Confidentialité Policy

Our Core Commitment

We do not store your photos. This is the foundation of our privacy promise. Every image you upload is:

• Processed entirely in the server's memory
• Used only for the duration of the analysis
• Permanently deleted immediately after the analysis results are returned

We have designed our system so that it is technically incapable of retaining your images. No copies are written to disk, no backups contain your photos, and no third-party services receive your image data. Once your analysis results are displayed, the original image buffers are garbage-collected and cannot be recovered.

Information We Collect

Information You Provide Voluntarily

If you create an account, we collect:

• Your email address (used only for account authentication and password resets)
• A hashed (one-way encrypted) password — we never store your raw password
• Fitness data you choose to enter (height, weight, age, activity level, body measurements, workout logs)

This data is stored securely and associated with your account so you can access it across devices. You may delete your account and all associated data at any time through your profile settings.

Non-Personal Information

When you use our service, the following non-personal information may be collected:

• Anonymous usage statistics (pages visited, features used, tool interactions)
• Browser type, language, and version
• Device type, screen resolution, and operating system
• Referral URL and approximate geographic region (country-level only)

This data is aggregated and used solely to improve our service and understand feature adoption. It cannot be used to identify you individually.

How We Use Your Data

We use collected information for the following purposes:

• To provide and maintain the body analysis and fitness tracking features
• To improve and personalize your experience across our tools
• To display advertisements via Google AdSense
• To detect, prevent, and address technical issues or abuse
• To communicate with you about service changes or account-related matters

We do not sell, rent, or trade your personal information to third parties for their marketing purposes.

Cookies and Tracking

We use the following types of cookies on our site:

• Essential cookies: Required for basic site functionality, including session management and security. These cannot be disabled.
• Analytics cookies: Used to understand how visitors interact with our site (page views, feature usage). These help us improve the service.
• Advertising cookies: Google AdSense uses cookies to serve relevant ads based on your browsing history and interests.

You can control cookie preferences through your browser settings. You may opt out of personalized advertising by visiting Google Ads Settings or by visiting Network Advertising Initiative opt-out page.

For more information about how Google uses data, see How Google uses data when you use our partners' sites.

Third-Party Services

We use the following third-party services in the operation of our site:

• Google AdSense — For serving advertisements. AdSense may use cookies, web beacons, and similar technologies as described in Google's Privacy Policy. AdSense collects data including your IP address, browser type, device information, and interaction with ads.
• Cloudflare — For content delivery network (CDN) services, DDoS protection, and performance optimization. Cloudflare may process your IP address and request metadata as described in Cloudflare's Privacy Policy.
• jsDelivr — For serving open-source JavaScript libraries and CDN assets. jsDelivr does not set cookies or track users. See jsDelivr Privacy Policy.

Each third party processes data according to their own privacy policies. We encourage you to review these policies for complete information.

AI Trainer and Client-Side Processing

The AI Fitness Trainer available on this site runs entirely in your web browser using WebAssembly and ONNX Runtime. When you use the AI Trainer:

• The AI model is downloaded to your browser's cache — it does not run on our servers
• All messages you type are processed locally on your device
• No conversation data, queries, or responses are transmitted to our servers
• The model file (~90 MB compressed) is served via jsDelivr CDN

This design ensures that your conversations with the AI Trainer remain completely private and never leave your device.

Data Retention

Our data retention policies are as follows:

• Uploaded images: Zero retention. Deleted immediately after analysis.
• Account data: Retained for as long as your account is active. You may delete your account at any time, which permanently removes all associated data.
• Anonymous usage statistics: Retained in aggregated form for up to 26 months, then anonymized further or deleted.
• Server logs: Standard web server logs (IP address, timestamp, request path) are retained for up to 30 days for security and troubleshooting, then automatically rotated and deleted.

Data Security

We implement appropriate technical and organizational measures to protect your data:

• Images are processed in isolated memory buffers that are garbage-collected after each request
• Passwords are hashed using bcrypt with a cost factor of 12
• All traffic is encrypted in transit using TLS 1.3
• Our servers run with minimal permissions and no persistent storage of user-uploaded content
• Database access is restricted to authorized services only
• Regular security audits and dependency updates are performed

Children's Privacy

Our services are not directed to individuals under the age of 13 (or 16 in the European Economic Area). We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us so we can delete it.

International Data Transfers

Our servers are located in the United States and European Union. If you access our service from outside these regions, your data may be transferred to and processed in these locations. We ensure appropriate safeguards are in place for international data transfers, including Standard Contractual Clauses where required by applicable law.

Your Rights

Depending on your jurisdiction, you may have the following rights under data protection laws (including GDPR, CCPA, and others):

• Right to access: Request a copy of the personal data we hold about you
• Right to rectification: Request correction of inaccurate or incomplete data
• Right to erasure (right to be forgotten): Request deletion of your personal data
• Right to restrict processing: Request limited use of your data
• Right to data portability: Request transfer of your data to another service provider
• Right to object: Object to processing of your data for specific purposes
• Right to withdraw consent: Withdraw consent at any time where processing is based on consent
• Right to opt out of sale: We do not sell personal information, but you may submit an opt-out request for clarity

Since we do not store uploaded images, those rights are inherently fulfilled regarding image data. To exercise any of these rights regarding your account data, please contact us. We will respond within 30 days.

California Privacy Rights (CCPA)

Under the California Consumer Privacy Act (CCPA), California residents have the right to:

• Know what personal information is collected, used, shared, or sold
• Request deletion of personal information
• Opt out of the sale of personal information (we do not sell personal information)
• Non-discrimination for exercising these rights

To exercise your CCPA rights, please contact us at the email below.

Changes to This Policy

We may update this privacy policy from time to time. Material changes will be communicated by posting a notice on our website or by email (if you have an account). The "Last updated" date at the top of this page indicates when the policy was last revised.

Contact

If you have questions, concerns, or requests regarding this privacy policy or our data handling practices, please contact us at: [email protected].

We will acknowledge your request within 5 business days and resolve it within 30 days.