Last updated: December 31, 2025

What I Collect

When you use this site, I collect:

• Account information: Your username, password (encrypted), and email address (if you provide one—it's optional)
• Health data: Any metrics you choose to enter (blood work, DEXA scans, etc.)
• Basic logs: Server logs that might include your IP address, browser type, and access times

What I Don't Collect

• I don't use analytics or tracking tools
• I don't use cookies for tracking (only for keeping you logged in)
• I don't collect information about you from other sources
• I don't fingerprint your device

How I Use Your Information

I use your information to:

• Run the service (show you your data, let you log in, etc.)
• Fix bugs and maintain the site
• Comply with legal obligations if required

That's it. I don't use it for marketing, advertising, or anything else.

Who I Share Your Information With

Nobody, with very limited exceptions:

• Hosting provider: Your data is stored on servers run by a hosting company (currently running on standard cloud infrastructure)
• Legal requirements: If required by law, court order, or government request, I may have to disclose information
• AI service: If you use the PDF import feature, the PDF content is sent to OpenAI's API to extract metrics. This is only when you explicitly use that feature.

I will never sell your data. I will never share it for marketing purposes. I will never give it to third parties for their own use.

Security

I try to keep your data secure, but I'm one person running a hobby project. Here's what I do:

• Passwords are encrypted (hashed and salted)
• The site uses HTTPS
• Access to the database is restricted
• I follow basic security best practices

However, no system is perfectly secure. If there's a data breach, I'll do my best to notify affected users, but I can't guarantee I'll even know about it immediately.

Your Data Rights

You can:

• Export your data: Use the export feature to download all your data in JSON or CSV format
• Delete your data: Delete your account, which removes all your data from the database
• Update your data: Edit or delete individual entries anytime

When you delete your account, I delete your data. I don't keep backups beyond standard server backup practices (which might retain data for a short period for disaster recovery purposes).

Children's Privacy

This service is not intended for children under 18. I don't knowingly collect information from children. If I discover that a child has provided me with personal information, I will delete it.

Data Retention

I keep your data as long as your account exists. If you delete your account, your data is deleted. Server logs are retained for a limited time (typically 30-90 days) for debugging and security purposes.

International Users

The site is hosted on servers that may be located anywhere in the world. By using this service, you consent to the transfer of your information to countries that may have different data protection laws than your country.

Changes to This Policy

I may update this privacy policy from time to time. If I make significant changes, I'll try to notify users, but I can't guarantee I'll reach everyone. Check this page periodically for updates.

The Reality

Look, I built this for myself and I care about privacy. I'm not trying to collect or monetize your data. But I'm also just one person doing this as a hobby, so I can't provide enterprise-level security or guarantees.

If you're storing sensitive health information here, understand the risks. Consider using the export feature to maintain your own backups. If this level of security isn't acceptable for your data, don't use this service.