> classified document

Privacy Policy

Last updated: March 15, 2025

REGIME ("we", "us", "our") operates the REGIME mobile application. This Privacy Policy explains what data we collect, why we collect it, and your rights regarding that data.

1. Data We Collect

Account Data

Email address (for authentication)
Display name (optional)

Profile Data

Age, weight, height (for fitness plan personalization)
Dietary preferences and allergies
Wake/sleep times, work hours
Fitness level and gym/home preference

Health Data

Step count, calories burned, active minutes (via Apple HealthKit / Google Health Connect)
Workout data — type, duration, calories

Important: Health data is used exclusively for AI plan personalization and exercise verification. It is never sold, shared with advertisers, or used for insurance purposes.

Usage Data

Task completion and failure history
Compliance scores and rank progression
AI interaction logs (plan generation, reactions)
App open frequency and session duration

Device Data

Push notification tokens
Device platform (iOS / Android)
Timezone

2. Purpose of Data Collection

Generate personalized AI daily plans (food, fitness, habits, tasks)
Track compliance scores and rank progression
Deliver push notifications and evening summaries
Improve AI plan quality through anonymized analytics
Process subscription payments

3. Data Storage and Security

Your data is stored in encrypted PostgreSQL databases hosted on Supabase with TLS encryption in transit. Authentication uses Supabase Auth with secure JWT tokens. Passwords are never stored directly.

4. Third-Party Services

The following third-party services may process your data:

Anthropic / OpenAI / DeepSeek — AI plan generation (profile data sent for personalization)
Supabase — Authentication and database hosting
RevenueCat — Subscription and payment management
PostHog — Product analytics (anonymized usage events)
Sentry — Error tracking and crash reporting
ElevenLabs — Text-to-speech voice generation
Apple / Google — Push notifications and in-app purchases

5. Your Rights

Access — Export all your data via Settings > Dossier > Export Data (GDPR-compliant JSON)
Deletion — Delete your account and all data via Settings > Delete Account
Portability — Download your data in machine-readable JSON format
Correction — Update your profile data at any time via Settings
Objection — Contact us to object to specific data processing

GDPR & CCPA: If you are in the EU/EEA or California, you have additional rights under GDPR or CCPA. We honor all deletion and data access requests within 30 days.

6. Data Retention

We retain your data for as long as your account is active. Upon account deletion, all personal data is permanently removed within 30 days. Anonymized, aggregated analytics may be retained indefinitely.

7. Children's Privacy

REGIME is not intended for users under 16. We do not knowingly collect data from children. If you believe a child has provided us with personal data, contact us immediately for deletion.

8. Changes to This Policy

We may update this policy from time to time. Significant changes will be communicated via in-app notification. Continued use of REGIME after changes constitutes acceptance.

9. Contact

For privacy inquiries, data requests, or complaints:

[email protected]