Privacy Policy

Zanvex Fitness App — Last updated: May 30, 2026

1. Who We Are

Zanvex is a personal fitness tracking application developed by Zanvex Studio, based in Canada. When this policy refers to "we", "us", or "our", it means Zanvex Studio. When it refers to "you" or "your", it means you as a user of the Zanvex app.

This Privacy Policy governs data collected through the Zanvex mobile application ("the App"). It is governed by the Personal Information Protection and Electronic Documents Act (PIPEDA) of Canada and, where applicable, the EU General Data Protection Regulation (GDPR).

If you have questions about this policy, contact us at: privacy@zanvex-studio.com

2. What Data We Collect

Account data

If you create an account: your email address. Anonymous accounts are created automatically and require no personal information — you can use the App without ever providing an email address.

Fitness & workout data

Workout sessions, exercise sets (exercise name, weight, reps, duration, dates), routine programs you create, and personal records. This data is entered by you voluntarily.

Nutrition data

Food entries you log (food name, calories, macronutrients, micronutrients, serving sizes, meal type), and the daily nutrition goals you configure.

Body measurements

Any body measurements you choose to log (e.g. weight, body fat percentage, specific body part measurements). This data is entered by you voluntarily.

Recovery data

Sleep hours, sleep quality ratings, soreness levels, and energy levels you voluntarily log each day.

App preferences

Unit system (metric/imperial), notification preferences, and other in-app settings you configure.

Voice input (optional feature)

If you use the voice food logging feature, your speech is transcribed on-device and the transcribed text is sent to our Cloud Functions for processing. Audio is never stored on our servers. Only the text transcript is processed, and it is not associated with your account identity.

AI Coach interactions (optional feature)

Messages you send to the AI Coach. These are sent to Google's Gemini API for processing. Coach conversations are not permanently stored on our servers. See Section 5 for how Google handles this data.

Crash and error data

If the App crashes, anonymized error reports (stack traces, device model, OS version) are sent to Firebase Crashlytics. These reports do not include your personal information or fitness data.

Usage analytics

Firebase Analytics collects anonymized usage events (e.g., screens viewed, features used) to help us improve the App. This data is aggregated and not linked to your identity.

3. Legal Basis for Processing

Under PIPEDA and GDPR, we process your personal data on the following legal bases:

Data type	Legal basis
Account email address	Consent — you provide this voluntarily when creating an account
Fitness, nutrition, body, recovery data	Consent — you enter this data voluntarily to use the App's features
Crash reports, analytics	Legitimate interest — we need this to maintain App stability and improve performance
Voice transcripts (temporary)	Consent — this feature requires explicit use; audio is never stored

4. How We Use Your Data

To provide the App's core functionality (workout tracking, nutrition logging, progress charts, recovery tracking)
To sync your data across devices via Firebase Firestore, under your unique user ID
To generate personalized AI coach responses based on your fitness context
To display your progress history and personal records
To diagnose crashes and fix bugs (anonymized crash data only)
To understand aggregate usage patterns and improve the App (anonymized analytics only)

We do not sell your personal data to any third party. We do not use your data for advertising purposes. We do not share your identifiable personal data except as described in Section 5.

5. Third-Party Services

We use the following third-party services to operate the App. Each service has its own privacy policy.

Firebase (Google LLC)

Used for: user authentication, cloud database sync (Firestore), cloud functions, crash reporting (Crashlytics), and analytics. Your fitness data is stored on Google Cloud infrastructure in the United States. Google processes this data as a data processor on our behalf under a Data Processing Agreement. See Google's Privacy Policy.

FatSecret API (Fatsecret International Ltd.)

Used for: food search and nutritional data. When you search for a food item, the search query is sent to FatSecret. Your account identity, email address, and personal fitness data are never sent to FatSecret — only the search term.

Google Gemini API (Google LLC)

Used for: voice log parsing and AI Coach responses. Queries sent to Gemini include your food description (voice logging) or your typed message and relevant fitness context (AI Coach). Your account identity is not included. Google's data use practices for Gemini API queries depend on your API tier and agreement — see Google's Privacy Policy and Google's Data Processing Addendum for current terms.

6. International Data Transfers

Zanvex Studio is based in Canada. Your data is stored on Google Cloud servers primarily located in the United States (Firebase region: us-central1). By using the App, you consent to this transfer. Google's data processing agreements with us include Standard Contractual Clauses to protect your data under GDPR where applicable.

7. Data Retention

Data type	Retained until
Account & fitness data	Until you delete your account, or we close the service
Anonymous account data	Until the device is reset, or 30 days after inactivity (automatic Firebase cleanup)
Crash reports	90 days (Firebase Crashlytics default)
Analytics events	14 months (Firebase Analytics default)
Voice transcripts	Not retained — processed in real time and discarded
AI Coach messages	Not retained on our servers — only kept in the conversation session

8. Your Rights

You have the following rights regarding your personal data:

Right to access — You can view all your data within the App at any time.
Right to correction — All data can be edited directly within the App.
Right to erasure (deletion) — You can permanently delete your account and all associated data from the App: go to More → Data & Privacy → Delete Account. This deletes your Firestore data, Firebase Auth account, and local device data. You can also request deletion at zanvex-studio.com/delete-data.
Right to data portability — You can export your data from More → Data & Privacy → Export Data.
Right to restrict processing — Contact us at privacy@zanvex-studio.com to request that we stop processing your data while retaining it.
Right to object — You may object to processing based on legitimate interest (e.g. analytics). Contact us to opt out.
Right to lodge a complaint — If you are an EU/EEA resident, you may lodge a complaint with your local data protection authority. Canadian residents may contact the Office of the Privacy Commissioner of Canada.

9. Children's Privacy

Zanvex is not directed to children under 13 years of age. We do not knowingly collect personal data from children under 13. The App requires users to confirm they are 13 or older during onboarding. If you believe we have inadvertently collected data from a child under 13, please contact us immediately at privacy@zanvex-studio.com and we will delete it promptly.

10. Security

All data transmitted between the App and our servers is encrypted using TLS (HTTPS). Your Firestore data is protected by security rules that ensure only your authenticated account can read or write your data. Your local device data is stored in an SQLite database using standard Android app sandbox security. We follow industry-standard security practices, but no system is completely impenetrable — use a strong, unique password for your account.

11. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you within the App before the changes take effect. The "Last updated" date at the top of this page will always reflect the most recent version. Your continued use of the App after changes constitutes your acceptance of the revised policy.

12. Governing Law

This Privacy Policy is governed by the laws of the Province of Ontario and the federal laws of Canada applicable therein, including PIPEDA. Any disputes shall be subject to the jurisdiction of the courts of Ontario, Canada.

13. Contact Us

For any privacy-related questions, requests, or complaints:

Email: privacy@zanvex-studio.com
Web: Request data deletion

We aim to respond to all privacy requests within 30 days.