Privacy Policy

1. Introduction

Welcome to Weight Pocket, a product operated by JP Medicina de la Montaña LLC ("we," "us," or "our"). Weight Pocket is a weight management coaching platform that serves members linked to a coach, coaching practice, clinic, or other place of service; self-service consumers; and coaching staff (coaches and wellness professionals). We are committed to protecting the privacy and security of your personal data, including sensitive health information. Weight Pocket is an educational coaching and wellness tool — not a medical device, telemedicine service, or healthcare provider — and use of the App does not establish a doctor-patient relationship.

This Privacy Policy explains what data we collect, how we use it, who we share it with, and the rights you have regarding your information. By using Weight Pocket, you agree to the practices described in this policy. If you do not agree, please do not use the application.

Weight Pocket processes special categories of personal data (health data) under GDPR Article 9, which requires your explicit consent. We obtain this consent during onboarding before any health data is collected.

2. Information We Collect

We collect data necessary to deliver personalized weight management services. Below is a comprehensive list organized by category.

2.1 Account Information

• User ID (uid), email address, display name, and profile photo
• Account role (linked member, consumer, or coach/staff)
• Subscription plan status and tier

2.2 Health & Biometric Data (via BLE Scales)

• Body weight, BMI, body fat percentage
• Muscle mass, water percentage, bone density
• BLE scale MAC address (for device pairing)

2.3 Health Platform Data (HealthKit / Health Connect)

• Step count, sleep duration and stages
• Heart rate, heart rate variability (HRV)

This data is read only with your explicit permission through the device health platform authorization flow.

2.4 Daily Logs

• Energy level, symptoms, and symptom notes
• Injection site selection, pain scale, and reactions
• Meals consumed, water intake
• Free-text notes

2.5 Nutrition Data

• Meal entries with calories, protein, carbohydrates, and fat
• Food photos (up to 4 MB per image)
• Barcode scan results

2.6 Medication Data

• Medication type, dosage, frequency, and route of administration
• Injection 3D body coordinates
• Administration dates and schedules

2.7 AI Interaction Data

• Chat messages exchanged with the AI coach
• Food photos submitted for AI recognition (up to 4 MB)

2.8 Behavioral Data

• Mood, energy, stress, and adherence scores
• Nudge interaction logs and delivery timestamps
• Activity events and behavioral patterns

2.9 Body Measurements

• Chest, abdomen, arm, and thigh circumference

2.10 Payment Information

• App Store / Google Play subscription identifiers (anonymous purchase tokens)
• Subscription status and plan type

Credit card numbers, CVVs, and billing details are processed and stored exclusively by the Apple App Store and Google Play. We never have access to your card details.

2.11 Device & Technical Data

• Push notification token
• Optional location data (only when explicitly granted)
• AI usage metrics: user ID, action type, token count, latency, and cost per request
• Error logs stored locally in AsyncStorage

3. How We Use Your Information

We use your data for the following purposes:

• Deliver core services: Weight tracking, nutrition logging, meal planning, medication management, exercise tracking, and health analytics.
• AI-powered coaching: Personalized food recognition, coaching conversations, nutrition advice, morning briefings, and weight prediction models.
• Behavioral support: Nudge delivery, milestone detection, trend analysis, and personalized motivational messaging based on adherence patterns.
• Coaching collaboration: Sharing your health data with your linked coaching staff (coaches and wellness professionals) so they can provide informed coaching and wellness support.
• Metabolic calculations: TDEE estimation, caloric deficit tracking, and 4-week weight projections.
• Subscription management: Processing payments, managing plan upgrades/downgrades, and enforcing feature access based on your subscription tier.
• Communications: Push notifications for medication reminders, nudges, and messages from your coaching staff.
• Service improvement: Aggregate analytics to improve food databases, AI model accuracy, and app performance.
• Safety and compliance: Detecting overdue medication doses, enforcing rate limits, and maintaining audit trails.

4. AI Data Processing

Weight Pocket uses artificial intelligence in two distinct modes:

4.1 Cloud AI (Google Gemini)

Certain features send data to Google Gemini via a secure Cloud Function proxy. Data sent to Gemini may include:

• Chat messages (text, up to 50 KB)
• Food photos for recognition (up to 4 MB, base64-encoded)
• Recent conversation context (up to 20 messages)

All Gemini requests pass through our server-side proxy, which enforces input sanitization, size limits, and per-user rate limiting. Rate limits vary by plan: premium consumers and linked members receive up to 18 AI requests per day; staff and administrators have unlimited access.

4.2 On-Device AI (Offline)

Many AI features run entirely on your device with no data leaving the app:

• AI Coach Engine (rule-based coaching and tips)
• Behavior Engine (pattern detection and scoring)
• Weight Prediction Engine (TDEE-based 4-week projections)
• Nudge system (1,200+ pre-written motivational messages with cooldown logic)
• Food matching (fuzzy search against local databases)

4.3 GDPR Article 9 Consent

Health data constitutes a special category of personal data under GDPR Article 9. We process this data based on your explicit consent, which you provide during the app onboarding process. You may withdraw this consent at any time through your account settings. Withdrawing consent will disable AI-powered features that require health data processing but will not affect the lawfulness of processing performed before withdrawal.

4.4 You Are Always Told When You Interact With AI

In keeping with applicable transparency laws (including California's Bot Disclosure Law and the EU AI Act), the App clearly identifies AI-generated responses and labels the AI coach as artificial intelligence. You are never led to believe you are communicating with a human clinician when you are interacting with an automated feature. The AI is used solely for educational and informational support and never to make clinical or medical decisions.

5. Data Sharing

We do not sell your personal data. We share data only with the following parties and only as necessary to provide our services:

5.1 Google / Firebase

Your data is stored in Google Cloud Firestore and Firebase Storage. Google acts as a data processor under our instructions. Firebase Authentication manages your account credentials. See Firebase Privacy Policy.

5.2 Google Gemini

When you use AI features (chat, food recognition), relevant data is sent to Google Gemini for processing. This data is transmitted through our secure Cloud Function proxy with enforced size limits and rate limiting. See Google AI Terms.

5.3 Apple App Store, Google Play & RevenueCat

Subscription payments are processed by the Apple App Store and Google Play. We use RevenueCat to validate purchase receipts; RevenueCat receives only a subscription identifier, product SKU, and timestamp — never your payment card details, which are handled solely by Apple or Google. See the RevenueCat Privacy Policy and your store's privacy policy.

5.4 Coaching Staff (Linked Staff Model)

If you are a member linked to a coach, coaching practice, clinic, or other place of service, your health data, daily logs, medication records, and progress metrics are accessible to the coaching staff members linked to your account. Staff access is controlled through our linked-staff authorization model, which ensures that only your assigned coaches and wellness staff can view your data. Staff access is verified server-side on every request.

5.5 No Other Sharing

We do not share your data with advertisers, data brokers, or any other third parties. We do not use your health data for advertising purposes.

6. Data Storage & Security

We implement multiple layers of security to protect your data:

• Firestore Security Rules: Audited security rules enforce document-level access control, and are reviewed and updated as the data model changes.
• Storage Security Rules: Firebase Storage rules restrict file access by authentication status and ownership.
• Authentication: Firebase Authentication with secure session management.
• AI Proxy Sanitization: All AI requests pass through a server-side Cloud Function that validates input size (images 4 MB or less, text 50 KB or less), enforces rate limits, and strips unnecessary data.
• Subscription Webhook Verification: All subscription webhook events (RevenueCat) are cryptographically verified using signing secrets before processing.
• Role-Based Access Control: Client-supplied role and member ID fields are never trusted. Staff access is verified server-side using the canStaffAccessUser() function.
• Encryption: Data is encrypted in transit (TLS) and at rest (Google Cloud default encryption).
• Local Storage: Error logs and cached data stored in AsyncStorage remain on your device.

However, no method of transmission over the internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal data, we cannot guarantee its absolute security. You provide your information at your own risk. In the event of a data breach that compromises your personal data, we will notify you and the appropriate authorities as required by applicable law (including GDPR Art. 33–34 and U.S. state breach-notification statutes).

7. Data Retention & Deletion

We retain your data for as long as your account is active or as needed to provide services. When you request account deletion, we execute a comprehensive 9-step erasure process:

1. Delete all daily log entries and subcollections
2. Delete all nutrition and meal records
3. Delete all medication records and injection history
4. Delete all behavioral data, nudge logs, and activity events
5. Delete all AI chat history and interaction logs
6. Delete all uploaded files from Firebase Storage (food photos)
7. Delete any legacy payment-processor customer record retained for billing history
8. Delete the user profile document from Firestore
9. Delete the Firebase Authentication account

Two ways to delete your account:

• In-app: Settings → Account → Delete Account (immediate).
• Without installing the app: Visit our public deletion page at weightpocket.com/account-deletion — complies with Google Play Store deletion-request requirements (2024+).

The deletion process is irreversible. We may retain anonymized, aggregated data that cannot be linked back to you for service improvement purposes. Encrypted backups may persist for up to 30 days after deletion before being overwritten in our backup rotation.

If required by law (for example, for fraud prevention, financial records under tax and payment-processor rules, or medical-record retention applicable to a linked coach, coaching practice, clinic, or other place of service), we may retain certain data for the legally mandated period before deletion.

8. Your Rights Under GDPR

If you are located in the European Economic Area (EEA), United Kingdom, or a jurisdiction with equivalent protections, you have the following rights:

• Right of Access (Art. 15): Request a copy of all personal data we hold about you.
• Right to Rectification (Art. 16): Request correction of inaccurate or incomplete data.
• Right to Erasure (Art. 17): Request deletion of your personal data. We fulfill this through our 9-step account deletion process.
• Right to Data Portability (Art. 20): Request your data in a structured, commonly used, machine-readable format.
• Right to Restrict Processing (Art. 18): Request that we limit how we process your data in certain circumstances.
• Right to Withdraw Consent (Art. 7): Withdraw consent for health data processing at any time through app settings. This does not affect the lawfulness of prior processing.
• Right to Object (Art. 21): Object to processing based on legitimate interests.
• Right to Lodge a Complaint: File a complaint with your local data protection authority.

To exercise any of these rights, contact us at privacy@weightpocket.com. We will respond within 30 days.

9. Your Rights Under CCPA/CPRA

If you are a California resident, the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), provides you with the following rights:

• Right to Know: Request disclosure of the categories and specific pieces of personal information we have collected about you, the sources, the business purposes, and the categories of third parties with whom we share it.
• Right to Correct: Request correction of inaccurate personal information we maintain about you.
• Right to Delete: Request deletion of your personal information, subject to certain exceptions.
• Right to Opt-Out of Sale or Sharing: We do not sell or share (for cross-context behavioral advertising) your personal information. No opt-out is necessary, but you may contact us to confirm this at any time.
• Right to Limit Use of Sensitive Personal Information: You may request that we limit our use of sensitive personal information to what is necessary to provide the App (see § 15.1).
• Right to Non-Discrimination: We will not discriminate against you for exercising any of your rights. You will not receive different pricing or service quality.

To exercise your CCPA/CPRA rights, contact us at privacy@weightpocket.com. As a business that operates exclusively online and has a direct relationship with you, we designate this email as our request method. We will verify your identity (or that of an authorized agent — see § 15.2) and respond within 45 days.

10. HIPAA Notice

If you are an individual whose data is shared with an external healthcare provider, clinic, coach, coaching practice, or other place of service that uses Weight Pocket as part of HIPAA-regulated activities, your health information may be considered Protected Health Information (PHI) under the Health Insurance Portability and Accountability Act (HIPAA). In that scenario, references to a "patient" relationship apply between you and that external organization — not between you and Weight Pocket itself.

In that scenario, that external organization is the Covered Entity responsible for HIPAA compliance. Where Weight Pocket signs a Business Associate Agreement (BAA) with such an organization, Weight Pocket would act as a Business Associate, and that BAA would govern our obligations regarding your PHI. We apply administrative, physical, and technical safeguards designed to align with HIPAA's Security Rule, and we gate our processing accordingly (for example, AI features that would send health data to a third party not covered by a BAA are disabled for organizations operating under HIPAA). We do not represent that the platform is HIPAA-certified, and no certification of HIPAA compliance is implied.

Self-service consumers and members who are not linked to a HIPAA Covered Entity through Weight Pocket are not covered under HIPAA via this App. However, we apply the same security standards to all user data regardless of HIPAA applicability.

11. Children's Privacy

11.1 Age Restriction (18+)

Weight Pocket is intended exclusively for users aged 18 and older. The App is not designed for, marketed to, or directed at minors. By creating an account, you affirmatively represent that you are at least 18 years old.

11.2 COPPA Compliance (Children Under 13)

Weight Pocket complies with the U.S. Children's Online Privacy Protection Act (COPPA), 15 U.S.C. §§ 6501–6506. We do not knowingly collect, use, or disclose personal information from children under the age of 13. If we become aware that we have collected personal information from a child under 13 without verifiable parental consent, we will delete that information immediately using our 9-step erasure process described in § 7. Parents or legal guardians who believe a child under 13 has provided us with personal information may contact us at privacy@weightpocket.com for prompt removal.

11.3 GDPR Children (Under 16)

For users in the European Economic Area (EEA) or United Kingdom, the General Data Protection Regulation (GDPR) Article 8 sets a default minimum age of 16 for consent to process personal data (Member States may lower this to 13). Because the App is restricted to users 18+, we do not knowingly process data of minors under either threshold.

11.4 Minors Aged 13–17

If we become aware of an account holder between the ages of 13 and 17 (under our 18+ policy but above COPPA's threshold), we will terminate the account and delete all associated data. We do not target advertising or content to minors. If you are a parent or guardian who believes a minor under 18 has created an account, please contact privacy@weightpocket.com.

12. Cookies & Tracking

Weight Pocket is a mobile application and does not use browser cookies. We use the following local storage and tracking mechanisms:

• AsyncStorage: Used to cache error logs, health data persistence, and user preferences locally on your device. This data does not leave your device unless you explicitly trigger a sync.
• Push Notification Tokens: A device token is stored to deliver push notifications. You can revoke notification permissions through your device settings at any time.
• AI Usage Metrics: We log anonymized usage metrics (action type, token count, latency, cost) for each AI request to monitor service quality and enforce rate limits.

We do not use third-party advertising trackers, analytics SDKs, or cross-app tracking identifiers.

12.1 This Website

This marketing and legal website (where you are reading this policy) sets no first-party advertising or analytics cookies. To render the site, your browser loads a small number of third-party resources from content-delivery networks — the Tailwind CSS CDN, the jsDelivr CDN (Alpine.js), and Google Fonts. When your browser requests these files, those providers may receive your IP address and standard request headers, and may set their own cookies under their respective privacy policies. These resources are used solely to display the site and not to profile or advertise to you. You can block or delete cookies and restrict third-party requests through your browser settings; doing so will not affect your ability to read this policy.

13. International Data Transfers

Your data is stored and processed on Google Cloud infrastructure located in the United States. If you are accessing Weight Pocket from outside the United States, your data will be transferred to and processed in the US.

For users in the EEA or UK, these transfers are conducted under appropriate safeguards, including Google Cloud's compliance with Standard Contractual Clauses (SCCs) approved by the European Commission. Google Cloud maintains certifications including SOC 2, ISO 27001, and ISO 27018.

Apple, Google, and our subscription validator (RevenueCat) process payment and receipt data in accordance with their own data-transfer mechanisms and certifications. See their respective privacy documentation for details.

14. Apple HealthKit & Google Health Connect

14.1 Apple HealthKit (iOS)

Where you grant permission, Weight Pocket reads health and fitness data from Apple HealthKit (such as weight, body composition, steps, active energy, heart rate, heart rate variability, and sleep). In compliance with the Apple App Store Review Guidelines (§§ 5.1.3 and 5.2.1) and the HealthKit framework requirements:

• HealthKit data is used solely to provide the health and fitness functionality of the App (tracking, progress, AI coaching, and coaching support for linked members).
• HealthKit data is never used for advertising, marketing, data brokering, data mining, or any purpose other than improving health and fitness within the App or supporting your linked coach's coaching workflow.
• HealthKit data is never sold or rented to any third party.
• HealthKit data is never disclosed to any third party except: (i) with your explicit consent; (ii) to your linked coach, coaching practice, clinic, or other place of service, if you are a linked member and have consented; or (iii) when required by law.
• HealthKit data is not stored in iCloud or any third-party cloud beyond Google Firebase (our authenticated, server-side store), and is not transmitted to any unrelated third party.
• You may revoke HealthKit permissions at any time in iOS → Settings → Health → Data Access & Devices → Weight Pocket. Revocation halts new data flow; previously synced data may be deleted by deleting your account (§ 7).

14.2 Google Health Connect (Android)

Where you grant permission, Weight Pocket reads health and fitness data from Google Health Connect. In compliance with Google's Health Connect data policies and Google Play's Sensitive Data Permissions policy:

• Health Connect data is used only for the health and fitness features of the App.
• Health Connect data is never used for advertising or marketing, never sold, and never combined with data from sources unrelated to the App's health features.
• Health Connect data is not transferred to any unrelated third party. Server-side processing occurs only within our authenticated Firebase backend and, where applicable, our Cloud Function proxy to Google Gemini (with the limitations described in § 4 and § 5).
• You can manage Health Connect permissions in Android Settings → Apps → Health Connect → App Permissions, and disconnect Weight Pocket at any time.

14.3 No Use for Insurance, Underwriting, or Employment

We do not use any data obtained from HealthKit or Health Connect — or any other health data collected through the App — for insurance underwriting, employment screening, credit decisions, or any actuarial or risk-rating purpose.

15. We Do Not Sell or Share Your Personal Information

For purposes of the California Consumer Privacy Act (CCPA), the California Privacy Rights Act (CPRA), and analogous state laws (Virginia VCDPA, Colorado CPA, Connecticut CTDPA, Utah UCPA, Texas TDPSA, and others as enacted):

• We do NOT sell your personal information in exchange for monetary or other valuable consideration.
• We do NOT share your personal information for cross-context behavioral advertising (sometimes called "targeted advertising"). The App contains no ad SDKs, no third-party trackers, and no cross-app tracking identifiers.
• We have not sold or shared personal information for these purposes in the preceding twelve (12) months and have no intent to do so.
• Because we do not engage in such sales or sharing, no opt-out is required; if you nonetheless wish to receive written confirmation, contact privacy@weightpocket.com.

Disclosures of data to service providers and processors (Google Firebase for hosting/auth, Google Gemini for AI processing, the Apple App Store and Google Play for payment processing, and RevenueCat for subscription receipt validation) are governed by written data-processing agreements and are not "sales" or "sharing" under any of the foregoing statutes.

15.1 Sensitive Personal Information

Health data, biometric data, and precise geolocation (when permitted) are categorized as "sensitive personal information" under the CCPA/CPRA. We use sensitive personal information only for the purposes described in § 3 (How We Use Your Information) — namely, to provide the App's services and not for inference, profiling for advertising, or any unrelated purpose. You have the right to limit our use of sensitive personal information. To make such a request, contact privacy@weightpocket.com. Because the App's core health-and-fitness functionality depends on this data, limiting its use may reduce or disable certain features; you may also delete your account at any time to stop all processing.

15.2 Biometric Identifiers — What We Do NOT Do

For the avoidance of doubt, and notwithstanding our processing of photographs, Weight Pocket does NOT create, capture, store, or use biometric identifiers or biometric information as defined under the Illinois Biometric Information Privacy Act (BIPA), the Texas Capture or Use of Biometric Identifier Act (CUBI), the Washington biometric statute, or similar laws. Specifically:

• We do not perform facial recognition. Photographs you submit are analyzed only to recognize food items; we do not scan face geometry or create faceprints.
• Device biometrics stay on your device. If you enable Face ID, Touch ID, or fingerprint app-lock, that biometric is processed entirely by your device's operating system. We receive only a success/failure signal and never receive, transmit, or store the underlying biometric template.

15.3 Authorized Agents

California, Virginia, Colorado, and certain other state residents may use an authorized agent to submit privacy requests on their behalf. We require: (a) signed written authorization from the consumer; (b) verification of the consumer's identity; and (c) for deletion requests, a separate signed declaration of the consumer's intent.

16. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

• Update the "Effective Date" at the top of this page
• Send a push notification to active users summarizing the changes
• Display a notice within the app on your next login

Your continued use of Weight Pocket after the updated policy takes effect constitutes your acceptance of the changes. We encourage you to review this policy periodically.

17. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us: