Privacy Policy

AmiFlo (the "Company", "we", "us", or "our") is a habit-tracking and AI coaching application available on iOS. By using the app you agree to this Privacy Policy. If you do not agree, please do not use AmiFlo.

We collect the following data:

• Your name (as entered during onboarding)
• Your goal name and goal type (e.g. Fitness, Study, Recovery)
• Daily check-in records: date, mood rating (0–4), optional notes you write
• Streak count and XP progress
• Display name and goal for the public leaderboard
• AI and tutor conversation messages you send within the app
• Usage events: app opens, check-ins, lessons completed, paywall views, and similar in-app actions
• A randomly generated device identifier (a UUID we create — not your Apple device ID, IMEI, or any Apple ID)

• To provide the core features of the app: goal tracking, check-ins, streaks, XP, and AI coaching from AmiFlo
• To display your name and stats on the in-app leaderboard (only the display name and goal you provide — no contact details are ever shown publicly)
• To match you with an Accountability Buddy if you choose to use that feature
• To restore your Pro subscription status when you relaunch the app
• To send you optional push notifications (only if you grant permission) for streak reminders and celebrations
• To improve the app through anonymous, aggregated usage analytics stored locally on your device

Messages you send to AmiFlo (the AI coach) are transmitted to our AI inference endpoint to generate a response. We use a private API hosted at amiflo-ai.faissalocard.workers.dev. Messages are processed in real time and are not stored on our servers beyond the immediate API call.

Conversation history is stored locally on your device only, using iOS UserDefaults. It is never uploaded to our servers.

We use Supabase, a third-party cloud database, to power the leaderboard and Accountability Buddy features. The following data is stored on Supabase servers:

• Your randomly generated device identifier
• Your display name (as you entered it)
• Your goal name
• Your streak count
• Your total XP and weekly XP
• Whether you are a Pro subscriber (true/false)

Account Authentication (optional): If you choose to sign in to back up your data across devices, we support two methods:

• Sign in with Apple: We receive a stable anonymous user identifier from Apple. Apple may provide a private relay email address. We store only the authentication token in your device's Keychain — your Apple ID and real email are never stored on our servers.
• Email + One-Time Code: We use Supabase Auth to send a 6-digit code to your email. Your email is stored in Supabase Auth solely for authentication. It is never used for marketing or shared with third parties.

Authentication tokens are stored securely in your device's Keychain and are cleared when you sign out or delete the app.

All other app data — including your check-in history, mood notes, AI conversation history, lesson transcripts, fitness logs, and goal-specific progress — is stored exclusively on your device using iOS UserDefaults and is never transmitted to our servers.

We request notification permission to send you streak reminders and celebration alerts. These are sent locally on your device using iOS's scheduled notification system — no notification data passes through external servers.

AmiFlo Pro is offered as a monthly or annual auto-renewing subscription, processed entirely through Apple's App Store. We never see, handle, or store your payment card details. Apple's privacy policy governs all payment processing.

AmiFlo requires users to confirm they are 13 years of age or older before using the app (as shown during the age gate on first launch). We do not knowingly collect personal data from children under 13. If you believe a child under 13 has provided us with personal data, please contact us at contact@amiflo.com and we will delete it promptly.

Users between 13 and 17 may use the app with parental consent. The Accountability Buddy chat feature contains a safety filter that blocks the sharing of contact information, phone numbers, social media handles, and inappropriate content.

We use the following third-party services, each with their own privacy policies:

• Supabase (database) — supabase.com/privacy
• Cloudflare Workers (AI request proxy) — cloudflare.com/privacypolicy
• Anthropic PBC (AI processing) — Your messages to the AmiFlo AI coach, check-in notes, goal information, and food photos are transmitted to Anthropic's API (Claude) for generating personalised coaching responses and nutrition analysis. Anthropic processes this data solely to generate responses and does not use it to train models by default. See anthropic.com/privacy
• Apple App Store (subscriptions & distribution) — apple.com/legal/privacy

We may disclose data if required by law or to protect the safety of users.

Data stored on your device (check-ins, notes, conversations) is retained until you uninstall the app or use the "Sign Out" function in Profile settings, which clears all local data.

Data stored on our Supabase server (display name, goal, streak, XP, device ID) is retained for as long as your account is active.

Depending on where you live, you may have the right to:

• Access the personal data we hold about you
• Correct inaccurate data
• Request deletion of your data
• Object to or restrict certain processing
• Data portability

We take reasonable technical measures to protect your data, including:

• HTTPS encryption for all server communications
• Supabase row-level security policies
• A randomly generated device identifier (not tied to your Apple ID or any real identity)

We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page. Continued use of AmiFlo after changes constitutes acceptance of the updated policy.