At TriForgeLabs, we are committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your information when you use our web and mobile applications.
Our app collects and processes certain data to provide you with the best possible experience. This includes crash reporting for debugging, advertising data, user authentication information, and AI-powered features. We are committed to transparency about what data is collected, how it's used, and your rights regarding your information.
Our app uses Firebase Crashlytics to track crashes and errors for debugging purposes. Crashlytics automatically collects crash data (stack traces and related diagnostics) along with a unique Crashlytics installation identifier for each app install. This information is used only to help identify and fix bugs – for example, Crashlytics uses crash stack traces to pinpoint what caused a crash and the installation UUID to measure how many users were affected. No direct personal information (like name or email) is included in these crash reports; they focus on technical details (device model, OS version, app version, and crash logs) needed to resolve issues. Crashlytics retains crash logs and associated IDs for a limited time (currently about 90 days) before deletion, in order to give developers time to review and address the problems. All crash report data is transmitted securely to Firebase and is accessible only to our development team for the purpose of improving the app's stability.
The app displays ads using Google AdMob, which is an advertising SDK. Our app does not request or use your device's GPS location at all (we do not ask for location permission). However, AdMob may infer an approximate location based on your IP address in order to serve relevant ads. Importantly, this is a coarse location (general region or city) and is determined automatically by Google's servers using the IP address; we (the app developers) do not see or store any location data ourselves. When AdMob is integrated, it automatically collects certain data from the app to personalize and serve ads. For example, Google's AdMob SDK collects and shares the following types of data by default:
All data collected by AdMob is transmitted securely (encrypted in transit) to Google. We do not individually store or process this information on our own servers; it's handled by Google's AdMob service. You can reset or disable the advertising ID on your device if you wish to limit targeted advertising. Our app's use of AdMob is in line with Google's policies, and no additional ad networks are used beyond AdMob.
For account creation and login, users have three convenient options: email/password, Google Sign-In, or Sign in with Apple.
Email Sign-Up: If a user chooses to sign up with an email address, we collect the email and a password (which is securely hashed). This is used to create the user's account in our system. We may also ask for a username or display name, but we do not require unnecessary personal details. The email is used for account identification and for communication (e.g. password resets or important account notices).
Google Sign-In: Users can log in with their Google account. This uses OAuth via Google – when you choose this option, Google asks if you permit sharing basic profile info (typically your Google name and email) with our app. Upon consent, Google provides us a unique user ID and your email address (and optionally your name) associated with your Google account. We use this information solely to create or log in to your app account. Using Google Sign-In means you don't have to remember another password, and it adds security (Google handles the authentication). We do not receive any access to your Google password or other Google account data beyond the basic profile info you allow.
Sign in with Apple: For users on iOS, we support Apple's privacy-friendly login. Apple allows you to hide your email – if you choose "Hide My Email," Apple will generate a random relay email (ending in @privaterelay.appleid.com) that forwards to your real email. We receive either this relay address or your actual email (depending on what you choose), along with a name (which you can edit before sharing). As with Google, Apple provides us a unique identifier that we use to create your account. We do not see your Apple account password or any other personal data from your Apple ID. Apple's system is designed to protect your privacy while still letting you create an account in our app.
Regardless of which sign-in method you use, the purpose is only to authenticate your identity and create your account. We treat all account information (email, name, and any OAuth IDs) as private and do not expose it publicly. This information is stored securely in our database and is used only for login and account-related features (for example, syncing your data across devices). We do not share your login information with any third parties – it is only processed by the authentication providers (Google or Apple) at the time of login, and by our app's backend to manage your account.
A key feature of our app is the ability to provide intelligent feedback and suggestions for foods and habits, powered by OpenAI's ChatGPT. When you input a prompt or use the voice recorder to describe a meal or a habit, that input is sent to OpenAI's servers to generate a helpful AI response. For example, you might type or say, "I ate a cheese pizza for lunch, was that healthy?" – this text is forwarded to the ChatGPT API, which processes it and returns an answer (which we then display to you in the app).
It's important to clarify what data is (and isn't) being shared in this process. We do not send any personally identifying information about you along with the prompt. In fact, our app does not need to know who specifically is asking the question when getting an AI answer. We only send the content of your query (e.g., "cheese pizza for lunch") and perhaps some contextual parameters, but not your name, email, or any account IDs. OpenAI's system will solely use the prompt text to generate a response; it does not know the identity of the user.
OpenAI does not use API-provided data to train its general models or improve their services (as of a policy change in 2023). This means the prompts we send from users are not being retained to teach the AI long-term. However, OpenAI may temporarily log the content of requests for abuse monitoring and debugging purposes. By default, API inputs (prompts) and outputs can be kept for up to 30 days in OpenAI's system, after which they are deleted. This retention helps OpenAI ensure the service is being used properly and to investigate any technical issues or misuse.
We have an agreement to use the OpenAI API under their terms, which include robust data privacy measures. All communications with OpenAI's API are encrypted in transit. Additionally, we do not receive or store the AI's responses on our servers beyond what is needed to show you the answer. The conversation between you and the AI (via our app) is transient – once the response is displayed and any session context is handled, we don't use that data elsewhere. The prompts you submit are not used for any other purpose than getting the AI reply you requested. And as stated, no sensitive personal user data is included in those requests by our design. (Of course, users should avoid volunteering personal sensitive information in any prompts for their own privacy protection as well.)
We respect users' control over their data. Users can request to delete their account and data at any time. In compliance with platform policies and privacy regulations, our app provides a straightforward way to initiate account deletion. Specifically, if you have an account with us, you can go into the app's settings and find an option to "Delete Account" (or similarly named). Using that will either directly start the deletion process or provide instructions (such as confirming your password or clicking a verification link) to ensure the request is genuine.
When you request account deletion, we will:
We aim to fulfill deletion requests promptly. After you confirm you want to delete your account, we process the deletion within a reasonable time frame (typically within a few days). You will lose access to the account once deletion is finalized, and this action is generally irreversible (you'd have to create a new account if you wish to use the app again). We also provide a way for you to contact support (via email) if you have any trouble with the deletion feature or if you want to request deletion through support.
This deletion capability is provided to comply with Google Play's User Data policy, which requires that apps offering account creation must allow users to request account deletion. It's also aligned with broader privacy laws (for example, the California Consumer Privacy Act gives users the right to request deletion of their data). In short, you are in control: if you no longer want us to have your information, you can wipe it out. We do not keep your data after a deletion request except as required for legal compliance or legitimate internal purposes (in which case, we would anonymize it).
The primary audience for our app is in the United States. Our content and features are designed for U.S. users, and the app is not specifically directed towards children under 13 years old. Because we target a general adult audience in the U.S., we adhere to U.S. privacy regulations and industry standards in handling user data. For example, we abide by laws such as the California Consumer Privacy Act (CCPA) for eligible users, which includes provisions like giving users the right to access or delete their data (as noted above).
If we expand our audience or region in the future, we will update our practices to ensure compliance with any additional local privacy laws (such as GDPR in Europe, etc.), but currently our user base is primarily U.S. residents. Not targeting children means that COPPA (Children's Online Privacy Protection Act) is not applicable to our app – we do not knowingly collect personal information from anyone under 13. Our app's content is aimed at adults (for example, tracking diets or habits typically for grown users). During account signup, users are required to confirm they are of an appropriate age. If we ever learned that a user under 13 (or the minimum age in their jurisdiction) has created an account improperly, we would delete any such account and its data in accordance with COPPA guidelines.
In summary, focusing on a U.S. audience allows us to streamline our privacy measures to U.S. standards. We continuously monitor changes in privacy regulations (both in the U.S. at the state/federal level, and internationally) to ensure our app remains in compliance. Our commitment is to be transparent and protective of user data, no matter where our users are from. If you have any questions or concerns about how we handle data, especially as it pertains to your region or rights, we encourage you to review our full Privacy Policy or reach out to our support team.
TriForgeLabs applications only retain the minimum data necessary for user accounts.
This data may include, but is not limited to, user's names, emails, account identifiers,
and any provided anthropometric information.
All of the user's data is removed if the user account is deleted.
If you wish to delete your account, please follow these steps:
Important: When an account is deleted, all data pertaining to that account is purged. Deleting an account is permanent and cannot be undone or recovered after deletion.
If you have any questions about this Privacy Policy, please contact us at contact@triforgelabs.com.