Privacy Policy
Last Updated: November 27, 2025
Welcome to the DoseDay GLP-1 Tracker mobile application (the "App"), operated by Fitura AI, LLC ("Fitura AI," "we," "us," or "our"), a Delaware limited liability company. We respect your privacy and are committed to protecting your information.
Overview
This Privacy Policy explains what information we collect, how we use it, and the choices you have. It applies to information collected when you use the App, related websites, and services (collectively, the "Services").
By using the App, you agree to this Policy. If you do not agree, please do not use the App.
Information We Collect
Account and Identifiers
- Firebase Authentication identifiers, including UID and login provider (Apple Sign‑In or anonymous session).
- Sign‑In with Apple may include a name and Apple relay email.
- Locally stored identifiers used for analytics preferences (
@analytics_enabled, @analytics_user_id).
Usage and Device Data
- Push device token, platform, bundle identifier, and derived region.
- Device type, OS version, App version, and locale.
- Crash diagnostics (via Firebase Crashlytics), automatically disabled for EU region users.
- Country/region inferred from device settings and network headers; raw IP addresses are not stored.
- Region assignment and migration history stored locally on your device.
App Events and Analytics
- Mixpanel events and user properties processed through the EU API host.
- Analytics is OFF by default for EEA users and can be enabled or disabled at any time in Settings → Privacy & Data.
- No health measurement data (e.g., dose values or body weight) is sent to analytics providers.
Subscription and Billing
- RevenueCat customer identifiers and subscription status.
- Payment details are processed by Apple or Google. We do not store financial information.
Support Communications
- Messages sent through in‑app chat (Crisp) to provide user support.
- Support chat logs are retained up to 12 months after your last interaction and deleted within 30 days of account deletion or earlier upon request.
How We Use Information
We use data to:
- Provide and improve the App's core functionality.
- Manage accounts, subscriptions, and entitlements.
- Deliver reminders, notifications, and region routing.
- Perform analytics for feature improvement (if enabled).
- Prevent abuse, fraud, and maintain security.
- Comply with legal and contractual obligations.
We do not sell your information.
Lawful Bases (GDPR/UK GDPR)
We process data under the following lawful bases:
- Contract: to provide the App and services you request.
- Legitimate Interest: to maintain and secure the App, detect fraud, and improve performance.
- Consent: for optional analytics and notifications. You can withdraw consent in Settings → Privacy & Data.
Data Sharing and Processors
We share data only with trusted service providers under contractual obligations:
| Provider |
Purpose |
| Firebase (Google) |
Authentication, database (eur3 for EU, nam5 for US), Cloud Functions, push notifications, Crashlytics (disabled for EU region) |
| Mixpanel |
Analytics (EU endpoint for EU region users, off by default for EU) |
| RevenueCat |
Subscription management |
| Crisp |
Support chat |
| Apple / Google |
App store payments and sign‑in |
Crashlytics is automatically disabled when the EU region is active, regardless of your physical location.
International Transfers and Safeguards
We rely on Standard Contractual Clauses (SCCs) and Data Processing Addendums (DPAs) provided by Google and Mixpanel for lawful data transfers outside the EEA and UK.
Data Retention
| Data Type |
Retention |
| User data (Firestore) |
Retained while your account is active; deleted on "Delete My Data" or "Delete My Account." |
| Push device records |
Updated with new registrations; deleted upon account deletion or token invalidation. |
| Support chats |
Retained up to 12 months after last interaction; deleted within 30 days after account deletion or upon request. |
| Analytics |
Profiles deleted when you disable analytics or delete your account. |
| Region migration metadata |
Stored in your Firestore account and on your device; deleted when you delete your account or data. |
User Controls and Rights
You may have rights under GDPR and other laws, including:
- Access, correction, deletion ("right to be forgotten")
- Restriction or objection to processing
- Data portability
- Withdrawal of consent (analytics, notifications)
To exercise these rights, contact privacy@fitura.ai with "Data Subject Request" in the subject line. Verification may be required.
International Data Routing and Regional Data Residency
How Your Region is Determined
The App uses a single global build that routes your data to either EU or US infrastructure at runtime based on:
- Initial Assignment: When you first use the App, your region is automatically determined based on your device's country code and stored locally on your device.
- Persistent Storage: Your region preference is saved in iOS Keychain and persists across app updates and device restarts.
- Account Binding: When you sign in with Apple, your region becomes associated with your account and remains consistent across devices.
Data Storage Locations
- EU Region Users: Data is stored in Firebase's
eur3 (EU multi-region) for Firestore databases, with Cloud Functions running in europe-west1.
- US Region Users: Data is stored in Firebase's
nam5 (US multi-region) for Firestore databases, with Cloud Functions running in us-central1.
Region Switching and Migration
- Your assigned region is sticky and does not change automatically. We do not move your data based on travel or location changes.
- If you need to change your data region, you must contact support at privacy@fitura.ai.
- Region switches involve a one-time data migration that copies your data from one regional infrastructure to another. This process is logged with metadata including source region, destination region, and migration timestamp.
- After migration, the original data may be flagged for deletion in the source region.
EU Region Privacy Enhancements
- Crashlytics (Diagnostic Service): Crash diagnostics are automatically disabled when the EU region is active, regardless of your physical location. This is enforced at runtime in the App code.
- Analytics Default: Analytics is OFF by default for EU region users and can only be enabled through explicit opt-in in Settings → Privacy & Data.
- Data Processing: EU users' analytics data is processed through Mixpanel's EU API endpoint.
Migration Metadata
If you switch regions, we store limited metadata to ensure data integrity:
- A
region_eu document in your Firestore account containing: pinned status, migration timestamp, source/destination regions, and source/destination user IDs.
- Local identifiers on your device to track migration history and prevent data loss during account upgrades.
- This metadata is deleted when you delete your account or data.
Security
We use encryption in transit, Firebase security rules, and access controls. While we take reasonable precautions, no security system is infallible.
Children's Privacy
The App is not directed to children under 13 in the U.S. or under 16 in the EEA. We do not knowingly collect data from children below these ages.
Changes to this Policy
We may update this Policy periodically. Material changes will be communicated via in‑app notice or email. The "Last Updated" date reflects the latest revision.
Contact
Questions or privacy inquiries:
Email: privacy@fitura.ai
See our Terms of Use.
© 2025 Fitura AI, LLC. All rights reserved.