Last Updated: December 14, 2025 | Effective Date: December 6, 2025
Privacy at a Glance
- Your Control: You own your health data. View, edit, and delete your information anytime.
- Security First: Your data is encrypted in transit (HTTPS) and at rest (AWS encryption). Passwords are securely hashed.
- No Selling: We never sell your personal data. Period.
- Minimal Sharing: We only work with essential services (food database, notifications, subscriptions).
- Age Requirement: You must be 17 years or older to use this app.
Introduction
Welcome to EatFastTrain Complete Fitness ("EatFastTrain," "we," "our," or "us"). We are committed to protecting your privacy and being transparent about how we collect, use, and safeguard your information.
This Privacy Policy explains our data practices for the EatFastTrain Complete Fitness iOS app. By using our app, you agree to the collection and use of information in accordance with this policy.
1. Information We Collect
Summary
We collect information you provide when creating your account and using the app's features. This includes your profile details, nutrition logs, fasting sessions, workout data, and weight tracking. We also collect minimal technical data to deliver notifications and manage subscriptions.
1.1 Account Information
When you create an EatFastTrain account, we collect:
- Name: Your full name for account personalization
- Email Address: Required for account creation, login, and communication
- Password: Securely hashed using BCrypt (we never store plain-text passwords)
- Email Verification Status: Tracks whether you've verified your email address
1.2 Profile & Health Data (Optional)
To provide personalized fitness recommendations and goal calculations, you may optionally provide:
- Date of Birth: Used for age-appropriate fitness calculations
- Height: Stored in centimeters or inches based on your unit preference
- Gender: Options include male, female, or other
- Activity Level: Sedentary, lightly active, moderately active, very active, or extremely active
- Unit System: Metric or imperial measurement preferences
- Timezone: Used for accurate scheduling of fasting and notifications
1.3 Nutrition Tracking Data
When you use the EAT (nutrition tracking) feature, we collect:
- Diary Entries: Date, time, and timezone of each food entry
- Food Details: Food name, brand, serving size, and serving type
- Nutritional Information: Calories, protein, carbohydrates, fats, saturated fats, fiber, sodium, sugar, and cholesterol
- Meals: Custom meal names and organization preferences
- Custom Foods: Foods you create, with optional public/private visibility
- Recipes: Multi-ingredient recipes you create with calculated nutrition
- Nutrition Goals: Your target calories and macro goals
1.4 Fasting Tracking Data
When you use the FAST (intermittent fasting) feature, we collect:
- Fasting Sessions: Start time, end time, duration, and status (in progress, completed, or cancelled)
- Fasting Schedules: Your recurring fasting schedule with days of week, start times, and timezone
- Fasting Protocols: Custom fasting durations and protocols you create
- Notes: Optional notes you add to fasting sessions
1.5 Workout Tracking Data
When you use the TRAIN (workout tracking) feature, we collect:
- Workout Templates: Template names, exercises, sets, rest intervals, and progressive overload goals
- Workout Sessions: Start time, end time, status, and session notes
- Exercise Data: Exercise names, muscle groups, descriptions, and custom exercises you create
- Set Data: Weight lifted, repetitions completed, and completion status for each set
- Notes: Optional notes you add to exercises and workouts
1.6 Weight Tracking Data
When you use the weight tracking feature, we collect:
- Weight Entries: Weight values, recorded dates/times, and optional notes
- Weight Goals: Target weight, target date, goal status, and reminder preferences
1.7 Device & Technical Data
To deliver app functionality and notifications, we collect minimal technical data:
- APNs Device Token: Apple-provided token for sending push notifications
- APNs Environment: Development or production environment identifier
- Authentication Token: JWT (JSON Web Token) stored locally in your device's secure Keychain
- User ID: Unique identifier (UUID) for your account
1.8 Advertising & Analytics Data
To measure advertising effectiveness and improve app stability, we collect:
- Advertising Identifier (IDFA): With your permission via Apple's App Tracking Transparency prompt, we collect your device's advertising identifier to measure the effectiveness of our advertising campaigns
- App Install Attribution: Information about which advertisement led you to install the app
- Crash Reports: Technical information about app crashes including device model, iOS version, and crash stack traces
- Performance Data: App launch times, hang rates, and general performance metrics
You can deny tracking permission when prompted, or change this later in iOS Settings > Privacy & Security > Tracking.
What We Don't Collect:
- Location data or GPS coordinates
- Your contacts or address book
- Photos from your photo library (we only use the camera for scanning)
- Apple Health app data
- Social media connections
- Payment information (handled by Apple/RevenueCat)
2. How We Use Your Information
Summary
We use your information solely to provide and improve the app's features. This includes tracking your nutrition and fitness progress, sending you notifications you've requested, calculating personalized goals, and managing your subscription.
2.1 Core App Functionality
We use your information to:
- Nutrition Tracking: Display your daily food intake, calculate macro totals, and show progress toward goals
- Fasting Tracking: Track fasting sessions, display countdown timers, and maintain your fasting history
- Workout Tracking: Log exercises, sets, and reps; track personal records and progression over time
- Weight Tracking: Display weight trends, calculate progress toward goals, and show projected trajectory
- Goal Calculations: Calculate BMR (Basal Metabolic Rate), TDEE (Total Daily Energy Expenditure), and personalized macro recommendations using established scientific formulas
Scientific Calculations
Our health and fitness calculations are based on peer-reviewed scientific research, including:
- Mifflin-St Jeor equation for BMR (American Journal of Clinical Nutrition, 1990)
- World Health Organization guidelines for BMI classification
- CDC guidelines for healthy weight management
- ISSN position stands for macronutrient distribution
- ACSM guidelines and peer-reviewed research for training recommendations
You can view detailed citations and source links within the App by navigating to Profile > About > About Our Calculations.
2.2 Notifications
With your permission, we send push notifications for:
- Fasting schedule reminders (1 hour before start time)
- Scheduled fast start notifications
- Fast completion notifications
- Pre-completion countdown (1 hour before end)
- Weight goal reminders (daily, weekly, biweekly, or monthly)
- Workout rest timer alerts
You can disable notifications in your device settings at any time.
2.3 Account Management
We use your email address to:
- Verify your account with a 6-digit verification code (expires after 10 minutes)
- Send password reset codes when requested (expires after 10 minutes)
- Communicate important account or service updates
2.4 Subscription Management
We use RevenueCat to manage your subscription status and unlock premium features. See Section 3.5 for details.
2.5 Community Features
If you create custom foods and mark them as "public," other users can view and use these foods. Your name is not displayed, but the food is marked as community-contributed.
3. Third-Party Services
Summary
We partner with trusted third-party services to provide essential features like food database search, AI label scanning, push notifications, email delivery, and subscription management. Each service receives only the minimal data necessary for its specific function.
3.1 FatSecret API (Food Database)
FatSecret Platform API
Purpose: Provides access to a comprehensive food database with 200,000+ foods and barcode scanning capabilities.
Data Sent:
- Your food search queries (e.g., "chicken breast")
- Barcode numbers when you scan products (UPC/EAN codes)
- Your region preference (optional, for localized results)
Data NOT Sent: Your name, email, user ID, or any personal information
Privacy Policy: https://www.fatsecret.com/Default.aspx?pa=privacy
3.2 OpenAI GPT-4 (AI Features)
OpenAI GPT-4 Vision API (Label Scanning)
Purpose: Extracts nutritional information from photos of nutrition labels using advanced AI.
Data Sent:
- Base64-encoded images of nutrition labels (captured via your camera)
- Images are resized to a maximum of 2048x2048 pixels before transmission
Data NOT Sent: Your name, email, user ID, or any personal information. Only the nutrition label photo is sent.
OpenAI GPT-4 API (Food Description)
Purpose: Estimates nutritional information from natural language food descriptions (e.g., "large pepperoni pizza from Domino's").
Data Sent:
- Your food description text (e.g., "chicken burrito bowl with extra guac")
- Your timezone (to provide region-appropriate portion size estimates)
Data NOT Sent: Your name, email, user ID, or any personal information. Only the food description and timezone are sent.
These AI features are only available to EatFastTrain Pro subscribers.
3.3 Apple Push Notification Service (APNs)
Apple Push Notification Service
Purpose: Delivers push notifications for fasting reminders, workout alerts, and weight goal reminders.
Data Sent:
- APNs device token (Apple-provided identifier for your device)
- Notification content (e.g., "Your 16-hour fast is about to begin")
- Notification type and timing information
Data NOT Sent: Your personal health data, nutrition logs, or workout details (notifications contain only high-level reminders)
Privacy Policy: https://www.apple.com/legal/privacy/
3.4 SMTP2GO (Email Delivery)
SMTP2GO Email Service
Purpose: Delivers email verification codes and password reset codes.
Data Sent:
- Your email address (recipient)
- Your name (for email personalization)
- 6-digit verification or password reset codes
Emails Sent:
- Email verification: "Verify your EatFastTrain account - Code: XXXXXX"
- Password reset: "Reset your EatFastTrain password - Code: XXXXXX"
Privacy Policy: https://www.smtp2go.com/privacy/
3.5 RevenueCat (Subscription Management)
RevenueCat Subscription Platform
Purpose: Manages in-app purchases, subscription status, and unlocks EatFastTrain Pro features.
Data Sent:
- Your user ID (UUID from our database)
- Apple transaction receipts and subscription status
- Device information (iOS version, app version)
Features Unlocked:
- AI Label Scanning
- AI Food Description
- Exercise Goals (progressive overload)
- Fasting Schedules
- Fasting Stats & Badges
- Workout Stats & Personal Records
- Exercise Stats (during workouts)
- Weight Tracking
- Weight Goal Reminders
Privacy Policy: https://www.revenuecat.com/privacy
3.6 Facebook SDK (Advertising Attribution)
Meta (Facebook) SDK
Purpose: Measures the effectiveness of our advertising campaigns by tracking app installs from Facebook/Instagram ads.
Data Sent:
- Advertising Identifier (IDFA) - only with your permission via Apple's App Tracking Transparency prompt
- App install events (that you installed the app)
- Device information (device model, iOS version)
Data NOT Sent: Your name, email, health data, fitness data, or any personal information from within the app
Your Control: You can deny tracking permission when the app asks. If denied, Facebook cannot link your app install to their advertising data.
Privacy Policy: https://www.facebook.com/privacy/policy/
3.7 Bugsnag (Error Monitoring)
Bugsnag Error Monitoring
Purpose: Monitors app stability, captures crash reports, and helps us identify and fix bugs quickly.
Data Sent:
- Crash reports and error stack traces
- Device information (device model, iOS version, app version)
- Your user ID (to help us assist you if you report an issue)
- App performance metrics (launch time, memory usage)
Data NOT Sent: Your health data, fitness data, nutrition logs, or any personal content
Privacy Policy: https://www.bugsnag.com/privacy-policy
Third-Party Service Note:
We carefully select third-party services that prioritize privacy and security. However, we cannot control their data practices. We encourage you to review their privacy policies using the links provided above.
4. Data Sharing & Sale
Summary
We do NOT sell, rent, or trade your personal information. Ever. Your health and fitness data is yours. We only share minimal technical data with the third-party services described above, and only to provide essential app features.
4.1 What We Don't Do
- No Selling: We never sell your personal data to advertisers, data brokers, or marketers
- No In-App Ads: We don't display advertisements within the app
- No Cross-App Tracking of Your Content: Your health, fitness, and nutrition data is never shared with advertising networks
4.2 Advertising Attribution (With Your Permission)
If you grant tracking permission via Apple's App Tracking Transparency prompt:
- Facebook SDK receives your advertising identifier (IDFA) to measure which ads led to app installs
- This helps us understand which advertising campaigns are effective
- Your in-app data (health, fitness, nutrition) is never shared with Facebook
You can deny this permission when prompted, and the app works fully without it.
4.3 When We Share Data
We only share limited data with third-party services as described in Section 3, and only for these purposes:
- FatSecret: Food search queries and barcode numbers (no personal info)
- OpenAI: Nutrition label photos and food description text (no personal info)
- Apple APNs: Device token and notification content
- SMTP2GO: Email address, name, and verification codes
- RevenueCat: User ID and subscription status
- Facebook SDK: Advertising identifier (IDFA) and app install events (with your permission)
- Bugsnag: Crash reports, device info, and user ID for debugging
4.4 Community Foods
If you create a custom food and mark it as "public," other EatFastTrain users can view and add this food to their diaries. Public foods include:
- Food name and brand
- Serving sizes and nutritional information
Not Shared: Your name, email, or user ID. Public foods are anonymous contributions to the community.
4.5 Legal Requirements
We may disclose your information if required by law, such as:
- In response to a valid court order, subpoena, or government request
- To protect the rights, property, or safety of EatFastTrain, our users, or others
- To enforce our Terms of Service or investigate potential violations
- In connection with a merger, acquisition, or sale of assets (with advance notice to affected users)
5. Data Security
Summary
We implement industry-standard security measures to protect your data, including encrypted connections, secure password hashing, encrypted database storage, and iOS Keychain for sensitive tokens. While no system is 100% secure, we continuously update our security practices to protect your information.
5.1 Password Security
BCrypt Password Hashing
Your password is never stored in plain text. We use BCrypt, a industry-standard cryptographic hashing algorithm, to securely hash your password. Even our team cannot see your actual password.
Password Requirements:
- Minimum 8 characters
- At least 1 uppercase letter (A-Z)
- At least 1 lowercase letter (a-z)
- At least 1 number (0-9)
- At least 1 special character (!@#$%^&*(),.?":{}|<>)
5.2 Network Security
HTTPS/TLS Encryption: All data transmitted between your device and our servers is encrypted using HTTPS (TLS 1.2+). This prevents eavesdropping and man-in-the-middle attacks.
SSL Enforcement: Our production servers only accept encrypted connections. Non-HTTPS requests are automatically rejected.
5.3 Database Security
AWS RDS PostgreSQL with Encryption
- Encryption at Rest: All database data is encrypted using AWS KMS (Key Management Service)
- Automated Backups: Daily backups with 7-day retention, also encrypted
- Access Controls: Database access restricted to our application servers only
- Security Groups: Network-level firewall rules limit connections to authorized sources
- SSL Connections: All database connections use SSL/TLS encryption
5.4 Authentication Security
JWT (JSON Web Tokens): After logging in, you receive a JWT token that authenticates your requests. This token:
- Is cryptographically signed to prevent tampering
- Is stored securely in your device's iOS Keychain (not in plain text storage)
- Is transmitted in the Authorization header (not in URLs)
- Is validated on every API request
5.5 iOS App Security
Keychain Storage: Sensitive data like your authentication token and user ID are stored in the iOS Keychain, which provides hardware-backed encryption on supported devices.
No Plain-Text Storage: We never store sensitive data in UserDefaults or other unencrypted local storage.
5.6 Infrastructure Security
- AWS EC2: Our servers run on Amazon Web Services with regular security updates
- Docker Containerization: Application runs in isolated containers
- Environment Variables: API keys and secrets stored in encrypted environment variables (never in code)
- Limited Access: Only authorized team members have server access, with audit logging enabled
Security Disclaimer
While we implement industry-standard security measures, no method of transmission or storage is 100% secure. We cannot guarantee absolute security, but we continuously monitor and improve our security practices to protect your data.
6. Data Retention & Deletion
Summary
We keep your data as long as your account is active. You can delete individual entries anytime through the app. If you delete your account, all associated data is permanently deleted from our servers.
6.1 How Long We Keep Your Data
Active Accounts: Your data is stored indefinitely while your account is active, allowing you to access your full history.
Temporary Codes: Email verification codes and password reset codes expire after 10 minutes and are automatically cleared from our database after use.
Push Notifications: Scheduled push notification records are kept for tracking purposes. Cancelled notifications are deleted immediately.
6.2 Deleting Individual Data
You can delete specific data directly in the app:
- Diary Entries: Swipe to delete individual food entries
- Meals: Delete custom meals (must have at least 1 meal)
- Fasting Sessions: Delete individual fasting history entries
- Fasting Schedules: Delete or deactivate recurring schedules
- Workout Sessions: Delete individual workout history entries
- Workout Templates: Delete saved workout templates
- Weight Entries: Delete individual weight entries (except the last entry)
- Custom Foods: Delete custom foods you've created (private foods only)
- Recipes: Delete recipes you've created
6.3 Account Deletion
You can delete your account and all associated data directly in the app by going to Profile > Delete Account. You will be asked to confirm your password before deletion proceeds.
Alternatively, you can contact us at admin@eatfasttrain.com with your request.
What Gets Deleted:
- Your account information (name, email, password)
- All profile data (height, weight, date of birth, etc.)
- All nutrition tracking data (diary entries, meals, custom foods, recipes)
- All fasting data (sessions, schedules, protocols)
- All workout data (sessions, templates, exercises, sets)
- All weight tracking data (entries and goals)
- All macro goals
- All push notification records
- Your APNs device token
What Remains:
- Public Custom Foods: Foods you marked as "public" remain in the community database (without your name or email)
- Subscription Records: RevenueCat maintains subscription transaction history as required by Apple for financial compliance
Deletion Timeline: In-app account deletion is immediate. Email requests are processed within 30 days. Deletion is permanent and cannot be undone.
6.4 Inactive Account Policy
We do not currently delete accounts due to inactivity. Your data remains accessible regardless of how long you've been away from the app.
7. Your Rights & Controls
Summary
You have complete control over your data. You can view, edit, and delete your information at any time through the app or by contacting us. You also have the right to request a copy of your data or permanently delete your account.
7.1 Access Your Data
You can view all your data directly in the app:
- Profile Tab: View and edit your account information, profile details, and subscription status
- Eat Tab: View all diary entries, meals, custom foods, recipes, and nutrition goals
- Fast Tab: View all fasting history, schedules, protocols, and stats
- Train Tab: View all workout sessions, templates, exercises, and stats
- Weight Tracking: View all weight entries, goals, and trends
7.2 Modify Your Data
You can edit your data anytime:
- Profile Information: Update name, email, password, height, weight, date of birth, gender, activity level, and unit preferences
- Diary Entries: Edit food names, brands, servings, and nutritional values
- Meals: Rename meals and change meal order
- Fasting Schedules: Modify schedule times, days, and active status
- Workout Templates: Edit exercises, sets, rest intervals, and progressive overload goals
- Custom Foods & Recipes: Update nutrition information, servings, and ingredients
7.3 Delete Your Data
As described in Section 6.2, you can delete individual entries directly in the app by swiping on items or using delete buttons.
7.4 Export Your Data
To request a copy of all your data in a portable format (JSON), please contact us at admin@eatfasttrain.com. We will provide your data export within 30 days.
What's Included in Exports:
- Account and profile information
- All nutrition tracking data
- All fasting history and schedules
- All workout sessions and templates
- All weight tracking data and goals
7.5 Disable Notifications
You can control push notifications at multiple levels:
- Device Settings: Disable all notifications in iOS Settings > EatFastTrain > Notifications
- Fasting Schedules: Deactivate specific schedules to stop related notifications
- Weight Goal Reminders: Toggle reminder settings or delete weight goals
7.6 Manage Subscription
To manage your EatFastTrain Pro subscription:
- View Status: Profile Tab > Subscription card shows current status
- Upgrade: Tap "Upgrade to Pro" to view subscription options
- Manage/Cancel: iOS Settings > [Your Name] > Subscriptions > EatFastTrain
- Restore Purchases: Profile Tab > Restore Purchases button
7.7 Privacy Rights by Region
European Union (GDPR):
- Right to access your data
- Right to rectification (correction)
- Right to erasure ("right to be forgotten")
- Right to data portability (request export)
- Right to restrict processing
- Right to object to processing
California (CCPA):
- Right to know what personal information is collected
- Right to delete personal information
- Right to opt-out of sale of personal information (we don't sell data)
- Right to non-discrimination for exercising your rights
To exercise any of these rights, contact us at admin@eatfasttrain.com.
8. Children's Privacy
Summary
EatFastTrain is intended for users aged 17 and older. We do not knowingly collect personal information from children under 17. If you are under 17, please do not use this app or provide any personal information.
8.1 Age Requirement
Age Restriction: 17 Years or Older
You must be at least 17 years old to create an EatFastTrain account and use this app. By using the app, you affirm that you are 17 years of age or older.
8.2 Age Compliance
EatFastTrain requires users to be at least 17 years old. We do not knowingly collect, use, or disclose personal information from individuals under 17 years of age.
8.3 Parental Notification
If we become aware that we have collected personal information from an individual under 17 without proper verification, we will take steps to delete that information as quickly as possible.
If you are a parent or guardian and believe your child under 17 has provided us with personal information, please contact us immediately at admin@eatfasttrain.com and we will delete the account and all associated data.
9. International Users
Summary
EatFastTrain is operated from the United States. If you are located outside the US, your information will be transferred to and processed in the United States, where data protection laws may differ from your country.
9.1 Data Processing Location
Primary Location: Our servers are located in the United States (AWS US-East region).
Data Transfers: If you use EatFastTrain from outside the United States, your information will be transferred to, stored, and processed in the United States.
9.2 Third-Party Services
Some of our third-party services may process data in different locations:
- FatSecret: Based in Australia, processes data globally
- OpenAI: Based in the United States
- Apple APNs: Processes data globally according to Apple's infrastructure
- RevenueCat: Based in the United States
- SMTP2GO: Processes email globally through their delivery network
9.3 GDPR Compliance (EU Users)
If you are located in the European Union, you have additional rights under the General Data Protection Regulation (GDPR):
- We process your data based on your consent (creating an account and using the app)
- You have the right to withdraw consent at any time by deleting your account
- You have the rights described in Section 7.7
- You have the right to lodge a complaint with your local data protection authority
9.4 Data Transfer Safeguards
We ensure adequate protection for international data transfers through:
- Contractual agreements with third-party services that include data protection clauses
- Technical security measures (encryption, secure protocols)
- Compliance with applicable data protection laws
10. Changes to This Privacy Policy
Summary
We may update this Privacy Policy from time to time to reflect changes in our practices or for legal reasons. We will notify you of significant changes and update the "Last Updated" date at the top of this policy.
10.1 How We Notify You
If we make significant changes to this Privacy Policy, we will notify you by:
- Posting a prominent notice in the app
- Sending an email to your registered email address
- Requiring you to review and accept the updated policy before continuing to use the app (for material changes)
10.2 Minor Changes
For minor changes (such as clarifications, typo corrections, or formatting updates), we will simply update the "Last Updated" date at the top of this policy.
10.3 Your Acceptance
By continuing to use EatFastTrain after we post changes to this Privacy Policy, you accept the updated policy. If you do not agree with the changes, you should stop using the app and contact us to delete your account.
10.4 Viewing Previous Versions
If you would like to review a previous version of this Privacy Policy, please contact us at admin@eatfasttrain.com.
11. Contact Us
Summary
Have questions about this Privacy Policy or how we handle your data? We're here to help. Contact us anytime and we'll respond within 30 days.
11.1 Privacy Inquiries
For questions, concerns, or requests related to this Privacy Policy or your personal data, please contact us:
Email: admin@eatfasttrain.com
Subject Line: "Privacy Policy Inquiry" (for faster routing)
Response Time: We will respond to all privacy inquiries within 30 days.
11.2 Data Rights Requests
To exercise your data rights (access, export, deletion), please email admin@eatfasttrain.com with:
- Your request type (access, export, or delete account)
- Your registered email address
- A brief description of your request
We may ask for additional verification to confirm your identity before processing your request.
11.3 Security Issues
If you discover a security vulnerability or have concerns about the security of your data, please contact us immediately at admin@eatfasttrain.com with "SECURITY" in the subject line.
11.4 General Support
For general app support, feature requests, or bug reports (not privacy-related), please also email admin@eatfasttrain.com.
Thank You for Trusting EatFastTrain
Your health and fitness journey is personal, and we take our responsibility to protect your data seriously. We are committed to transparency, security, and giving you control over your information.
If you have any questions or feedback about our privacy practices, please don't hesitate to reach out. We're here to help you achieve your fitness goals while keeping your data safe.
EatFastTrain Complete Fitness
Privacy Policy - Last Updated: December 14, 2025
admin@eatfasttrain.com