● LEGAL · DOC 01

Privacy & Data Handling

Your bloodwork, your bodyweight, and your training history are the most personal data you'll ever generate. Here's exactly how we handle it.

EffectiveApril 28, 2026 Versionv 0.1.0 JurisdictionUSA StatusPre-launch
SECTION 01 — DATA

What we collect.

Transform is a measurement instrument. To work, it needs measurements. We collect only the minimum required to render your mission and only with your explicit permission for each category.

  • BodyWeight, body composition, progress photos, sleep, HRV, resting heart rate (HealthKit and manual entry).
  • TrainingExercises, sets, reps, weights, RPE, rest timers.
  • NutritionMeals you log, supplements, macros computed against our food database.
  • BloodworkLab panels you upload manually as PDF or enter by hand.
  • AccountApple Sign In identifier, optional email, billing handled entirely by Apple via in-app purchase.
  • DeviceiOS version, app version, anonymous crash logs. No advertising identifiers, no IDFA.
● COACH NOTE

We do not collect contacts, location, microphone, camera roll, or browsing history. The app never asks for permissions it does not use.

SECTION 02 — USE

How we use it.

Your data drives exactly two things: (1) the readouts and visualizations inside the app, (2) the Coach insights generated from your own trends. That's the entire list.

What we never do. We do not sell data. We do not run ads. We do not embed third-party analytics SDKs in the app. We do not train external AI models on your data. We do not share your bloodwork, training, or bodyweight data with anyone — ever — outside what's listed in the next section.

SECTION 03 — SHARING

Who sees your data.

  • YouAlways. Export available in Settings → Account → Export.
  • SupabaseOur database provider hosts the encrypted tables. They cannot read your data without our keys.
  • AnthropicThe Coach feature sends an anonymized prompt (your trends, no name or email) to Claude to generate insights. Anthropic does not retain prompts or train on them under our API agreement.
  • AppleSubscription billing is handled entirely by Apple via in-app purchase. We never see your card, address, or full Apple ID.
SECTION 04 — STORAGE

Where it lives.

Encrypted at rest and encrypted in transit with TLS. Primary storage is in us-east-1 on Supabase. We do not yet operate an EU region; if you're in the EU/UK, please review this before signing up.

We retain your data for the duration of your subscription plus 30 days after cancellation. After that, it is purged from primary storage; database backups roll off within 90 days.

SECTION 05 — RIGHTS

What you can do.

  • ExportDownload a JSON copy of every record we have on you, in-app, at any time.
  • DeleteWipe your account from Settings → Account → Delete. Honored within 7 days; backups within 90.
  • CorrectEdit any logged value at any time. The local history stays for audit, but you control it.
  • WithdrawCancel your subscription in Settings → Subscription (handled by Apple). Your data is retained per the policy above unless you also choose Delete.
SECTION 06 — SECURITY

How we defend it.

TLS in transit, encryption at rest at the database level (Supabase managed Postgres). Sign in with Apple — we never store or see your password. Production database access is limited to a small set of administrators.

We're a small, pre-launch team. We don't claim formal certifications we don't have. If you find a security issue, please email [email protected] — we'll acknowledge within 72 hours.

If we ever experience a breach affecting your data, we will notify you within 72 hours of confirming it, in plain language, with a list of exactly what was exposed.

SECTION 07 — TERMS

Terms of service.

Not medical advice. Transform is a measurement and tracking tool. Coach insights are statistical observations, not medical prescriptions. Always consult a licensed physician before changing diet, training, or supplementation — especially when bloodwork is involved.

Subscriptions. Billing is handled by Apple via in-app purchase. Subscriptions auto-renew until cancelled. Cancel anytime in your iOS Settings → Apple ID → Subscriptions; refunds are handled by Apple per their standard policy.

Acceptable use. Transform is for personal use. Don't reverse-engineer, scrape, or use the service to build a competing product. We may suspend accounts that abuse the API or attempt to access other users' data.

SECTION 08 — CONTACT

Talk to a human.

Privacy questions, data requests, or anything that doesn't sit right: [email protected]. We answer within 48 hours, and a real person — not a ticketing bot — handles it.

General questions: [email protected]. Security disclosures: [email protected].