Privacy Policy

Last updated: November 9, 2025

At Ryse, we take your privacy very seriously. This privacy policy explains how we collect, use, store and protect your personal information when you use our Ryse mobile application ("the Application").

1. Information We Collect

1.1 Information You Provide

Account information: Name, email address, password (encrypted)
User profile: Age, gender, weight, height, health and fitness goals
Nutritional data: Foods consumed, recipes created, calorie intake, macronutrients
Physical activity data: Exercises performed, cardio sessions, weights lifted, repetitions
Photos: Meal images you scan with our AI scanner (temporarily stored for analysis)

1.2 Automatically Collected Information

Location data: When using cardio GPS tracking (only with your explicit consent)
Usage data: Features used, frequency of use, time spent in the app
Technical data: Device type, operating system, app version, unique device identifier
Analytics data: Via Firebase Analytics to improve user experience

1.3 Third-Party Information

Social login: If you log in via Google or Apple, we receive your name and email address
Food database: Nutritional information from OpenFoodFacts (public data)

2. How We Use Your Information

We use your personal information to:

Provide our services: Create and manage your account, personalize your experience
AI analysis: Use Google Gemini and Vision API to analyze your meal photos and calculate nutritional values
Progress tracking: Calculate your statistics, generate evolution charts, track your goals
Service improvement: Analyze app usage to fix bugs and add new features
Communication: Send you important notifications about the service (no unsolicited marketing)
Security: Detect and prevent fraud, abuse or illegal activities
Legal compliance: Comply with our legal and regulatory obligations

3. Legal Basis for Processing (GDPR)

If you are in the European Union, we process your data on the following legal bases:

Contract performance: To provide the services you requested
Consent: For AI processing of your photos, GPS location, notifications
Legitimate interest: To improve our services, ensure security, analyze usage
Legal obligation: To comply with applicable laws

4. Sharing Your Information

4.1 We NEVER Sell Your Personal Data

4.2 Sharing with Trusted Third Parties

Supabase: Secure database hosting (SOC 2 certified cloud infrastructure)
Google Cloud:
- Gemini AI for nutritional photo analysis
- Vision API for image and barcode recognition
- Firebase Analytics for anonymized usage statistics
OpenFoodFacts: Food product search (public data, no personal information shared)

4.3 Legal Obligations

We may disclose your information if required by law or in response to valid legal requests from authorities.

5. Data Storage and Security

5.1 Where Your Data is Stored

Database: Supabase (servers hosted in the European Union)
Meal photos: Temporary Google Cloud storage (deleted after AI analysis)
Local data: Cache on your device for offline functionality

5.2 Security Measures

Encryption: All data in transit is encrypted via HTTPS/TLS
Passwords: Hashed with bcrypt (never stored in plain text)
Restricted access: Only authorized personnel can access data
Monitoring: Continuous monitoring to detect suspicious activities
Backups: Regular encrypted backups to prevent data loss

5.3 Retention Period

Active account: Your data is retained as long as your account is active
Account deletion: All your data is deleted within 30 days of your request
Meal photos: Deleted immediately after AI analysis (not retained)
Analytics logs: Anonymized and retained for a maximum of 90 days

6. Your Rights (GDPR)

As a European user, you have the following rights:

Right of access: Request a copy of all your personal data
Right to rectification: Correct inaccurate or incomplete data
Right to erasure: Delete your account and all your data
Right to data portability: Receive your data in a structured format (JSON/CSV)
Right to object: Refuse certain data processing
Right to restriction: Restrict the processing of your data
Withdrawal of consent: Withdraw your consent at any time (e.g., disable GPS location)

To exercise your rights, contact us at: privacy@coach-ryze.com

7. Cookies and Similar Technologies

The Ryse mobile application does NOT use web cookies. However, we use:

Local storage: For offline cache and user preferences
Device identifiers: For Firebase Analytics (anonymized)
Authentication tokens: To secure your session (stored locally)

8. Minor Users

Ryse is intended for people 13 years and older. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with data, please contact us immediately at support@coach-ryze.com so we can delete this information.

9. International Data Transfers

Your data may be transferred to servers located outside your country of residence, including:

Google Cloud (USA) for AI analysis - Protected by EU standard contractual clauses
Supabase (EU) for database - GDPR compliant

All transfers are secured in accordance with GDPR regulations.

10. Changes to This Policy

We may update this privacy policy periodically. We will notify you of any significant changes via:

An in-app notification
An email to your registered address
Update of the "Last updated" date at the top of this page

Your continued use of the application after changes constitutes your acceptance of the revised policy.

11. Contact

For any questions regarding this privacy policy or your personal data, contact us:

12. Data Protection Officer (DPO)

If you have concerns about how we process your data, you can contact our DPO:

DPO Email: dpo@coach-ryze.com

You also have the right to lodge a complaint with your country's data protection authority (CNIL in France).

This privacy policy was last updated on November 9, 2025.
Version 1.0 | Terms of Service | Support