BodyLogBodyLogApp Store

Privacy Policy

Effective date: February 15, 2026

BodyLog (“we”, “our”, or “us”) is a personal health journaling app for iPhone. This Privacy Policy explains what information we collect, how we use it, and your rights. By using BodyLog you agree to the practices described in this policy.

BodyLog is operated by an individual developer (evtsoy). Contact: bodylog@evtsoy.com.

1. Data Stored on Your Device

The vast majority of your data never leaves your iPhone. The following is stored exclusively in a local SQLite database on your device:

  • Daily health log entries (symptoms, mood, energy, custom metrics, scale values, text notes)
  • Medication names, dosages, and schedules
  • Metric definitions and preferences
  • App settings and reminder preferences

This data is not uploaded to any server and is only accessible to you on your device. If you delete the app, all local data is permanently deleted.

2. Apple HealthKit

With your explicit permission, BodyLog reads data from Apple Health to automatically import metrics such as:

  • Steps and active energy burned
  • Heart rate and resting heart rate
  • Sleep analysis duration
  • Body weight and BMI
  • Workout minutes

HealthKit data is read-only and is displayed locally within the app. HealthKit data is never uploaded to external servers, including our own, except as part of the AI features described in Section 4, where it may be included in an anonymized health context you explicitly trigger. You can revoke HealthKit access at any time in iPhone Settings → Privacy & Security → Health → BodyLog.

3. Firebase (Google)

BodyLog uses Firebase (a Google service) for authentication and cloud storage of AI-generated content. Firebase is governed by Google’s Privacy Policy.

Authentication

You can sign in using Apple Sign-In (optional) or use the app anonymously. Apple Sign-In may provide us with your name and email address if you choose to share them; this information is used solely to identify your account. Anonymous accounts are assigned a random Firebase UID with no personal information attached.

Firestore Cloud Storage

The following AI-generated content is stored in Firebase Firestore, linked to your Firebase UID:

  • AI Chat conversation history (your messages and AI responses)
  • AI Journal Summary reports (generated weekly)
  • AI Doctor Report content (generated on demand)
  • Daily Nudge content (generated daily)

This data is stored under your private Firebase UID and is protected by Firestore security rules that prevent other users from accessing it.

Cloud Functions

When you use an AI feature, a Firebase Cloud Function receives an anonymized health context (a structured summary of your recent logged data) and passes it to OpenAI to generate a response. The raw health context is not stored by Firebase beyond the duration of the function call.

4. OpenAI

BodyLog uses the OpenAI API to power its AI features (AI Chat, Daily Nudge, AI Journal Summary, AI Doctor Report). When you use these features, a structured summary of your recent health data is sent to OpenAI’s servers to generate a response.

  • Data sent to OpenAI is used only to generate the response for that request.
  • OpenAI does not retain your data to train models (API usage is subject to OpenAI’s data retention policy — typically 30 days for abuse monitoring, then deleted).
  • No names, email addresses, or other directly identifying information is included in the health context sent to OpenAI.
  • HealthKit data is never sent to OpenAI — only manually logged metrics you have entered in BodyLog.

OpenAI is governed by OpenAI’s Privacy Policy.

5. RevenueCat (Subscriptions)

BodyLog uses RevenueCat to manage in-app subscriptions and purchases. RevenueCat receives:

  • Your Firebase UID (used as a RevenueCat customer ID to link your subscription to your account)
  • Purchase and subscription status information from Apple
  • Device and app version metadata for fraud prevention

RevenueCat does not receive any of your health data. It is governed by RevenueCat’s Privacy Policy. All payments are processed by Apple; BodyLog never receives your payment card details.

6. Apple Sign-In

If you choose to sign in with Apple, Apple may share your name and email address (or a private relay address) with BodyLog. This information is stored in Firebase Authentication and used solely to identify your account. You can choose to hide your email by using Apple’s “Hide My Email” feature. You may also use BodyLog without signing in (anonymous mode), in which case no personal information is collected by authentication.

7. Expo / EAS Updates

BodyLog is built with Expo and may use Expo Application Services (EAS) to deliver over-the-air (OTA) updates. During update checks, Expo may collect technical metadata such as app version, platform (iOS), and runtime version. No personal health data is transmitted during update checks. Expo is governed by Expo’s Privacy Policy.

8. No Advertising or Analytics

BodyLog does not use any third-party advertising networks or general analytics services (such as Google Analytics, Mixpanel, or similar). We do not track your behavior across apps or websites. We do not sell, rent, or share your personal information with third parties for marketing purposes.

9. Data Retention & Deletion

Local data (logs, metrics, medications) is retained on your device until you delete the app or use the “Reset All Data” option in Settings.

Cloud data (AI chat history, reports) linked to your Firebase UID is retained until:

  • You use “Reset All Data” in Settings (which deletes your Firebase account and associated cloud data), or
  • You contact us at bodylog@evtsoy.com and request deletion.

10. Children’s Privacy

BodyLog is not directed to children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, please contact us and we will take steps to delete it.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by updating the effective date at the top of this page. Continued use of the app after changes constitutes your acceptance of the updated policy.

12. Contact Us

If you have any questions about this Privacy Policy or your data, please contact us at: bodylog@evtsoy.com