App Privacy Policy

1. Data Controller

The data controller is:
Doriel – Leirod
Email: leirod.dev@gmail.com

2. Data We Collect

The Leirod app collects the following categories of data:

Account (via Google OAuth)

• First and last name
• Email address
• Google profile picture

User Profile

• Date of birth, gender, height
• Weight and target weight
• Goal (weight loss, muscle gain, maintenance…)
• Physical activity level

Health Data (with your permission)

If you connect Apple Health (HealthKit) or Health Connect, we sync:

• Daily steps and distance
• Sleep duration and stages
• Heart rate and resting heart rate
• Active calories burned
• Vitals (blood pressure, SpO2, glucose, HRV, VO2max…)

Tracking Logs

• Meals and foods consumed (including photos)
• Workout sessions
• Body composition (weight, body fat, lean mass, hydration…)
• Water intake

Other Data

• Meal photos sent for AI nutritional analysis
• Messages exchanged with the built-in AI assistant

3. Purpose of Processing

Your data is used exclusively to:

• Track your nutrition, workouts and health
• Analyze your meals and sessions using artificial intelligence
• Generate personalized weekly reports
• Allow your coach to view your data (if you are being coached)

4. Legal Basis

Processing of your data is based on:

• Consent — you accept this policy when creating your account.
• Performance of a contract — processing is necessary to provide the subscription service.
• Explicit consent (Art. 9 GDPR) — required for health data, granted when you enable Apple Health or Health Connect sync.

5. Artificial Intelligence & Processors

To analyze your data (meals, workouts, reports), we use the following AI services:

• Mistral AI — primary analysis (Mistral AI, Paris, France)
• Anthropic (Claude) — fallback analysis (Anthropic, United States)
• Groq — audio transcription (Groq, United States)

Your data is never used to train these providers' models. Only the data strictly necessary for analysis is transmitted, on a per-request basis and not stored by the provider.

6. Hosting & Storage

Your data is hosted on a dedicated server managed by:
OVHcloud — 2 rue Kellermann, 59100 Roubaix, France
The server is located in France. Your data is stored in a PostgreSQL database encrypted in transit (TLS).

7. Data Retention

Your data is retained as long as your account is active. You can delete it at any time from the app settings.

Upon account deletion, all your personal data is anonymized or erased within 30 days, except for billing data retained for legal obligations.

8. Your Rights (GDPR)

Under the General Data Protection Regulation, you have the following rights:

• Right of access — obtain a copy of your data
• Right to rectification — correct inaccurate data
• Right to erasure — delete your account and all your data
• Right to data portability — receive your data in a structured format
• Withdrawal of consent — revoke health data access at any time from your device settings

To exercise these rights, contact us at: leirod.dev@gmail.com

9. Account Deletion

You can delete your account at any time from the app settings. Deletion anonymizes your personal information (email, name, photo) and erases all your tracking data (meals, workouts, health, chat, body composition…).

If you wish, you may consent to keep your email on file to be contacted again in the future. This choice is optional and revocable at any time.

10. Security

We implement technical and organizational measures to protect your data: encryption in transit (HTTPS/TLS), secure OAuth authentication, restricted database access, and regular encrypted backups.