Privacy Policy

EFFECTIVE 2026-05-02 · VERSION 1.0

This Privacy Policy explains what data Riselo (“Riselo”, “we”, “our”, “us”) collects when you use the Riselo mobile and web application (the “App”), how we use it, who we share it with, and the rights you have over your data.

We built Riselo as a self-improvement tool for sport, health, business, social skills, and mindset. Personal data is necessary to run the App. We aim to collect only what we need and to be honest about what we do with it.

Plain-language summary: We store your account, your goals, your training and meal logs, and your conversations with the AI Coach. We use Firebase (Google) for accounts, Anthropic for AI, and Apple In-App Purchase via RevenueCat for subscriptions, plus an internal analytics layer with optional Mixpanel forwarding. We do not sell your data. You can delete your account at any time from inside the App.

Contents

Who we are
Information we collect
How we use your information
Legal basis (EU / UK users)
Service providers and third parties
Apple HealthKit
AI features
Data retention
Your rights
International data transfers
Security
Children
Changes to this policy
Contact

1Who we are

Riselo is operated by [YOUR LEGAL NAME / COMPANY], located at [YOUR ADDRESS]. The data controller responsible for your personal data is the same entity. You can reach us at Riseloapp@outlook.com.

2Information we collect

Account information

Email address, display name, and account provider when you sign in (Apple, Google, or email/password) via Firebase Authentication.
A username you choose for leaderboards.
Apple / Google user identifier (an opaque token from the auth provider).

Profile and onboarding data

Age range, primary goal, identity target, focus area, time and commitment preferences, and a one-word reason you provide during onboarding.
How you found Riselo (e.g. TikTok, Instagram) — used for analytics only.

Health and fitness data

Weight, height, age, sex, activity level, dietary style, allergies, and excluded ingredients you enter.
Sleep entries, water intake, meals, and biofeedback (mood / energy ratings) you log.
Workouts, exercises, sets, reps, and personal records you log.
If you enable Apple HealthKit, the categories you authorize (e.g. step count, sleep analysis, active calories). See Section 6.

Activity and engagement data

Streaks, lessons completed, daily missions completed, XP earned, levels.
App-internal events such as page views, feature interactions, and milestones (e.g. day_complete, exercise_logged).

Photos

If you use the AI Food Scanner, the photo you take is sent to our AI processor (see Section 7) for nutrition estimation.
Photos are processed in transit and are not stored by us beyond the immediate request. The AI provider may briefly retain the request for safety review (see Anthropic’s policy below).

AI Coach conversations

The questions you send to the AI Coach and the responses you receive.
Stored locally on your device for conversation continuity (last 50 messages per coach).
The provider (Anthropic) processes the request to generate a response. See Section 7.

Subscription and payment data

If you purchase Riselo Pro, payment is processed by Apple In-App Purchase (iOS) or Google Play Billing (Android, when available).
We never receive your full payment card details. We receive a transaction identifier and subscription status from RevenueCat.

Device and usage information

Anonymous session identifier (generated locally on your device).
Anonymous user identifier if you are not signed in (generated locally).
User-agent string (browser / device summary, first 80 characters).
Whether the App was installed as a Progressive Web App.

Push notification token

If you allow notifications, your device’s push token is stored to send you reminders. You can revoke this at any time in your device settings.

3How we use your information

We use your data to:

Operate the App: display your stats, calculate scores, save your progress, sync across devices.
Personalize your experience: tailored plans, recommendations, daily missions based on your goals and preferences.
Provide AI features: send your messages and (optionally) photos to our AI provider to generate responses.
Manage your subscription: verify entitlements, restore purchases, send renewal reminders.
Improve the App: aggregated and anonymous analytics about which features are used and where users drop off.
Send notifications you have enabled (streak reminders, mission reminders).
Respect your settings: dietary restrictions, allergies, and excluded ingredients filter your recommendations.
Comply with legal obligations.

We do not sell your data. We do not use your data to train third-party AI models on your personal records.

4Legal basis (EU / UK users)

If you are in the European Economic Area or the United Kingdom, we process your data on the following bases under the GDPR:

Purpose	Legal basis
Operating the App, providing your account	Performance of a contract
Personalization, analytics, App improvement	Legitimate interests
AI processing of your messages and photos	Performance of a contract + consent
Marketing emails (if any)	Consent (opt-in only)
Push notifications	Consent (opt-in only)
Apple HealthKit data	Explicit consent
Compliance with legal obligations	Legal obligation

5Service providers and third parties

We use the following service providers. They process data strictly on our behalf and are bound by data processing agreements where required.

Provider	Purpose	Region
Firebase (Google LLC)	Authentication, Firestore database, Cloud Messaging	USA / EU
Cloudflare, Inc.	API proxy (Workers) hosting our AI gateway	USA / EU
Anthropic, PBC	AI Coach and AI Food Scanner (Claude models)	USA
Apple Inc.	App distribution, In-App Purchases, Sign in with Apple, HealthKit	USA / EU
RevenueCat, Inc.	Subscription management across iOS and Android	USA
Mixpanel, Inc. (optional, off by default)	Aggregated product analytics	USA

If you would like to read each provider’s privacy policy, the links are publicly available on their websites.

6Apple HealthKit

Per Apple’s Health and HealthKit guidelines, we explicitly state:

Riselo reads only the HealthKit data categories you explicitly authorize (typically: step count, sleep analysis, active energy, heart rate, body mass, workouts).
We do not share your HealthKit data with third parties for advertising or any data-broker purpose.
We do not use HealthKit data for advertising, marketing, or to train AI models.
HealthKit data is used only to display your stats inside Riselo and to compute your Health score. It may be synced to your private Riselo account on Firestore for cross-device continuity if you are signed in.
You can revoke Riselo’s access to any HealthKit category at any time in iOS Settings → Privacy & Security → Health → Riselo.
If you delete your Riselo account, any HealthKit data we cached is deleted. HealthKit data on your device is unaffected and stays under your control.

7AI features

Riselo uses Anthropic’s Claude models (Sonnet and Haiku) via a Cloudflare Worker proxy operated by us. When you use an AI feature:

Your message and any required context (your goals, current streak, recent activity) are sent through our proxy to Anthropic.
Anthropic processes the request and returns a response.
Anthropic’s policy states that API requests are not used to train their models by default and are retained briefly for safety review (see Anthropic’s Privacy Policy).
For the AI Food Scanner, the photo you take is included in the request. We do not store the photo on our servers; it exists only in transit.

AI is not a doctor. The AI Coach and the AI Food Scanner are educational tools. They are not medical advice, not a substitute for a qualified clinician, and not a substitute for verifying ingredients yourself if you have a medical allergy.

8Data retention

Local data on your device persists until you uninstall the App, clear app storage, or sign out. This includes your logs, streaks, and AI conversation history.
Account data on Firebase is retained while your account is active. When you delete your account, we delete the data within 30 days (some backups may persist up to 90 days for technical recovery purposes).
Analytics events stored locally are capped at the last 500 events per device.
AI requests are not retained by us. Anthropic retains them briefly for safety review per their policy.
Subscription records are retained as required by tax and accounting law (typically 7 years).

9Your rights

Depending on your jurisdiction (GDPR, UK GDPR, CCPA / CPRA, others), you have the right to:

Access the personal data we hold about you.
Correct inaccurate data (you can edit most fields directly in the App).
Delete your data and account. Open Profile → Manage Profile → Delete Account, or email us.
Portability — request an export of your data in a machine-readable format.
Object to processing based on legitimate interests, including a right to opt out of analytics.
Withdraw consent at any time for processing based on consent.
Lodge a complaint with your local data protection authority. In the EU, find yours at edpb.europa.eu.
California residents have additional rights under the CCPA / CPRA, including the right to know what categories of data are collected and the right to opt out of any sale (we do not sell data).

To exercise any of these rights, email Riseloapp@outlook.com. We respond within 30 days.

10International data transfers

Some of our service providers (Anthropic, Cloudflare, RevenueCat, Mixpanel) are based in the United States. When your data is transferred from the EEA, UK, or Switzerland to the U.S., we rely on the EU-U.S. Data Privacy Framework where applicable, Standard Contractual Clauses, or equivalent legal mechanisms.

11Security

We use industry-standard security measures:

HTTPS / TLS for all network traffic.
Firebase Authentication for identity, with provider-managed credentials (we never see your password for Apple / Google sign-in).
Firestore security rules restricting users to their own data.
Server-side validation for subscription entitlements.

No method of transmission or storage is 100% secure. If we become aware of a breach affecting your data, we will notify you in line with applicable law.

12Children

Riselo is not intended for users under 16 in the European Union, or under 13 in the United States. We do not knowingly collect data from children under those ages. If you believe a child has provided personal data to us, please email Riseloapp@outlook.com and we will delete it.

13Changes to this policy

We may update this Privacy Policy. When changes are material, we will notify you in-app and update the “Effective” date at the top. Continued use of the App after the change means you accept the new policy.

14Contact

For all questions — privacy, support, or anything else — email Riseloapp@outlook.com.