Health Diary

Effective date: [to be set on publication] Last updated: [to be set on publication]

This Privacy Policy explains how the Health Diary mobile application ("Health Diary", "app", "we", "us") collects, uses, and discloses information about you when you use the app.

1. Who we are

Health Diary is operated by Andrew Mishin, an individual residing in the Russian Federation, acting as the data controller for purposes of this Policy.

•

Contact email for privacy requests: mishin113@gmail.com

If you have any questions, complaints, or wish to exercise the rights described in this Policy, please write to the address above.

2. Scope

This Policy covers the Health Diary mobile application for iOS and the related backend services that power it. It does not cover third-party services that you may interact with through the app (such as Apple or Google sign-in providers), which are governed by their own privacy policies.

3. Information we collect

We collect only the information that is necessary to operate the app.

3.1. Information you provide

•

Account credentials: email address and password. Passwords are never

stored in plain text; they are stored as one-way salted hashes.

•

Profile: display name, username, optional profile photo (avatar), age,

height, weight, biological sex.

•

Workout data: exercises you select, training schedule, sets performed,

weights, repetitions, rest times, workout history.

•

Nutrition data: foods you log, meal entries, weigh-ins, custom foods,

favorite foods, scanned barcodes (when you use the barcode scanner).

•

Supplement data: supplements you add and check-ins you record.

•

Settings and preferences: language, theme, notification preferences,

training and nutrition configuration.

3.2. Information collected automatically

•

Device and technical data: device model, operating system version, app

version, language and locale, IP address, time zone.

•

Push notification token: a non-personal identifier issued by Apple Push

Notification service, used to deliver workout reminders to your device.

•

Approximate country: derived from your IP address, used to show food

products available in your region. If you choose to grant location permission, we may use a single low-accuracy location request to refine this; we never track your location in the background.

3.3. Information from third-party sign-in providers

If you sign in with Apple or Google, we receive:

•

A stable user identifier from the provider.

•

Your email address (or, for Sign in with Apple, an Apple-provided relay

address if you choose to hide your email).

•

Your name, if you choose to share it.

We do not receive your social graph, contacts, or any other data from these providers.

4. How we use the information

We use the information described above only for the following purposes:

•

To create and maintain your account.

•

To provide the core functionality of the app: tracking workouts, nutrition,

supplements, schedule, and progress.

•

To send push notifications related to your training schedule (you can

disable these in your device settings at any time).

•

To improve and debug the app, investigate technical issues, and prevent

abuse.

•

To comply with applicable law and respond to lawful requests.

We do not use your data for advertising. We do not sell your data to third parties. We do not use your data to build advertising profiles.

5. Health and fitness data

Health Diary stores fitness data that you enter manually (weight, training volume, exercises performed, nutrition). This data is used exclusively to deliver the app's functionality to you. It is not shared with advertisers, data brokers, or any other third party, and is not used to build behavioral profiles for marketing.

Health Diary is not a medical device. The data and recommendations shown in the app are for general fitness purposes only and do not constitute medical advice, diagnosis, or treatment.

6. Permissions requested by the app

The app may request the following device permissions. You can decline or revoke any of them at any time in your device settings; doing so will only disable the specific feature that requires the permission.

•

Photo library: to let you pick a profile picture.

•

Camera: to scan product barcodes when you add food to your nutrition

log.

•

Location (when in use): to approximate the country you are in so we can

show food products available locally. We do not track your location in the background.

•

Notifications: to deliver workout reminders.

7. Sharing with third parties

We share your information only with the following categories of recipients, and only to the extent necessary to operate the service:

•

Apple Inc. — when you choose Sign in with Apple. Governed by Apple's

•

Google LLC — when you choose Sign in with Google. Governed by Google's

•

Apple Push Notification service — to deliver push notifications to

your device.

•

Hosting and database providers — to operate our backend infrastructure.

See Section 8 for the current location of processing.

We do not transfer your data to any party for advertising or marketing purposes.

8. Where your data is stored

Your data is processed and stored on servers operated by our infrastructure provider [to be defined]. We will update this Policy with the specific provider and region once finalized.

9. How long we keep your data

•

Account and personal data: kept for as long as your account exists.

•

Workout, nutrition, and supplement history: kept for as long as your

account exists.

•

Refresh tokens and session data: kept until they expire or you log out.

•

Technical logs: kept for a short period necessary for security and

debugging.

When you delete your account (see Section 10), all of the above is removed from our active database within a short period, and from backups within the ordinary backup-rotation window.

10. Your rights

You have the right to:

•

Access the data we hold about you.

•

Correct inaccurate data — you can edit your profile directly in the app.

•

Delete your account and all associated data. To do this, open the app

and go to Profile → Delete account. This action is immediate and permanent: it triggers a hard delete of your user record on the backend, and all related data (workouts, nutrition entries, supplements, schedule, refresh tokens, push tokens) is removed via database cascade.

•

Export a copy of your data — write to the contact email and we will

provide an export within a reasonable time.

•

Withdraw consent at any time by deleting your account.

•

Complain to a competent supervisory authority.

To exercise any of these rights, write to mishin113@gmail.com.

11. Children

Health Diary is not directed to, and is not intended for, individuals under the age of 16. We do not knowingly collect personal data from children under 16. If you believe a minor has provided us with personal data, please contact us so we can delete it.

12. Security

We use industry-standard technical and organizational measures to protect your data, including TLS encryption in transit, hashed passwords, secure token storage on device (iOS Keychain), and restricted access to the backend. No method of transmission over the internet is 100% secure, but we work to maintain reasonable safeguards.

13. Changes to this Policy

We may update this Policy from time to time. When we do, we will update the "Last updated" date above. Material changes will be communicated in-app or by email when possible.

14. Applicable law

This Policy is governed by the laws of the Russian Federation, without prejudice to mandatory consumer-protection rules of your country of residence.

15. Contact

For any question about this Policy or your data:

Andrew Mishin Email: mishin113@gmail.com