Privacy Policy

Last updated: 7 May 2026

This Privacy Policy describes how Plyko (“Plyko”, “we”, “us”, “our”) collects, uses and protects your personal information when you use the Plyko mobile application (“the App”).

Plyko is operated by a French sole proprietor (entrepreneur individuel / micro-entreprise) trading under the commercial name “Plyko”. Contact: contact@plyko.app. Legal name and SIREN of the operator are available on request.

1. What we collect

• Account information: email address and a unique user ID generated by our authentication provider (Supabase) when you sign up.
• Profile data you provide: handle, avatar, gender, age, body weight, height, dietary preferences, training goals.
• Workout data: workout sessions, sets, exercises, personal records, custom exercises and templates you create.
• Nutrition data: meals you log, foods you save, macro and calorie goals.
• Daily metrics: water intake, step count, active calories burned and weight history that you log or that we read from Apple Health / Health Connect with your explicit permission.
• Photos you submit to AI features: when you use Plate Scan or Fridge Scan, the photo is sent to our backend for analysis and forwarded to our AI provider (Anthropic). Photos are processed in-memory and never stored on our servers.
• Subscription status: whether you are on a free, trial, or paid plan, including renewal and expiration dates, provided by RevenueCat and the App Store / Play Store.
• Usage logs: per-feature counts of AI calls made by your account (used solely to enforce monthly quotas and detect abuse). We do not log the content of your prompts or AI responses.
• Crash and performance data: anonymous error reports and performance metrics through Sentry to help us fix bugs.

We do not collect, sell, share or use your data for advertising. We do not track you across other apps or websites.

2. Apple Health / Health Connect

With your explicit permission, Plyko reads your step count, active energy burned, and body mass from Apple Health (iOS) or Health Connect (Android). This data is read on demand and is not transmitted to our servers — it stays on your device and is used only to display your daily activity inside the App.

3. How we use your data

• To provide the core features of the App (logging, analytics, sync).
• To process AI requests (recipes, plate scan, fridge scan, AI Coach) via our AI provider Anthropic.
• To enforce per-user monthly quotas on AI features.
• To detect and prevent fraud or abuse of the free trial.
• To respond to support requests when you contact us.
• To diagnose crashes and improve stability.

4. Third-party processors

We rely on the following processors to operate Plyko:

• Supabase (Ireland) — authentication, database, and file storage. Hosted in the EU.
• Anthropic(USA) — Claude AI models that power recipes, plate scan, fridge scan and AI Coach. Per Anthropic's policy, prompts are not used to train their models.
• RevenueCat (USA) — subscription management and entitlement checks.
• Apple App Store / Google Play — payment processing for in-app subscriptions. We do not receive your payment details.
• Sentry (Germany / USA) — anonymous crash and performance reporting.

Each processor has its own privacy policy. We have signed Data Processing Agreements (DPAs) where applicable.

5. Data retention

Your account data is kept as long as your account exists. If you delete your account, all data associated with your account is deleted from our database within 30 days. Photos sent to AI features are processed in real-time and never persisted.

6. International transfers

Some of our processors (Anthropic, RevenueCat, Sentry) are based in the USA. Personal data transferred to the USA is protected by Standard Contractual Clauses approved by the European Commission.

7. Your rights (GDPR)

If you are in the EU/EEA, you have the right to:

• access the personal data we hold about you,
• request correction or deletion of your data,
• request a copy in a portable format,
• object to or restrict processing,
• lodge a complaint with the French data protection authority (CNIL).

To exercise these rights, email contact@plyko.app. We respond within 30 days.

8. Children

Plyko is not intended for children under 16. We do not knowingly collect data from anyone under 16. If you believe a child has provided us with personal data, contact us and we will delete it.

9. Security

All traffic between the App and our servers is encrypted with TLS. Data at rest is encrypted by our infrastructure providers. We use Row-Level Security in our database to ensure each user can only access their own rows.

10. Changes to this policy

If we make material changes, we will notify you via email or an in-app notice before the change takes effect. The date at the top of this page reflects the latest revision.

11. Contact

Questions about this policy: contact@plyko.app