Privacy Policy
Effective date: 23 April 2026
This Privacy Policy explains how Transpir ("we", "us", "our") collects, uses, shares, and protects personal data when you use our website and software services.
1. Data We Collect
- Account data: name, email, profile, and sign-in metadata.
- Service data: health, fitness, nutrition, progress, and AI coaching inputs you submit.
- Health and fitness data: steps, distance, calories, heart rate, weight, and workout data from Apple HealthKit or Google Health Connect, collected only with your explicit permission on your device.
- Photo and image data: food photos submitted for AI-powered nutritional analysis. Photos are processed in real-time and are not retained by AI providers after analysis.
- Usage data: technical and log data such as device type, browser, IP address, and feature usage.
- Billing metadata: subscription status, invoices, and transaction records handled by our payment processor.
2. How We Use Data
- Deliver, secure, and improve the service.
- Generate AI-powered coaching, meal plans, workout plans, and nutritional analysis by sending relevant service data to third-party AI providers. Your data is used solely to generate your requested outputs and is not used to train AI models.
- Sync health and fitness data from Apple HealthKit or Google Health Connect to provide unified progress tracking (read-only; we never write to your device health store).
- Manage subscriptions, billing, support, and transactional communications.
- Measure product usage via analytics tools (only with your consent) and monitor application errors to improve reliability.
- Prevent fraud and comply with legal obligations.
3. Legal Bases (UK/EU)
Where UK GDPR or EU GDPR applies, we process personal data on one or more legal bases: performance of a contract, legitimate interests, legal obligations, and consent (for non-essential cookies and similar choices).
4. Sharing and Processors
We share personal data only as needed with the following categories of service providers (processors). We do not sell personal data for monetary consideration.
| Processor | Purpose | Data shared |
|---|---|---|
| Supabase (US) | Database and authentication | Account data, service data |
| Vercel (US) | Web hosting | Usage data, request metadata |
| Stripe (US) | Payment processing | Email, billing metadata |
| Anthropic (US) | AI coaching, meal and workout plans | Service data prompts (not retained for training) |
| OpenAI (US) | AI features | Service data prompts (not retained for training) |
| Z.AI / GLM | AI features | Service data prompts |
| PostHog (EU/US) | Product analytics | Anonymised usage data (consent required) |
| Google Analytics (US) | Web analytics | Anonymised usage data (consent required) |
| Sentry (US) | Error monitoring | Error metadata, device info (masked) |
| Expo (US) | Push notifications | Push tokens, device metadata |
Apple HealthKit and Google Health Connect data flows one-way from your device to the Transpir app. We do not share raw health data with third parties except as necessary to generate AI-powered insights you explicitly request.
5. International Transfers
If personal data is transferred outside the UK or EEA, we use appropriate safeguards, such as EU Standard Contractual Clauses and the UK International Data Transfer Agreement or UK Addendum, together with supplementary measures where required. Most processors listed above are based in the United States and operate under the EU-US Data Privacy Framework where applicable.
6. Data Processing Addendum (DPA)
Where required by applicable data protection law, or where we process personal data on behalf of a customer as processor, we will enter into a DPA covering processor obligations and applicable transfer safeguards.
7. Cookies and Consent
We use strictly necessary cookies for service operation and request consent before setting non-essential cookies (such as analytics or marketing). You can accept, reject non-essential cookies, or manage preferences from the cookie banner and update your choice at any time from in-app cookie settings.
8. Retention and Security
We keep personal data only for as long as necessary for service delivery, legal compliance, dispute resolution, and security. We apply reasonable technical and organisational measures to protect data, including encryption at rest and in transit, row-level security on database tables, and secure storage for sensitive data on mobile devices.
9. Your Rights
Depending on your jurisdiction, you may have rights to access, rectify, erase, limit, object, or port your personal data.
For UK users, you can also lodge a complaint with the ICO.
10. Contact
For privacy or legal requests, contact:
Email: hello@transpir.com