Privacy Policy

Last Updated: June 24, 2026

Welcome to the DoseDay GLP-1 Tracker mobile application (the "App"), operated by Fitura AI, LLC ("Fitura AI," "we," "us," or "our"), a Delaware limited liability company. We respect your privacy and are committed to protecting your information.


Overview

This Privacy Policy explains what information we collect, how we use it, and the choices you have. It applies to information collected when you use the App, related websites, and services (collectively, the "Services").

Please review this Policy carefully. Your use of the Services is also governed by our Terms of Use.


Information We Collect

Account and Identifiers

Usage and Device Data

Health and Fitness Data

App Events and Analytics

Website Events and Analytics

Subscription and Billing

Readiness Mode / Starting Plan

Readiness Mode and Starting Plan can be used before creating a DoseDay tracking account. No Firebase account is required to use Readiness / Starting Plan.

Readiness / Starting Plan data is stored locally on your device and encrypted at rest. It is not uploaded to DoseDay servers unless you choose to use a cloud-connected feature, share or export information, contact support with details, or begin active tracking.

Readiness data stored on your device may include:

Because Readiness / Starting Plan data is stored only on your device, DoseDay cannot view, export, or recover it. If you delete the app or delete your local Readiness Plan, that data may be permanently lost.

DoseDay may collect limited, non-content analytics about Readiness feature usage, such as whether a module was opened or whether an external resource link was tapped. DoseDay does not use analytics to record the specific Readiness topics, checklist items, baseline values, coverage/access statuses, or specific external health resources selected by the user. See the App Events and Analytics section.

AI-Generated Wellness Tips

Support Communications

Reports and Exports


How We Use Information

We use data to:

We do not sell your information.


No Sale or Advertising Tracking

We do not sell your personal information. We do not use your health data, Apple Health data, medication records, notes, reports, or AI tip data for advertising, marketing profiling, or data broker purposes.


Lawful Bases (GDPR/UK GDPR)

We process data under the following lawful bases:


Data Sharing and Processors

We share data only with service providers under contractual obligations:

Provider Purpose
Firebase (Google) Authentication, database storage, Cloud Functions, push notifications, Remote Config, and Crashlytics diagnostics where enabled. EU-region data is routed to EU infrastructure where supported by the App's regional configuration.
Mixpanel Privacy-preserving product analytics using pseudonymous identifiers. Analytics is off by default for EU-region users and can be disabled in Settings → Privacy & Data.
RevenueCat Subscription management
Crisp and support service providers In-app support chat, email or other support communications, support session metadata, troubleshooting, support notifications, and related support operations.
Apple / Google App store payments and sign‑in
Anthropic AI-generated wellness tips. Receives minimized health summaries without direct identifiers through server-side Cloud Functions only. We do not send name, email address, Firebase UID, device identifier, free-text notes, or full daily records to Anthropic.

Crash diagnostics may be collected through Firebase Crashlytics in supported builds. We use crash diagnostics to maintain app reliability and security. We do not attach names, email addresses, health values, medication details, notes, report contents, or Apple Health data to crash reports. Crash diagnostics collection may vary by region and build configuration.


International Transfers and Safeguards

We may process information in the United States, the European Economic Area, and other locations where we or our service providers operate. Where personal data is transferred internationally, we rely on appropriate safeguards such as Standard Contractual Clauses, Data Processing Addenda, provider-specific regional processing commitments, or other lawful transfer mechanisms made available by our processors, including Google/Firebase, Mixpanel, RevenueCat, Crisp and support service providers, Anthropic, Apple, and Google.


Data Retention

Data Type Retention
User data (Firestore) Retained while your account is active; deleted when you use "Delete My Data" or "Delete My Account," subject to limited operational logs and legal obligations.
Locally stored App data Stored on your device to operate the App, including preferences, cache, onboarding state, selected region, and AI tip cache. Cleared when you use deletion controls where applicable.
Push device records Updated with new registrations; deleted upon account deletion, token invalidation, or when no longer needed for notification delivery.
Support communications Retained up to 12 months after last interaction; deleted within 30 days after account deletion or upon verified request, where technically available through our support providers.
Analytics Analytics profiles are deleted when you disable analytics or delete your account, where supported by the analytics provider.
Region migration metadata Stored in your Firestore account and on your device as needed to route your data and prevent migration loss; deleted when you delete your account or data, except where needed for legal or operational records.
AI tip audit logs Stored in your Firestore account for App functionality, rate limiting, feedback, and audit purposes; deleted when you delete your account or data.
Local Readiness / Starting Plan data Stored locally on your device in encrypted form. Deleted when you delete your local Readiness Plan from the Readiness Privacy screen, delete the app, or when the app removes the local store after an active tracking transition where applicable. DoseDay cannot view, export, or recover local-only Readiness data; the encrypted data and Keychain root key are deleted together, making the data irrecoverable.
Active tracking data (Firestore) Stored while your account is active. Deleted when you use “Delete My Data” or “Delete My Account,” subject to limited operational logs and legal obligations. If you copied a local Readiness baseline snapshot into active tracking, those copied values are stored in Firestore and subject to this policy.
Reports and exports Generated on your device or through App functionality at your request. We do not automatically send generated reports to third parties. Copies you share are controlled by the destination you choose.

User Controls and Rights

You may have rights under GDPR and other laws, including:

To exercise these rights, contact privacy@fitura.ai with "Data Subject Request" in the subject line. Verification may be required.

You may also use in-app controls to delete your App data, delete your account, manage analytics, manage notifications, and control Apple Health permissions through iOS Settings.

If you use Readiness / Starting Plan before active tracking, you can delete your local Readiness Plan from the Readiness Privacy screen (accessible from the Readiness dashboard). Because this data is stored only on your device, DoseDay cannot view, export, or recover it for you unless you have chosen to share it or copy it into active tracking.


International Data Routing and Regional Data Residency

How Your Region is Determined

The App uses a single global build that routes your data to either EU or US infrastructure at runtime based on:

Data Storage Locations

Region Switching and Migration

EU Region Privacy Enhancements

Migration Metadata

If you switch regions, we store limited metadata to ensure data integrity:


Security

We use encryption in transit, Firebase security rules, and access controls. While we take reasonable precautions, no security system is infallible.

Local Readiness / Starting Plan data is encrypted at rest using an app-managed encryption key stored in the device Keychain. Deletion of the local Readiness Plan removes both the encrypted data and the Keychain key. No security measure is perfect, and users should protect access to their device.


Children's Privacy

The App is not directed to children under 13 in the U.S. or under 16 in the EEA. We do not knowingly collect data from children below these ages.


Changes to this Policy

We may update this Policy periodically. Material changes will be communicated via in‑app notice or email. The "Last Updated" date reflects the latest revision.


Contact

Questions or privacy inquiries:
Email: privacy@fitura.ai

See our Terms of Use.

© 2026 Fitura AI, LLC. All rights reserved.