Doc · Privacy v3 · May 2026

Your data,
no games.

Whayle is a fitness tracker. We collect what we need to make the food log, training, and pods work. Not more. We don't sell anything to anyone, and we don't run ads.

Updated · May 8, 2026
Section 01

What we collect

To run your account, calculate your targets, score your pod, and send you the right notifications, we store the following:

  • Account info. Name, username, email, profile photo. You sign in with Google or with email and password.
  • Body stats. Height, weight, age, gender, training plan, and goal. Used to calculate your calorie and macro targets via the Mifflin-St Jeor formula.
  • Food log. Meals you log: name, calories, macros, portion. If you use the photo snap, the original image is stored so we can audit and improve recognition.
  • Training data. Lifts, runs, cardio sessions, muscle groups worked, duration, distance, intensity.
  • Recovery data. Steps, water, sleep, sport sessions.
  • Weight check-ins. Each weight log you submit.
  • Pod activity. Pod membership, weekly leaderboard scores, feed events shared with your pod.
  • Push tokens. FCM device tokens, stored only so we can deliver notifications you've opted into.
  • Anonymous product analytics. Page views, button taps, funnel events. Tied to your user ID inside our analytics tool, never to your name or email outside Whayle.
Section 02

How we use it

To make the app work, and to make it better. Nothing else.

  • Calculate and display your calorie, protein, carb, and fat targets.
  • Power your food log, training tracker, and recovery dashboard.
  • Show your daily progress to the pod members you chose to compete with.
  • Score the weekly leaderboard and detect when someone is on a streak or going dark.
  • Send push notifications you've opted into: goal milestones, streak alerts, pod nudges, weekly recap.
  • Send you a weekly summary email when you've logged at least once that week.
  • Run AI food search, photo recognition, and the AI coach by sending your query to our backend, which forwards it to the Anthropic API.
  • Improve the food-recognition model by reviewing low-confidence snaps internally.
  • Spot bugs and broken flows from anonymized usage patterns.
Section 03

What we don't do

  • We never sell your data to third parties. Not anonymized, not aggregated, not in any form.
  • We never share your body stats, food logs, weight, or training data with advertisers.
  • We don't run ads inside the app.
  • We don't use your photos or food logs to train external AI models beyond improving Whayle's own recognition.
  • We don't read or store your password. Authentication is handled entirely by Firebase Auth.
  • We don't track you across the web. No third-party advertising pixels, no Facebook tag, no Google Ads.
Section 04

Third-party services

Whayle is built on a small, intentional stack. Each of these vendors has their own privacy policy, linked below.

  • Firebase (Google). Authentication, Firestore database, Cloud Storage for photos, Cloud Functions for the backend, hosting, and FCM push notifications. Firebase Privacy
  • Anthropic (Claude AI). Powers AI food search, photo recognition, the multi-component plate parser, and the AI coach. Your query and the food image are sent through our backend to the Anthropic API. No name, email, or other personal identifiers are included in those requests. Anthropic Privacy
  • Resend. Delivers transactional and weekly digest emails. Only your email address and the message body are shared. Resend Privacy
  • PostHog. Product analytics: page views, button taps, funnel completion. Self-hosted on PostHog Cloud EU. We send your Whayle user ID and event names. We do not send your food log content, body stats, or pod data. PostHog Privacy
Section 05

Storage + security

Your data lives in Google Cloud Firestore and Google Cloud Storage. Both encrypt at rest and in transit. The backend talks to clients over HTTPS only.

Auth and password hashing are handled entirely by Firebase Auth. Whayle's servers never see your password in plaintext, and we cannot read it back. If you forget it, you reset it through Firebase's email reset flow.

We rate-limit AI and notification endpoints per user and per IP to protect both your account and our budget. Browser storage is used by the Firebase SDK to keep you signed in and to throttle abusive request loops. No advertising or third-party tracking cookies are set.

Firestore security rules deny by default and only let you read or write your own documents (plus pod data shared with members you joined with). Pod creators can manage their pod, but no one can read your private logs without your invite.

Section 06

Your rights

  • Export. Email whayleapp@gmail.com from your registered address and we'll send you a JSON dump of your account.
  • Delete. The "Delete my account" button in profile settings wipes your user doc, food logs, training sessions, weight history, pod memberships, and stored photos. Idempotent and irreversible.
  • Disable notifications. Toggle push off in settings, or revoke permission in your OS / browser. Tokens are removed when notifications are turned off.
  • Question your data. Email us. We'll respond within seven days.
Section 07

Children

Whayle is not for anyone under 13. We don't knowingly collect data from anyone under 13. If you believe a child created an account, email whayleapp@gmail.com and we'll remove it.

Section 08

Changes to this policy

If we change anything material, we'll notify you in the app before it takes effect. The "Updated" date at the top reflects the most recent revision. Older versions are kept for reference on request.

Section 09

Contact

Questions, concerns, anything that needs a human: whayleapp@gmail.com. The team reads every email.