back

privacy.

Effective date

Effective: 2026-05-11

1. Who we are

Sate is a fitness, nutrition, and hydration tracking app for iOS. You can contact us at support@sate.fit. The data controller is Individual Entrepreneur Mikhail Dmitrievich Goroshkov (ИП Горошков Михаил Дмитриевич); registration details are available on request at support@sate.fit.

2. Data we collect

Account data — email address, password hash, and an optional display name. Birthdate — collected at sign-up to verify that you are at least 13 years old (COPPA / GDPR-K). Stored on your account and not displayed publicly. Profile data — height, weight, sex, dietary preferences, fitness goals, and time zone. HealthKit data (Apple) — when you grant permission, Sate reads the following from Apple Health: workouts, steps, heart rate, resting heart rate, heart rate variability (HRV), weight, height, body fat percentage, sleep, active energy, and dietary calories, protein, carbohydrates, and fat. Sate writes back the nutrition, hydration, and workout entries you log in the app. We do not share HealthKit data with any third party for advertising or analytics. HealthKit data lives on your device by default; you control sync via Settings. Logs and entries — meals, foods, recipes, hydration, workouts, exercises, sets, habits, body measurements, progress photos, and programs you share or import. Photos — meal photos and progress photos. Meal photos are uploaded for AI analysis (see Section 5). Progress photos are stored on your account in encrypted object storage. Coarse location — collected only if you enable a location-triggered habit reminder. If you do not enable location-triggered habits, no location data is collected. Voice audio — when you use voice logging, audio is recorded on device and transcribed to text using Apple's on-device speech recognition. We do not store raw audio. Device data — device model, operating system version, app version, and an anonymized identifier used for analytics. Website analytics — when you visit sate.fit, we collect privacy-friendly, cookieless usage analytics (page views and anonymized interaction events) and performance metrics. No tracking cookies are set, and no cross-site identifiers are stored on your device. Crash and performance data — sent to PostHog to help us diagnose bugs and errors (see Sub-processors below).

3. How we use your data

We use your data to: - provide the service (log entries, compute totals, display history); - sync your data across your devices via our backend; - compute nutrition from text or image descriptions using AI (see Section 5); - send transactional emails such as email verification, password reset, and account-deletion confirmations; - diagnose crashes and performance issues; - comply with legal obligations. We do not sell your data. We do not use your data for advertising. We do not use your HealthKit data for any purpose other than the in-app features you trigger.

4. AI image and text analysis (LLM sub-processor)

When you submit a meal photo to the "/nutrition/from-image" feature, the image bytes are forwarded to OpenRouter, which routes the request to Google Gemini for visual analysis. The response — an estimated list of foods and nutrients — is returned to Sate and to you. The original image bytes are not retained by Sate after the request completes. Sate cannot control the retention policies of OpenRouter or Google Gemini; their retention and usage are governed by their respective privacy policies. The same applies to the "/nutrition/from-text" feature: the food description you type is sent to the same LLM provider chain for parsing. If you do not want your meal photos or descriptions sent to a third-party AI, disable the photo-nutrition feature and use manual entry, voice, or barcode scanning instead.

5. Sub-processors

We rely on the following sub-processors to operate Sate. Each receives only the data necessary to perform its function. - Resend (US) — transactional email. Data shared: email address and account events. - OpenRouter (US) — LLM routing gateway for AI features. Data shared: meal image bytes and food descriptions. - Google Gemini, via OpenRouter (US) — LLM model used for nutrition AI. Data shared: meal image bytes and food descriptions. - Cloudflare R2 (US) — object storage for photos and encrypted backups. Data shared: photos and encrypted backups. - Railway (US) — server hosting. Data shared: all API data, encrypted at rest. - PostHog (EU) — product analytics and error monitoring for the website and app. Data shared: anonymized usage and page-view events, error stack traces, device model. Cookieless on the website; data is stored in the EU. - Vercel (US) — website hosting, privacy-friendly web analytics, and performance monitoring (Speed Insights). Data shared: anonymized page-view and Core Web Vitals metrics. No tracking cookies. - Apple (US) — Sign in with Apple. Data shared: Apple ID identifier; an anonymized email if you choose Apple's email-relay option. - Google (US) — Sign in with Google. Data shared: Google account identifier.

6. Your rights (GDPR and equivalent)

Subject to applicable law, you have the right to: - Access — request a copy of your data via Settings → Export Data in the app. - Deletion — request account deletion via Settings → Delete Account. A 30-day grace period applies during which you can cancel the deletion. - Portability — Export Data returns a JSON archive that you can take elsewhere. - Correction — edit your profile in the app, or email support@sate.fit. - Withdraw consent — toggle HealthKit permissions in Apple's Health Settings, or delete your account. - Lodge a complaint with your local data-protection supervisory authority.

7. Children

Sate is not directed to children under 13. Registration requires a date of birth, and we reject accounts where the user is under 13. If we discover that we have collected personal data from a child under 13, we will delete it. We aim to comply with COPPA (United States) and GDPR-K (European Union minimum age of 13).

8. Security

We protect your data using industry-standard measures: - All data in transit is encrypted using TLS (HTTPS). - Passwords are hashed with bcrypt; we never store raw passwords. - Access tokens on iOS are stored in the system Keychain. - Server data is encrypted at rest in Railway's managed PostgreSQL. No method of transmission or storage is perfectly secure, but we take reasonable steps to protect your information.

9. Retention

We keep your data while your account is active. When you request account deletion, we delete personal data within 30 days; encrypted backups are purged within the following 30 days. Aggregated, anonymized statistics may be retained for analytics and product improvement.

10. Changes to this policy

We may update this policy from time to time. We will notify you in-app of material changes.

11. Contact

Questions, requests, or complaints: support@sate.fit