Legal

FastZone Privacy Policy

Effective date: [[EFFECTIVE_DATE]]

This Privacy Policy explains what information FastZone collects, why we collect it, how we use and protect it, who we share it with, and the choices and rights you have. Please read it together with our Terms of Service and our End User License Agreement.

We have written this policy to be plain and honest. FastZone is a calm, premium fasting and weight-routine companion. It is informational and behavioral; it is not a medical product, it makes no health claims, and it never uses medical language. For general information, not medical advice. Talk to a qualified health professional if you have concerns.

This policy is available in our app stores and inside the FastZone app, so you can read it before and after you install.

1. Who we are

[[LEGAL_ENTITY]] ("we", "us", "our"), the operator of the FastZone app, is the controller of the personal information described in this policy. [[LEGAL_ENTITY]] is established in [[ESTABLISHMENT_JURISDICTION]], and you can reach us at the contacts below.

Privacy contact: [[PRIVACY_EMAIL]]
General support: [[SUPPORT_EMAIL]]
Postal address: [[LEGAL_ENTITY_ADDRESS]]

Data-protection representatives. Because we process the personal information of people in the European Economic Area (EEA) and the United Kingdom (UK) from outside those territories, we have appointed representatives under Article 27 of the EU GDPR and Article 27 of the UK GDPR:

EU/EEA representative: [[EU_REP]]
UK representative: [[UK_REP]]

See Section 16 ("International data transfers") and Section 17 ("Your rights").

2. A note on guests vs. permanent accounts

FastZone is designed so you can use the core experience with as little personal information as possible.

Guest (anonymous) users. When you first open the app you are a guest. A guest account is identified only by a random, system-generated identifier (a UUID). A guest account has no name, no email, and no other directly identifying personal information unless you choose to add it.
Permanent accounts. If you choose to upgrade your guest account to a permanent account — by signing in with email, Apple, or Google — your account becomes tied to an email address (and, optionally, a display name). When you upgrade, we link the new sign-in credential to your existing account identifier (the same underlying UUID), so your existing guest data carries over and nothing is lost.

You stay in control: you can use FastZone as a guest, and you only provide identifying information if and when you upgrade.

3. What we collect, and why (data-collection table)

The table below lists every category of personal information FastZone may process. We collect only what is described here. The "Legal basis" column refers to the EU/UK GDPR; see Section 4 for how those bases apply, Section 13 for how long we keep each category, and Section 17 for your rights.

Some information does not come directly from you. Where the "Source" column names Apple, Google, or RevenueCat, that information is received from those third parties (for example, the name or email you choose to share through Apple or Google sign-in, and your purchase status from the app stores). We disclose those sources here in line with Article 14 of the GDPR.

Data type	Examples	Source	Purpose	Legal basis (GDPR/UK GDPR)
Account identifier	A random user UUID (guests and permanent accounts)	Created automatically on first use	Operate your account; secure your private data	Contract (Art. 6(1)(b))
Account contact info	Email address (only if you upgrade to a permanent account); optional display name; name/email shared by Apple or Google if you choose those sign-in options	You; Apple/Google sign-in (your choice)	Create and authenticate your permanent account; account recovery	Contract (Art. 6(1)(b)); legal obligation for billing/tax records where applicable (Art. 6(1)(c))
Fasting sessions	Start time, end time, duration, selected plan, status (active/completed/cancelled), manual vs. timer source	You / the app	Provide the timer, history, streaks, and progress patterns; sync across your devices	Contract (Art. 6(1)(b))
Routine check-ins	Mood (1–5), energy (0–100), hunger (0–100), and an optional free-text note	You	Let you record and review your own routine over time	Contract (Art. 6(1)(b)); separate explicit consent for any health-revealing content (Art. 9(2)(a)) — see Section 8
Weight logs	Weight values (stored internally in grams)	You; or HealthKit/Health Connect if you enable it	Weight tracking and your private trend view	Separate explicit consent (Art. 9(2)(a)) plus contract (Art. 6(1)(b)) — see Section 8
Health & fitness data (optional)	Body mass/weight (free); active energy, steps, sleep (premium) — read-only, only the categories you turn on	HealthKit (iOS) / Health Connect (Android), with your per-category permission	Show the metrics you enabled inside the app; compute your private insights	Separate explicit consent (Art. 9(2)(a)) — see Section 8
Reminder preferences	Which reminders are on, the local time, and days of week	You	Store and schedule the reminders you set up	Contract (Art. 6(1)(b))
Engagement / weekly-insight push	Sending the premium weekly-insight notification and other non-transactional engagement notifications you opt into	You (opt-in)	Send the optional notifications you choose to receive	Consent (Art. 6(1)(a))
Custom fasting plans (premium)	Plan label, fast length, eat length	You	Provide your saved custom plans	Contract (Art. 6(1)(b))
Computed insights	Rules-based results such as completion rates by time window, streaks, and weekly trend	Calculated from your own data	Show you your patterns	Contract (Art. 6(1)(b))
Earned badges	Badge keys and earned dates	Derived from your sessions/streaks	Recognize your progress	Contract (Art. 6(1)(b))
Device & push identifiers	Expo push token, platform (iOS/Android), and an optional device session id — only if you enable push notifications	Your device, when you opt in	Route notifications to your device	Consent (Art. 6(1)(a)) for notifications; contract (Art. 6(1)(b)) to deliver them. For the on-device notification mechanism we also rely on your consent under the ePrivacy Directive (Art. 5(3)) / UK PECR (reg. 6) — see Section 4
Subscription & purchase status	Whether you are on the free or premium tier, plan, renewal/expiry, and store purchase tokens; your user UUID is sent to RevenueCat as the app user id	Apple/Google billing via RevenueCat	Manage your entitlement; restore purchases; keep a billing audit record	Contract (Art. 6(1)(b)); legal obligation for financial records (Art. 6(1)(c))
Behavioral analytics (not active in this build — see Section 7)	Screen views and feature-interaction events tied to a pseudonymous id	The app, only if/when enabled and you consent	Understand which features are used, to improve the app — not active in the current version	Consent (Art. 6(1)(a)), plus consent under the ePrivacy Directive (Art. 5(3)) / UK PECR (reg. 6) for the on-device analytics mechanism — see Section 4 and Section 7
Crash/diagnostic data (not active in this build — see Section 7)	Sanitized crash and diagnostic information	The app, only if/when enabled	Diagnose and fix problems — not active in the current version	Consent (Art. 6(1)(a)) and ePrivacy Directive (Art. 5(3)) / UK PECR (reg. 6) for the on-device component where required; legitimate interests (Art. 6(1)(f)) for server-side processing of already-sanitized crash data — see Section 7
Server log data	IP address in standard server request logs	Automatically, when the app contacts our backend	Security, abuse prevention, and operating the service	Legitimate interests (Art. 6(1)(f))

No payment-card data ever touches our servers. Apple and Google process payment. See Section 9 and Section 11.

Is providing this information required? Using FastZone as a guest requires only the automatically generated account identifier. Providing an email is required only if you choose to create a permanent account; without it we cannot give you account recovery or sign-in across devices, but you can keep using the app as a guest. Health and fitness data, push notifications, and analytics are entirely optional — if you do not enable them, those features simply will not run, and the rest of the app continues to work. There is no statutory requirement to provide any of this information; it is a condition of the specific features you choose to use.

4. How we use your information

We use the information above to:

Run the app you asked for — the fasting timer (which also works fully offline), your history, streaks, weight tracking, plans, reminders, and your private insights.
Keep your data in sync across your devices, tied to your account.
Authenticate you and recover your account if you upgrade to a permanent account.
Manage your subscription and entitlement through the app stores and RevenueCat, and to let you restore purchases.
Send the notifications you turn on, such as fast-start, fast-complete, and the premium weekly-insight push.
Generate insights about your own routine using deterministic, rules-based calculations (see Section 5).
Keep the service secure, prevent abuse, debug problems, and meet our legal and accounting obligations.

Two separate, cumulative legal layers for on-device tracking technologies. Any feature that stores or reads information on your device beyond what is strictly necessary to run the app — namely behavioral analytics and crash/diagnostics — requires your prior consent under the ePrivacy Directive (Article 5(3)) and, in the UK, the Privacy and Electronic Communications Regulations (regulation 6), in addition to a GDPR legal basis. These tools will not initialize or send anything until you opt in where consent is required, and you can withdraw consent at any time (see Section 7).

We do not use your health, weight, check-in, note, mood, energy, or hunger data to build advertising profiles. We do not use solely automated processing, including profiling, to make decisions that produce legal effects concerning you or that similarly significantly affect you (Article 22 of the GDPR). Our insights are simple rules-based calculations shown only to you; they do not make decisions about you.

5. AI transparency

FastZone v1 uses no artificial intelligence and no large language models anywhere. Our "insights" are deterministic, rules-based calculations performed over your own fasting history — for example, completion rates by time window, streak counts, and your weekly trend. They are simple, predictable computations, not AI, not machine learning, and not a "smart" or "intelligent" coach.

We say this plainly because describing a non-AI product as AI-powered would itself be misleading. If we ever add genuinely AI-powered features in the future, we will:

disclose that clearly and conspicuously before you use them, and explain what the feature does;
label AI-generated content as such and not present it as human-authored;
not use AI to make decisions with legal or similarly significant effects about you without telling you, and not overstate what any feature can do;
update this policy and obtain any new consent the law requires before any such feature processes your personal information.

6. Insights are about you, and stay private

Your insights are computed from your own data and are visible only to you in your own account. They are protected by the same row-level security and access controls as the rest of your private data (see Section 14). Your check-in notes and all of your content are strictly private to your own account; FastZone has no social feed, no sharing, no community, and no way for other users to see your content. If we ever add features that let you share content, that content would be governed by the user-content license, takedown, and repeat-infringer provisions in our Terms of Service.

7. Analytics and crash reporting

We want to be precise here, because it matters.

Behavioral analytics (PostHog) is not active in the current build. The analytics SDK is not present in the shipping app and no analytics events are sent; we intend to enable behavioral product analytics in a future release. When enabled, it will collect only behavioral events — screen views and feature-interaction events — tied to a pseudonymous identifier. Where the law requires consent for analytics (for example in the EEA and UK), the analytics tool will not initialize or send any event until you opt in, and you will be able to withdraw consent as easily as you gave it. We record your analytics consent choice and keep that consent record for as long as the analytics processing continues and for a reasonable period afterward to demonstrate compliance.
Analytics never receives health data. Weight, check-in content, notes, mood, energy, hunger, and any value derived from HealthKit or Health Connect are never sent to analytics. This is a strict, built-in rule of the app.
Crash and diagnostics (Sentry) is similarly not active in the current build (planned). The crash-reporting SDK is not present in the shipping app. If enabled in a future release, it would receive only sanitized diagnostic and crash information to help us fix problems — never health data. In the EEA and UK the on-device crash/diagnostics component is consent-gated in the same way as analytics and will not initialize before you opt in where consent is required; we rely on legitimate interests only for server-side handling of already-sanitized crash data that falls outside the consent-required scope.

8. Health and fitness data (HealthKit and Health Connect)

Health and fitness data receives special protection. Under the GDPR and UK GDPR it is "special category" data, and we process it only on the basis of your separate, dedicated, explicit consent (Article 9(2)(a)).

Separate, affirmative, explicit consent. Consent to process your health and fitness data, your weight logs, and any health-revealing check-in content is collected as a separate, affirmative opt-in — it is not bundled into your acceptance of these documents and is never pre-ticked. You can withdraw this consent at any time, as easily as you gave it, and withdrawal stops further processing for the future. We keep a record of your health-data consent for as long as we process that data and for a reasonable period afterward to demonstrate compliance.
Optional and read-only. We never request health permissions on launch. You enable access per category in Settings, and access is read-only.
What we may read, only if you enable it. Body mass/weight (free tier); and, on the premium tier, active energy, steps, and sleep. We read only the categories you explicitly turn on. (These are the exact categories declared in our HealthKit and Health Connect entitlements and in our app-store privacy labels.)
Where it lives. Health and fitness data you enable is stored only in your own private, access-controlled rows in our database, protected by row-level security so only your authenticated account can read it. If you choose email delivery of your data export, your export (which may include health and weight data) is transmitted to you — and only to you, at your account's email address — through our email provider (Resend); see Sections 9 and 17.3.
Never to analytics or ads. Health and fitness data is never sent to analytics, is never used for advertising, and is never sold or shared with any third party for advertising, marketing, or use-based data mining.
You stay in control. You can change or revoke health permissions at any time in your device's Health/Health Connect settings or in FastZone's settings; revoking stops further reads.

We follow Apple's and Google's health-data rules. On Android, before any Health Connect read we show an in-context disclosure and ask for your affirmative consent.

9. Third-party service providers (processors)

We use a small set of trusted service providers to operate FastZone. They act as our processors and are permitted to use your information only to provide their service to us. We do not sell your personal information and we do not share it for cross-context behavioral advertising.

Provider	Role
Supabase	Backend database, authentication, and server (edge) functions
RevenueCat	Subscription entitlement management; receives your user UUID as the app user id and your store purchase status/tokens
Apple & Google	Sign-in, in-app payment processing, and the operating-system health-permission layer
Expo Push	Routing notifications to Apple APNs and Google FCM (only if you enable push)
Resend	Sending you your own data export by email — only if you choose email delivery; the export may include your weight and health-related data and is sent only to your own account email
PostHog	Behavioral analytics (when enabled; never receives health data)
Sentry	Crash and diagnostics reporting (when enabled; receives only sanitized diagnostic data, never health data)

Several of these providers are located in, or process data in, the United States and other countries; see Section 16 for the transfer safeguards we rely on.

We do not disclose your personal information to third parties for their own direct-marketing purposes.

We do not sell your personal information, and we do not share it for cross-context behavioral advertising, as those terms are used under California law and similar laws. We do not use or disclose your sensitive personal information (which includes your health and fitness data) beyond the purposes the law permits for providing the service you requested. Because of this, we do not display a "Do Not Sell or Share My Personal Information" link or a "Limit the Use of My Sensitive Personal Information" link — instead we state our position affirmatively here.

We do not sell or share personal information, so there is no sale or share for an opt-out preference signal to stop. Should we ever sell or share personal information in the future, we will treat a recognized opt-out preference signal (such as Global Privacy Control) as a valid opt-out request and update this policy accordingly.

11. Payments

Subscriptions are billed by the Apple App Store or Google Play and charged to your store account. We never receive or store your card or other payment-card details. We receive your subscription and purchase status (and store purchase tokens) through RevenueCat so we can grant your premium entitlement and let you restore purchases. Refunds for store purchases are handled by Apple or Google under their policies, not by us. See our Terms of Service for full subscription, trial, renewal, and cancellation details, including that deleting your FastZone account does not cancel your store subscription — you must cancel separately in your Apple or Google subscription settings.

12. Push notifications and device tokens

If you enable notifications, we store an Expo push token, your platform (iOS or Android), and an optional device session id so we can deliver the notifications you asked for (such as fast-start, fast-complete, and the premium weekly-insight push). You can turn notifications off at any time in your device settings or in FastZone; when you do, we stop using your token to send them.

13. Data retention

We keep personal information only as long as we need it for the purposes described in this policy. The retention rules below apply to each category in the Section 3 table.

Your account data (sessions, check-ins, weight logs, reminders, custom plans, insights, badges, push tokens, and profile) is kept while your account is active, and is deleted when you delete your account (see below).
On account deletion, we run a hard delete that cascades and removes all of your user-owned data across the database.
One exception — retained billing records. Subscription and billing events (a mirror of store/RevenueCat activity) are retained as a financial audit record for accounting, tax, and chargeback/dispute purposes for as long as the law requires. When you delete your account, we remove the direct account link by nulling the user_id on these records. We retain only the store/processor purchase reference (the RevenueCat app user id) needed to trace the financial transaction; because that reference is derived from your original account identifier, the record is pseudonymized rather than fully anonymous. These retained records contain no health, weight, check-in, note, or other personal-routine content. This is the only user-associated billing data we keep after deletion.
Server logs are retained for up to 90 days for security and operations, then deleted or de-identified.
Behavioral analytics data, if and when analytics is enabled, is retained in pseudonymous form for no longer than 14 months and is then de-identified or deleted.
Consent records (for example, your health-data and analytics consent choices) are retained for as long as we carry out the related processing and for a reasonable period afterward (and at least as long as the law requires us to be able to demonstrate that consent) so we can show that consent was given.

You can delete your account, and all of your data subject to the one exception above, directly in the app at any time (see Section 17.3).

14. Security

We implement reasonable and appropriate technical and organizational measures to protect your information, including:

Row-level security (RLS): every user-owned record is keyed to your account, so your private data is readable only by your own authenticated account.
Encryption in transit: data is transmitted over encrypted (TLS) connections between the app and our backend.
Encryption at rest: data stored in our backend database is encrypted at rest by our infrastructure provider.
Access controls that limit server-side access to the small set of functions that need it.
Health data isolation: health, weight, and check-in data is kept out of analytics and advertising pipelines entirely.

No method of transmission or storage is perfectly secure, and these descriptions are not a warranty or guarantee of security. We work to protect your information and to keep these safeguards current. For warranty disclaimers and limitations of liability, see our Terms of Service.

15. Children's privacy

FastZone is intended for adults and is not directed to children. We do not knowingly collect personal information from children under 13 (in the United States) or under 16, or the applicable age of digital consent in your country, which in some countries may be as low as 13 (in the EU/UK and similar jurisdictions). The app's 4+ age rating reflects only that it contains no objectionable content; it does not mean the app targets children. If you believe a child has provided us personal information, contact us at [[PRIVACY_EMAIL]] and we will delete it.

16. International data transfers

We operate the service using providers that may process data in the United States and other countries. EU–UK transfers are covered by the mutual adequacy decisions in force between the EU and the UK, so personal information can move between the EEA and the UK without additional safeguards.

Where we transfer personal information out of the EEA or the UK to a country that has not been recognized as providing an adequate level of protection, we rely on appropriate safeguards, primarily the European Commission's Standard Contractual Clauses (SCCs) and, for UK transfers, the UK International Data Transfer Addendum / IDTA, together with additional measures where needed. Where a provider is certified under the EU-US Data Privacy Framework, we may also rely on that framework. The specific safeguard depends on where [[LEGAL_ENTITY]] and each provider are established and where your data is hosted; you can ask us which safeguard applies to a given transfer by contacting [[PRIVACY_EMAIL]].

If you choose email delivery of your data export, note that the export — which may include your health and weight data — is sent to your own email address through our email provider (Resend) and may be transmitted internationally on the same safeguards described here.

17. Your rights and choices

Depending on where you live, you have some or all of the rights below. We will not discriminate against you for exercising them.

Access — get a copy of the personal information we hold about you.
Rectification — correct inaccurate or incomplete information.
Erasure ("right to be forgotten") — have your information deleted, subject to limited exceptions where we must retain certain records (for example, pseudonymized financial/tax records) as permitted or required by law — see Section 13.
Restriction — limit how we process your information.
Portability — receive your data in a machine-readable format and have it ported.
Objection — object to processing based on our legitimate interests.
Withdraw consent — where we rely on consent (for example, health-data access, engagement notifications, or analytics), withdraw it at any time, as easily as you gave it; this does not affect processing already carried out.
Automated decision-making — not to be subject to a decision based solely on automated processing, including profiling, that produces legal or similarly significant effects. We do not carry out such automated decision-making (see Section 4).
Lodge a complaint — with a data-protection supervisory authority. UK users may complain to the Information Commissioner's Office (ICO). EEA users may complain to the supervisory authority in their own EU member state of residence or work.

We respond to requests without undue delay and within one month; we may extend by up to two further months for complex or numerous requests and will tell you within the first month if we do. Requests are normally free; we may charge a reasonable fee or decline only for requests that are manifestly unfounded or excessive.

17.2 California (CCPA/CPRA) rights

Categories collected, sources, purposes, and recipients. For a full description of the categories of personal information we collect, the sources we collect them from, the business and commercial purposes for collecting them, and the categories of third parties to whom we disclose them, see the data-collection table in Section 3, the uses in Section 4, and the service providers in Section 9. For how long we keep each category, see Section 13.

You have the following rights:

Right to know/access the categories and specific pieces of personal information we collect, the sources, the purposes, and the categories of third parties we disclose to.
Right to delete your personal information.
Right to correct inaccurate personal information.
Right to opt out of the sale or sharing of personal information for cross-context behavioral advertising — we do neither, so there is nothing to opt out of.
Right to limit the use and disclosure of sensitive personal information — we already limit our use of your sensitive (health/fitness) information to providing the service you requested, so no further limitation is needed.
Right to non-discrimination for exercising your rights.

California "Shine the Light." We do not share your personal information with third parties for those third parties' own direct-marketing purposes. You may direct Shine the Light requests to [[PRIVACY_EMAIL]].

17.3 How to exercise your rights

You can use any of these designated methods:

Export your data: use the in-app data export to download all of your own data as a JSON file via your device's share sheet. If you choose email delivery, we send it to your account email through Resend.
Delete your account and data: use the in-app account deletion, which performs the hard delete described in Section 13. If you no longer have the app installed, you can also request account and data deletion through our web deletion page at [[WEB_DELETION_URL]] (also linked from our app-store listings), without reinstalling or repurchasing the app. Remember that deleting your account does not cancel your store subscription.
Email us at [[PRIVACY_EMAIL]] for access, correction, restriction, objection, or any other request or question.

Verification and authorized agents. To protect your information, we will verify your identity before acting on a request to know, delete, or correct. For account-based requests we typically verify by confirming control of the account or email associated with your data; for other requests we may ask for additional information to match you to the data we hold, and we will only use that information to verify your request. You may use an authorized agent to submit a request where the law allows; we may ask the agent for proof of authorization and may still ask you to verify your own identity.

18. App-store privacy-label summary

This is a plain-language summary to help you cross-check our app-store privacy disclosures. The binding disclosures are the Apple App Privacy ("nutrition") label and the Google Play Data safety form in the app stores; this policy and those labels describe the same practices, and where they differ in wording the stores' structured labels govern their respective stores.

Data linked to you, used only for app functionality: account identifier and, for permanent accounts, email/optional name; your fasting sessions, check-ins, weight logs, reminders, custom plans, insights, and badges; health and fitness data you choose to enable (read-only); purchase/subscription status.
Used for app functionality only — never for tracking or advertising: all of the above. Health, weight, and check-in content is never sent to analytics and never sold or shared for ads.
Behavioral analytics and diagnostics: not active in the current build (the SDKs are not present in the shipping app); if enabled in a future release, behavioral/usage data and sanitized crash data tied to a pseudonymous id, used to improve the app (Apple "Analytics" / "App Functionality" purposes) — never health data, never used to track you across other companies' apps or sites.
Security: data is encrypted in transit and at rest. You can request deletion of your data, in-app and via our web deletion page at [[WEB_DELETION_URL]].
Data not collected: payment-card details (handled by Apple/Google); no photos, video, audio, or image uploads; no contacts; and no precise location at all.

19. Changes to this policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the effective date above and give reasonable advance notice in the app or by email where appropriate.

For material changes that require your consent — for example, new uses of your health data or enabling analytics — we will ask for your consent again before those changes take effect, and we will not rely on your continued use of the app to establish consent where the law requires a fresh affirmative act. For other, non-consent-based changes, your continued use of FastZone after the update takes effect means you are aware of the revised policy; this does not waive any rights you have under applicable law, and consumers' mandatory statutory rights are unaffected.

20. Contact us

Privacy questions and requests: [[PRIVACY_EMAIL]]
General support: [[SUPPORT_EMAIL]]
Postal address: [[LEGAL_ENTITY]], [[LEGAL_ENTITY_ADDRESS]]
EU/EEA representative (Article 27): [[EU_REP]]
UK representative (Article 27): [[UK_REP]]