Privacy Policy

Last Updated: February 7th, 2026

Milo ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application Milo (the "App").

1. Information We Collect

1.1 Information You Provide

When you use Milo, you may provide us with:

• Account Information: Email address (optional, for account creation and sync)
• Profile Information: Name, age, biological sex, height, weight, fitness goals
• Fitness Data: Workout history, exercise logs, sets, reps, weights lifted, personal records
• Body Measurements: Weight, body measurements (optional)
• Nutrition Data: Food logs, calorie tracking data, meal photos
• Progress Photos: Photos you choose to take within the app (stored locally by default)
• Health Information: Injuries, physical limitations

1.2 Information Collected Automatically

• Device Information: Device type, operating system version, unique device identifiers
• Usage Data: App interactions, features used, session duration
• Analytics Data: Crash reports, performance data

1.3 Information from Third Parties

• Apple Health: With your permission, we may read weight data and write workout data to Apple Health
• Authentication Providers: If you sign in with Google or Apple, we receive basic profile information

2. How We Use Your Information

We use your information to:

• Generate personalized workout plans based on your goals and preferences
• Track your fitness progress and calculate statistics
• Provide AI-powered features like calorie estimation from food photos
• Sync your data across devices when you create an account
• Send workout reminders and motivational messages (with your permission)
• Improve our app and develop new features
• Provide customer support
• Process subscription payments (via Apple)

3. Data Storage and Security

3.1 Local Storage

Most of your data is stored locally on your device using Apple's SwiftData framework. This includes:

• Workout history and exercise logs
• Progress photos (never uploaded without explicit action)
• Personal records and measurements

3.2 Cloud Storage

If you create an account, the following data may be synced to our secure cloud servers (Supabase):

• Account information
• Workout history (for cross-device sync)
• Plan preferences

3.3 Security Measures

We implement industry-standard security measures including:

• Encryption in transit (TLS/SSL)
• Encryption at rest for sensitive data
• Secure authentication protocols
• Regular security audits

4. Data Sharing

We do not sell your personal information. We may share data with:

• Service Providers: Third-party services that help us operate the app (Supabase for backend, RevenueCat for subscription analytics)
• Analytics: Aggregated, anonymized usage data for app improvement
• Legal Requirements: When required by law or to protect our rights

5. Third-Party Services

Our app uses the following third-party services:

• Supabase: Backend services and authentication
• RevenueCat: Subscription management and analytics
• Apple StoreKit: In-app purchases
• Apple Health: Health data integration (optional)

Each of these services has their own privacy policy governing the data they collect.

6. Your Rights and Choices

6.1 Access and Export

You can export all your data at any time through Settings > Data & Privacy > Export my data.

6.2 Deletion

You can delete your account and all associated data through Settings > Data & Privacy > Delete account. This action is permanent and cannot be undone.

6.3 Notifications

You can control push notifications through your device settings or within the app.

6.4 Apple Health

You can revoke Apple Health access at any time through your device's Health app settings.

7. Children's Privacy

Milo is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If we discover that we have collected information from a child under 13, we will delete it immediately.

8. International Data Transfers

Your data may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place for such transfers in compliance with applicable data protection laws.

9. Data Retention

We retain your data for as long as your account is active or as needed to provide you services. If you delete your account, we will delete your personal data within 30 days, except where we are required to retain it for legal purposes.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy in the app and updating the "Last Updated" date.

11. GDPR Rights (European Users)

If you are located in the European Economic Area, you have additional rights including:

• Right to access your personal data
• Right to rectification of inaccurate data
• Right to erasure ("right to be forgotten")
• Right to restrict processing
• Right to data portability
• Right to object to processing

12. California Privacy Rights (CCPA)

California residents have the right to:

• Know what personal information is collected
• Know whether personal information is sold or disclosed
• Say no to the sale of personal information
• Access their personal information
• Request deletion of personal information
• Equal service and price, even after exercising privacy rights

Copyright 2026 Karol Jaworski. All rights reserved.