Privacy Policy

When you create an account, we collect:

• Email address: Used for account authentication and recovery
• Username: Your public identifier visible to friends you connect with
• Password: Encrypted and stored securely

Important: You can use The 1% without creating an account, though some features like friend connections and cloud backup will be unavailable.

The following data is stored exclusively on your device and never leaves unless you explicitly choose to share it:

• Workout logs and exercise history
• Nutrition tracking and meal logs
• Habit tracking data and streaks
• Journal entries and personal notes
• Goals and progress measurements
• Body metrics (weight, BMI, body composition)
• Sleep tracking data
• Running routes and GPS data
• Focus timer history
• Meditation session logs
• Personal preferences and settings

We cannot access this data. It is encrypted using Apple's standard iOS encryption and stored locally using Core Data and UserDefaults.

We request permission to read and write comprehensive health data through Apple's HealthKit framework, including:

• Heart rate and cardiovascular metrics
• Workout statistics and activity data
• Sleep analysis and patterns
• Body measurements and weight
• Steps and distance traveled
• Energy burned and active calories
• Additional health metrics for future features

Why we request all permissions: We request access to certain HealthKit data types that we don't currently display to provide a seamless experience when we add new features. This prevents you from needing to grant additional permissions in future updates.

How we use HealthKit data:

• Display your health information within the App
• Write workout and health data back to HealthKit
• Generate personalized insights and recommendations
• Provide basic on-device machine learning for workout predictions (no data is transmitted or stored from this process)

HealthKit data never leaves your device. It is protected by Apple's HealthKit framework and subject to Apple's strict privacy policies. We cannot access this data on our servers.

If you choose to connect with friends in the App, you can selectively share:

• Username: Visible to friends you connect with
• Workout data: Currently, only workout information can be shared with selected friends
• Selected health metrics: You choose exactly which data points to share

Future sharing capabilities: We plan to enable sharing of nutrition data, habits, running routes, and other metrics. You will always control what you share and with whom.

Shared data is stored on Google Firebase in EU-based servers and syncs every 24 hours. When you unfriend someone or delete your account, shared data is immediately removed from their view.

When you add a food item that's not in our database, you can optionally provide:

• Product name
• Barcode number
• Nutritional information (macros, micros, calories)
• Product photos
• Ingredients list

Our team manually reviews every submission within 24 hours. Once approved, the food item becomes available in our public database for all users, stored on servers located in the EU and UK.

We want to be clear about what we don't collect:

• No automatic analytics: We don't track your app usage, feature interactions, or behavior patterns
• No device fingerprinting: We don't collect device identifiers, iOS version, or device models (except when you manually submit a bug report)
• No IP address logging: Your IP address is never logged or stored
• No location tracking: GPS is only used during active runs and routes are stored locally on your device only
• No automatic crash reports: Crash logs are only sent if you manually submit a bug report through the App settings
• No payment information: All payments are processed by Apple through the App Store; we never see your payment details

If you choose to submit a bug report through the App settings, we collect:

• Device model and iOS version
• App version number
• Description of the issue you experienced
• Optional screenshots or additional context you provide

Bug reports are never collected automatically and require your explicit action.

Your email and username are used to:

• Authenticate your login
• Enable account recovery if you forget your password
• Facilitate friend connections within the App

Data you choose to share with friends is used exclusively to display your selected information to those specific friends. We do not use shared data for any other purpose.

Food items you contribute help improve our database for all users. Submissions are manually reviewed to ensure accuracy and quality.

Bug reports you voluntarily submit help us identify and fix issues to improve the App experience.

We use basic on-device machine learning to provide workout predictions and recommendations. This processing happens entirely on your device, and no data is transmitted or stored from this process.

The vast majority of your data is stored locally on your device using:

• Core Data: Apple's framework for managing structured data
• UserDefaults: For preferences and settings
• HealthKit: For health and fitness data

All local data is protected by Apple's standard iOS encryption, which is automatically enabled on all modern iOS devices.

If you create an account, minimal data is stored on Google Firebase servers located in the European Union:

• Account credentials (email, encrypted password)
• Username
• Workout data you choose to share with friends

Firebase data is currently protected with standard encryption. We are actively working to implement enhanced encryption for additional security.

User-contributed food items are stored on our custom database servers located in the European Union and United Kingdom. This database is built using OpenFoodFacts data dumps combined with user submissions.

In Transit: All data transmitted between your device and our servers uses standard HTTPS encryption.

At Rest: Local data benefits from iOS device encryption. Cloud data on Firebase uses standard encryption with plans for enhanced protection.

We do not maintain backup copies of user data. When you delete data or your account, it is permanently removed without retention in backup systems.

The only circumstance where your data is shared is when you explicitly choose to share specific workout data with friends you've manually selected within the App. This is entirely under your control.

We integrate with the following third-party services:

• Apple HealthKit: For health data integration (all data remains on-device)
• Google Firebase: For account authentication and friend data sharing (EU servers)
• Mapbox: For displaying running routes (routes stored locally only)
• OpenFoodFacts: Source for nutrition database (data dumps, no live API)
• Apple App Store Connect: For subscription management and aggregate analytics (we only see total subscriptions by country and date, no individual user data)

We do not use any advertising networks or third-party tracking SDKs. The 1% is ad-free and always will be.

Only our in-house development team has API access to our systems. We do not provide API access to external developers or third parties.

To connect with friends:

1. Search for a friend's username within the App
2. Send a friend request
3. Your friend receives a notification and can accept or decline
4. Both users must mutually consent to the connection

Currently, friends can only see:

• Your username
• Workout data you explicitly choose to share

Future updates will allow sharing of additional data types (nutrition, habits, running data), but you will always control what is shared.

When you unfriend someone or they unfriend you, all shared data is immediately removed from both users' views. The data deletion is instant and permanent.

All subscriptions are processed through Apple's App Store using their in-app purchase system. We have no access to your payment information, including:

• Credit card numbers
• Billing addresses
• Transaction details

Through Apple App Store Connect, we only receive:

• Total number of active subscriptions
• Subscription start dates by country
• Aggregate revenue data (no individual user information)

The 1% uses local notifications only, which are generated entirely on your device. These notifications:

• Are completely optional and customizable
• Can be enabled or disabled for specific features
• Do not require internet connectivity
• Do not send any data to our servers

Marketing Communications: We do not currently send marketing emails or promotional notifications. If we introduce email marketing in the future, it will be strictly opt-in only.

You can view and manage all your data directly within the App's profile section. For a complete export of data stored on our servers, contact us at [email protected]. We will provide your data in encrypted CSV format within 24 hours.

Note: Because your data is encrypted, we can only provide it in encrypted form. We cannot decrypt or view your personal information.

Delete specific data: You can manually delete individual entries, workouts, meals, habits, or other data within each section of the App.

Delete all local data: You must manually remove data from each feature section. Uninstalling the App will remove all local data from your device.

To permanently delete your account and all associated cloud data:

1. Send an email from your registered email address to [email protected]
2. Include your username in the email
3. We will immediately and permanently delete all data associated with your account from Firebase
4. Any data you shared with friends will also be instantly removed

Important: Account deletion is immediate and irreversible. All cloud data is permanently deleted with no backup retention.

You can manage HealthKit permissions at any time:

1. Open your iPhone's Settings app
2. Navigate to Health → Data Access & Devices
3. Select "The 1%"
4. Toggle specific data types on or off

We are developing a data export feature that will allow you to download all your information in CSV format, compatible with other fitness and health applications. This feature will support complete data portability.

Active Accounts: We retain your account information and shared data as long as your account is active.

Inactive Accounts: We do not currently delete inactive accounts automatically, but this feature is planned for future implementation.

Deleted Data: When you delete data or your account, it is permanently removed immediately with no retention period or backup storage.

Shared Data: When you delete shared data or unfriend someone, the data is instantly removed from all connected accounts.

The 1% stores data in the following locations:

• User device: All primary data stored locally on your iOS device
• Firebase (EU): Account data and friend-shared workout information
• Custom food database (EU/UK): User-contributed nutrition information

We do not transfer personal data outside of these regions except for the data you choose to share with friends (who may be located anywhere in the world).

If you are located in the European Union or European Economic Area, you have specific rights under the General Data Protection Regulation (GDPR):

• Right to Access: Request a copy of your data
• Right to Rectification: Correct inaccurate data
• Right to Erasure: Request deletion of your data
• Right to Data Portability: Receive your data in a portable format (coming soon)
• Right to Object: Object to data processing (though we process minimal data)
• Right to Restrict Processing: Limit how we use your data

To exercise these rights, contact [email protected].

If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA):

• Right to Know: Request information about data we collect
• Right to Delete: Request deletion of your personal information
• Right to Opt-Out: We do not sell personal information
• Right to Non-Discrimination: We will not discriminate against you for exercising your rights

To exercise these rights, contact [email protected].

The 1% is rated 12+ and varies by region due to the health and medical information features. We comply with applicable laws regarding children's privacy, including the Children's Online Privacy Protection Act (COPPA) where applicable.

Age verification is handled by Apple through the App Store. We do not knowingly collect personal information from children under the minimum age for their region without parental consent.

If you believe we have inadvertently collected information from a child under the applicable age, please contact us immediately at [email protected].

We are developing several features that will involve data processing:

• Coaching Services: Users will be able to share selected data with certified coaches through in-app messaging and optional video consultations. You will control exactly what data your coach can access.
• Enhanced Sharing: Additional data types (nutrition, habits, running routes) will become shareable with friends. All sharing will remain entirely optional and granular.
• Data Export/Import: Complete data portability in CSV format to move your information to other platforms.
• Apple Sign In / Google Sign In: Alternative authentication methods for easier account creation.

We will update this Privacy Policy and notify users before implementing features that change how we handle data.

We implement industry-standard security measures to protect your information:

• HTTPS encryption for all data in transit
• Secure authentication via Firebase
• Password encryption using industry-standard hashing
• Apple iOS encryption for all local data storage
• Regular security reviews and updates
• No session timeout (you remain logged in until you log out)

While we take extensive measures to protect your data, no system is completely secure. We encourage you to use a strong, unique password and enable device security features.

In the unlikely event that The 1% is acquired, merged, or undergoes a business transfer:

• We will notify all users via email and in-app notification
• You will have the option to delete your account and data before the transfer
• The new owner will be bound by this Privacy Policy
• The new owner will not have access to decrypt your data (as we don't have this access either)

We have never received legal requests for user data. In the unlikely event we receive a valid legal request:

• We can only provide data we have access to (account email, username, and voluntarily shared workout data)
• We cannot access or decrypt local data stored on your device or HealthKit information
• We will notify affected users unless legally prohibited from doing so
• We will challenge overly broad or inappropriate requests

We may update this Privacy Policy periodically to reflect:

• New features or services
• Changes in legal requirements
• Improvements to our privacy practices

When we make changes:

• We will update the "Effective Date" at the top of this policy
• Significant changes will be announced on our website at www.theonepercent.app
• Continued use of the App after changes indicates acceptance

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

General Privacy Questions:
[email protected]

Account Deletion Requests:
[email protected]

Website:
www.theonepercent.app

Company Information:
The One Percent
Director: Daniel Cleave
Co-director: Mariusz Bennett