App Privacy Policy

1. Data Controller

The data controller is:
Doriel – Leirod
Email: leirod.dev@gmail.com

2. Data We Collect

The Leirod app collects the following categories of data:

Account (via Google OAuth)

• First and last name
• Email address
• Google profile picture

User Profile

• Date of birth, gender, height
• Weight and target weight
• Goal (weight loss, muscle gain, maintenance…)
• Physical activity level

Health Data (with your permission)

If you connect Apple Health (HealthKit) or Health Connect, or if you allow the Android native step sensor, we may read and sync the following data depending on the permissions you grant:

• Daily steps, including steps read from Health Connect or the Android native step sensor if you allow it
• Distance, floors climbed, elevation gain, active calories and total calories burned
• Exercise sessions: activity type, times, duration, distance, calories and related heart-rate data
• Sleep: duration, times and available sleep stages
• Heart rate, resting heart rate and heart-rate variability (HRV)
• Energy expenditure used to calculate calories consumed versus calories burned
• Vitals: blood pressure, oxygen saturation (SpO2), respiratory rate, blood glucose, body temperature and VO2max
• Body composition: weight, height, body fat, lean mass, body water mass and bone mass
• Nutrition data imported from Health Connect if you allow it
• Hydration data imported from Health Connect if you allow it

Tracking Logs

• Meals and foods consumed (including photos)
• Workout sessions
• Body composition (weight, body fat, lean mass, hydration…)
• Water intake

Other Data

• Meal photos sent for AI nutritional analysis
• Messages exchanged with the built-in AI assistant

3. Use of Health Data

Health data is used only to provide Leirod's health, nutrition, workout and coaching features:

• Display your metrics in the dashboard and Health Data screen
• Calculate your daily energy balance, personalized goals and trends
• Import and summarize workouts, including duration, distance, calories and intensity
• Display recovery indicators such as sleep, heart rate and HRV
• Track body progress and avoid duplicate manual entry when this data already exists in Health Connect or Apple Health
• Trigger reminders tied to your step goals when you enable that feature
• Allow your coach to view this data in read-only mode if you choose to link your account to a coach
• Generate personalized reports or recommendations only when you use an AI feature and have accepted the necessary sharing

On Android, Health Connect sync can be started from the app and may also run in the background about every 6 hours, subject to network and battery constraints, to keep your recent data up to date. The first import may cover up to 30 days if you trigger it. Data is sent to the Leirod backend and stored with your account so it can be displayed on your devices and, where applicable, to your coach.

We never use Health Connect, Apple Health or step sensor data for advertising, ad profiling or data sale. It is not shared with data brokers.

4. Purpose of Processing

Your data is used exclusively to:

• Track your nutrition, workouts and health
• Analyze your meals and sessions using artificial intelligence
• Generate personalized weekly reports
• Allow your coach to view your data (if you are being coached)

5. Legal Basis

Processing of your data is based on:

• Consent — you accept this policy when creating your account.
• Performance of a contract — processing is necessary to provide the subscription service.
• Explicit consent (Art. 9 GDPR) — required for health data, granted when you enable Apple Health or Health Connect sync.

6. Artificial Intelligence & Processors

To analyze your data (meals, workouts, reports), we use the following AI services:

• Mistral AI — primary analysis (Mistral AI, Paris, France)
• Anthropic (Claude) — fallback analysis (Anthropic, United States)
• Groq — audio transcription (Groq, United States)

Depending on the feature used, transmitted data may include your message, a meal photo, an audio transcription, logged meals or workouts, goals, preferences, and health data that you explicitly authorized the app to sync when it is necessary for the requested analysis. This data is sent only when you use an AI feature.

The app asks for your explicit permission before sharing personal data with these third-party AI services.

Your data is never used to train these providers' models. Only the data strictly necessary for analysis is transmitted, on a per-request basis and not stored by the provider. We require these processors to provide equal or stronger protection than described in this policy.

7. Hosting & Storage

Your data is hosted on a dedicated server managed by:
OVHcloud — 2 rue Kellermann, 59100 Roubaix, France
The server is located in France. Your data is stored in a PostgreSQL database encrypted in transit (TLS).

8. Data Retention

Your data is retained as long as your account is active. You can delete it at any time from the app settings.

Upon account deletion, all your personal data is anonymized or erased within 30 days, except for billing data retained for legal obligations.

9. Your Rights (GDPR)

Under the General Data Protection Regulation, you have the following rights:

• Right of access — obtain a copy of your data
• Right to rectification — correct inaccurate data
• Right to erasure — delete your account and all your data
• Right to data portability — receive your data in a structured format
• Withdrawal of consent — revoke health data access at any time from your device settings

To exercise these rights, contact us at: leirod.dev@gmail.com

10. Account Deletion

You can delete your account at any time from the app settings. Deletion anonymizes your personal information (email, name, photo) and erases all your tracking data (meals, workouts, health, chat, body composition…).

If you wish, you may consent to keep your email on file to be contacted again in the future. This choice is optional and revocable at any time.

11. Security

We implement technical and organizational measures to protect your data: encryption in transit (HTTPS/TLS), secure OAuth authentication, restricted database access, and regular encrypted backups.