support attachments are kept for as long as needed to investigate the report and are deleted with your account when they are associated with your user folder.

You may request deletion of your data at any time by contacting us at support@buffro.app.

You have the right to:

• Access — request a copy of the personal data we hold about you
• Correction — update or correct inaccurate information in your account settings
• Deletion — request deletion of your account and associated data
• Portability — request an export of your workout data
• Opt-out choices — disable optional AI features where the App provides controls, and choose not to save optional scan photos

To exercise these rights, contact us at support@buffro.app.

The App is not directed to children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that a child under 13 has provided us with personal information, we will take steps to delete that information.

Users between 13 and 18 must have parental or guardian consent before creating an account.

We may update this Privacy Policy from time to time. We will notify you of significant changes via in-app notification or email. The “Last updated” date at the top of this page reflects when the policy was most recently revised.

Continued use of the App after changes to this policy constitutes your acceptance of the revised policy.

If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us:

Company: PT DUO DIGITAL INTERNASIONAL

Email: support@buffro.app

You may also use our Contact page to reach us.