n1 — Legal

Privacy Policy

Last updated: 16 June 2026

This policy explains what data n1 (“the app”) collects, how we use it, and the rights you have over it. The app is operated by {{COMPANY_LEGAL_NAME}} (“we”, “us”), {{COMPANY_ADDRESS}}. For any privacy question or request, contact hello@n1.fitness.

What we collect

We collect data you give us during onboarding and use: identity (email, name, date of birth), body composition (weight, height, body fat), training inputs (goals, experience, equipment), and workout logs (sets, reps, weights, durations).

Optional inputs include sleep, mood, and energy logs; measurements (waist, hips, etc.); progress photos; and your consent-gated Apple Health or Health Connect grants.

We also collect device-level diagnostics (app version, OS, crash reports) and aggregate usage analytics. We do not collect contacts, photo libraries beyond progress photos you explicitly upload, browsing history, or precise location.

Health & fitness data

Health and fitness data (including any data imported from Apple Health or Android Health Connect) is treated as sensitive. It is imported only after you explicitly grant access, is used solely to power your recommendations and recovery models, is never used for advertising, and is never sold or shared with data brokers. You can revoke Health access at any time from your device settings or from in-app Settings.

How we use it

Who we share with

We use a small set of processors, each handling only the minimum data needed for their function: Supabase (database + authentication), Anthropic (text generation for the AI coach), Stripe (subscription payments — only if you subscribe), Expo (push delivery), and our analytics and reliability providers (PostHog for product analytics and Sentry for crash reporting) plus an email provider for transactional messages.

We do not sell or rent your data. We do not share with advertising networks. We do not allow third-party tracking pixels inside the app.

International transfers

Some processors above may store or process data outside your country of residence. Where that happens, transfers are made under appropriate safeguards (such as the processor’s standard contractual clauses).

Retention

We retain your data while your account is active. Account deletion is a soft-delete with a 30-day cooling-off window — log back in any time during that window to cancel. After 30 days, your profile, sessions, and personal records are permanently anonymised.

Security

Data is encrypted in transit. Database access is constrained by row-level security so accounts cannot read each other’s data, and progress photos are stored in a private bucket served only through short-lived signed URLs. No system is perfectly secure, but we work to protect your data and will notify you of any breach affecting it as required by law.

Your rights (GDPR Articles 15–22)

Children

The app is not directed at users under 16. We do not knowingly collect data from anyone under that age. If you believe a minor has signed up, contact us and we’ll delete the account.

Changes

We’ll notify you in-app at least 30 days before any material change to this policy takes effect. The “Last updated” date above will change with every revision.