Privacy Policy
Veylan (“we”, “us”, “our”) operates the Veylan mobile application (the “App”). This Privacy Policy explains how we collect, use, and protect your personal information.
1. Information We Collect
1.1 Account Information
When you create an account, we collect your email address and a password (stored as a salted hash — we never store plaintext passwords).
1.2 Profile Information
You may optionally provide: display name, date of birth, height, weight, gender, fitness goal, training experience level, dietary preferences, and dietary restrictions. This data is used solely to personalise your training and nutrition recommendations.
1.3 Health & Fitness Data
With your explicit permission, we access Apple HealthKit data including:
- Heart rate variability (HRV)
- Resting heart rate
- Sleep duration and quality
- Step count
- Active energy burned
This data is used exclusively to calculate your daily recovery score and generate personalised coaching recommendations. We never sell, share, or monetise your health data.
1.4 Workout & Nutrition Data
We collect data you manually enter:
- Workout logs (exercises, sets, reps, weight, RPE)
- Food entries (meal name, calories, macronutrients)
- Body measurements (weight, body fat percentage, circumferences)
- Daily check-in data (sleep hours, energy level, water intake)
1.5 AI Coaching Conversations
Messages sent to the AI Coach are processed by third-party AI providers (Groq, Google) to generate responses. Conversations are stored in your account for history purposes. We do not use your conversations to train AI models.
1.6 Usage Data
We collect anonymous usage analytics (screen views, feature usage) via PostHog to improve the App. No personally identifiable information is included in analytics events.
2. How We Use Your Information
We use your data exclusively to:
- Provide and personalise the App’s features (recovery scoring, coaching, training plans)
- Generate AI-powered coaching recommendations
- Track your fitness progress over time
- Send notifications you have opted into (workout reminders, streak alerts, PR celebrations)
- Process subscription payments (via Apple’s App Store — we do not handle payment details directly)
- Improve the App through anonymised usage analytics
We do not:
- Sell your personal data to third parties
- Use your health data for advertising
- Share your data with insurance companies or employers
- Use your AI conversations to train models
3. Data Storage & Security
- All data is stored in Supabase (hosted on AWS infrastructure in the EU)
- Database access is protected by Row Level Security — users can only access their own data
- Authentication tokens are stored using
expo-secure-store(iOS Keychain) - All network communication uses HTTPS/TLS encryption
- Workout data is cached locally on your device (SQLite) for offline reliability
4. Third-Party Services
| Service | Purpose | Data Shared |
|---|---|---|
| Supabase | Database, authentication, serverless functions | Account data, fitness data |
| Groq | AI Coach chat responses | Chat messages (processed, not stored by Groq) |
| Google (Gemini) | Coaching briefs, training plans | Recovery scores, profile data (anonymised) |
| Apple HealthKit | Health data import | Read-only access with explicit user permission |
| RevenueCat | Subscription management | User ID, purchase status |
| PostHog | Anonymous usage analytics | Screen views, feature usage (no PII) |
| Sentry | Crash reporting | Error logs (no personal data) |
| Open Food Facts | Food barcode lookup | Barcode numbers only |
| USDA FoodData Central | Nutrition data fallback | Food search queries only |
5. Apple HealthKit
Veylan requests read-only access to Apple HealthKit data. In compliance with Apple’s HealthKit guidelines:
- HealthKit data is never used for advertising or marketing purposes
- HealthKit data is never sold to third parties, data brokers, or information resellers
- HealthKit data is never shared with third parties for purposes unrelated to health or fitness
- HealthKit data is used solely to provide the App’s core recovery scoring and coaching features
- Users can revoke HealthKit access at any time via iOS Settings > Privacy & Security > Health
6. Data Retention
- Your account data is retained for as long as your account is active
- Upon account deletion, all personal data is permanently deleted within 30 days
- Anonymised, aggregated analytics data may be retained indefinitely
- AI conversation history can be cleared at any time from within the App
7. Your Rights
You have the right to:
- Access your data (exportable via the monthly PDF report feature)
- Correct inaccurate data (via Profile settings)
- Delete your account and all associated data (via Profile > Settings > Delete Account)
- Withdraw consent for HealthKit access at any time
- Opt out of notifications at any time
For GDPR and UK Data Protection Act requests, contact us at the address below.
8. Children’s Privacy
Veylan is not intended for users under 16 years of age. We do not knowingly collect data from children under 16.
9. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes via the App or email. Continued use of the App after changes constitutes acceptance.
10. Contact Us
For privacy-related questions or data requests:
Email: privacy@veylan.app
Address: [Your registered business address]
This policy complies with the EU General Data Protection Regulation (GDPR), the UK Data Protection Act 2018, Apple’s App Store Review Guidelines, and Apple’s HealthKit guidelines.