Privacy Policy — SYNTRAX
This Privacy Policy describes how SYNTRAX ("we", "our", "the app") collects, uses, and protects information when you use the SYNTRAX mobile application for iOS.
If you have questions about this policy, contact us at support@syntra.app.
1. Who we are
SYNTRAX is an iOS health and fitness application. The app is operated by the SYNTRAX team. We are the data controller for the personal information described below.
2. Information we collect
2.1 Account data
When you create an account, we collect:
- Email address (or Apple/Google identifier if you sign in via those providers)
- Display name
- A unique user identifier
- The date and time of account creation
2.2 Profile and health data (entered by you)
- Sex, age, height, weight, weight goals, activity level
- Dietary preferences, allergies, foods you have at home, foods you dislike
- Daily nutrition logs (meals, calories, macronutrients)
- Workout entries, planned sessions, and activity logs
- Personal goals (weight, fitness, social goals)
This information includes "medical information" as defined by California Civil Code §56.05(j) and "sensitive personal information" as defined by California Civil Code §1798.140(ae). See sections 9 and 10 for the rights that apply to it.
2.3 Apple Health (HealthKit) data
With your explicit permission, we read from Apple Health:
- Steps, active energy, sleep, heart rate, distance walked or run
- Workout sessions
With your permission, we write to Apple Health:
- Workouts and activity data you log in SYNTRAX
SYNTRAX never shares HealthKit data with third parties, and we do not use it for advertising. HealthKit data stays on-device or in your private Firestore document.
2.4 Camera and photo library
With your permission, the app accesses your camera and photo library so you can:
- Scan food items and barcodes for automatic nutrition logging
- Attach a profile picture
Images you scan for nutrition are sent to our AI food-recognition service to identify the food, then discarded after the result is returned. We do not retain raw images on our servers.
2.5 Microphone
With your permission, the app uses the microphone for voice input when you dictate meal notes, goals, or workout descriptions. Voice data is transcribed and the audio is not retained.
2.6 Device and usage data
- Device model and operating system version
- Crash logs (no personal content)
- App version
- IP address (in server logs only, for security)
2.7 Social features (if used)
If you use friend/social features:
- Friends list
- Friend requests sent and received
- Shared plans
- Blocks and reports you submit
3. How we use your information
We use your information to:
- Provide the core features of the app (nutrition tracking, workouts, planning, AI assistant)
- Generate personalized recommendations and readiness scores
- Sync your data across your devices
- Detect and prevent fraud, abuse, and security issues
- Comply with legal obligations
We do not sell or share your personal information for cross-context behavioural advertising as those terms are defined by the California Consumer Privacy Act (as amended by the CPRA). We do not share data with advertisers or use it for cross-app tracking.
4. Third-party processors (sub-processors)
SYNTRAX uses these processors. Each is bound by a Data Processing Agreement or equivalent contractual safeguard.
| Service | Purpose | Data sent |
|---|---|---|
| Google Firebase (Firestore, Auth, Cloud Functions, Cloud Storage) | Backend, authentication, data storage | Account data, profile, logs |
| OpenAI | AI features routed through our Cloud Functions: meal recognition, day-plan assistant, dish search, food search | Food images, meal descriptions, plan prompts, calorie/macro targets. No account identifiers, no HealthKit data |
| USDA FoodData Central | Nutrition database lookups | Food query strings only |
| Edamam (UPC Food Database) | Barcode product lookups | Barcode strings only |
| Open Food Facts | Barcode product information | Barcode strings only |
| Apple HealthKit | Health data integration (on-device) | Whatever you grant access to |
| Apple Sign In, Google Sign In | Federated identity | Email, name |
We do not use third-party advertising networks, analytics, attribution, or cross-app tracking SDKs.
5. How we store and protect your data
- Personal data is stored in Google Firestore (project
syntra-38db3), region: us-central1. - Access is restricted by Firestore Security Rules — only you (or an explicit collaborator you choose) can read your data.
- Transport is TLS-encrypted.
- We do not store passwords; authentication is handled by Apple, Google, or Firebase Auth.
6. Data retention
- Active accounts: your data is retained while your account is active.
- Account deletion: when you delete your account from within the app (Settings → Delete Account), we remove all of your personal data within 30 days. Backups are purged within an additional 30 days.
- Server logs containing IP addresses are kept for 90 days for security investigations, then deleted.
- Aggregated, fully anonymized statistics may be retained indefinitely.
7. Your general rights
Depending on where you live, you may have rights to:
- Access the personal data we hold about you
- Correct inaccurate data — you can edit most fields directly in the app
- Delete your account and data — Settings → Delete Account
- Export your data in a machine-readable format — Settings → Export My Data
- Object to processing or restrict it
- Lodge a complaint with your local data-protection authority (EU/UK)
To exercise any right, use the in-app controls or email support@syntra.app. We respond within 30 days (45 days under the CCPA, extendable once for another 45 days when reasonably necessary).
8. International transfers
Our servers are operated by Google Cloud in the United States. By using SYNTRAX outside the United States, you consent to the transfer of your data to the United States. We rely on Google's Standard Contractual Clauses for EU/UK transfers.
9. California residents — CCPA / CPRA notice
If you are a California resident, you have the following rights under the California Consumer Privacy Act, as amended by the California Privacy Rights Act:
- Right to know what personal information we collect, use, disclose, and (if applicable) sell or share.
- Right to delete personal information we collected from you.
- Right to correct inaccurate personal information.
- Right to portability — receive your data in a machine-readable format.
- Right to opt out of sale or sharing. We do not sell personal information and we do not share it for cross-context behavioural advertising.
- Right to limit the use of sensitive personal information. The categories of sensitive personal information we collect are listed in section 2.2 (profile and health data) and section 2.3 (HealthKit). You can exercise this right in Settings → Privacy → "Limit AI personalization with my sensitive data." When enabled, your weight, height, BMI, and HealthKit metrics are not included in prompts sent to our AI sub-processors; core local features continue to work.
- Right to non-discrimination — we will not deny service, charge different prices, or provide a different quality of service because you exercised any of these rights.
To submit a verifiable consumer request, email support@syntra.app with the subject line "California Privacy Request." We may ask you to verify the email associated with your SYNTRAX account before fulfilling the request. You may designate an authorized agent to make a request on your behalf.
California Confidentiality of Medical Information Act (CMIA)
The profile and health data described in section 2.2, together with HealthKit data described in section 2.3, may qualify as "medical information" under California Civil Code §56.05(j). We do not disclose this information to third parties for marketing purposes. We disclose it only to the sub-processors listed in section 4, each of which is contractually bound to process the data solely on our instructions and only as needed to provide the service to you.
Shine the Light (California Civil Code §1798.83)
We do not share personal information with third parties for their own direct-marketing purposes.
10. Children
SYNTRAX is not intended for users under 13. We do not knowingly collect data from children under 13. If you believe a child has provided data to us, contact support@syntra.app and we will delete it.
If you are a California resident under 18, you have the right under California Business & Professions Code §22581 to request removal of content you posted. Use Settings → Delete Account, or email support@syntra.app.
11. Security incident notification
If we discover a security breach that affects your personal or health information, we will notify affected users without unreasonable delay and in any event within the timelines required by applicable law, including the FTC Health Breach Notification Rule (16 CFR Part 318) where it applies.
12. Changes to this policy
We will post material changes in-app and update the "Last updated" date. Continued use of SYNTRAX after a change means you accept the updated policy.
13. Contact
Questions, requests, or complaints:
Email: support@syntra.app