Privacy at Phaze

1. Who we are

Phaze is operated by Zeit Capital Ltda, a limited liability company organized under the laws of Brazil ("Phaze," "we," "us," or "our"). This Privacy Policy explains how we collect, use, store, share, and protect personal information when you use the Phaze mobile application, the Apple Watch companion, our website at phaze.fit, and related services (together, the "Service").

If you are in the European Economic Area, the United Kingdom, Brazil, or another jurisdiction with data-protection laws, additional rights and disclosures appear in Section 13.

2. Quick summary

This summary is informational only. The full text below governs.

• We do not sell your personal information.
• We do not share your personal information with advertisers or data brokers.
• Health data is stored on your device by default. If you enable Cloud Backup, an encrypted archive is stored in your personal cloud account. See Section 5.
• We do not use Apple HealthKit or Google Health Connect data for advertising, marketing, or sale.
• AI features (Ember chat, food scan, recommendations) process your input through third-party providers we name in Section 6. We do not train AI models on your data.
• You must be 18 or older to use Phaze.

3. Information we collect

3.1 Information you provide

• Account information: name (optional), email address, password (hashed), date of birth (used to verify age and personalize calculations).
• Health and body data: weight, height, body composition entries, progress photos, goals, dietary preferences.
• Medication data: GLP-1 (or other) medication name, dose, schedule, side effects, injection-site notes. Provided voluntarily.
• Nutrition data: food logs, barcode scans, meal photos, voice-described meals, dietary preferences.
• Activity data: exercise logs, hydration entries, fasting windows, sleep summaries.
• Subscription information: purchase confirmations from Apple App Store or Google Play. We do not receive your full payment card number.
• Communications: support emails, in-app feedback.

3.2 Information collected automatically

• Device information: device model, operating system version, app version, language, time zone, country (derived from store region), and a device-generated pseudonymous identifier used to link your usage events.
• Diagnostics and product analytics: crash reports, performance traces, error logs, and product-analytics events. We do not transmit your email address, name, or other directly-identifying personal information to our analytics or crash providers. We do transmit pseudonymized event payloads that include specific clinical values (weight, water, meal macros, lab biomarker names, mood and energy ratings, medication administration type). These are described in detail in Section 6.2.
• Approximate location: city-level only, derived from IP. We do not collect precise GPS location.

3.3 Information from third parties

• Apple HealthKit (iOS): if you connect HealthKit, we read the data types you authorize. See Section 7.
• Google Health Connect (Android): if you connect Health Connect, we read the categories you authorize. Phaze currently requests: Steps (read), Weight (read and write), Active calories burned (read), Exercise session (read).
• Identity providers (Sign in with Apple, Google Sign-In): if used, the email address and identifier returned by the provider.

We do not buy data from data brokers and do not enrich your profile from external sources.

3.4 What we do NOT extract

• No biometric identifiers. Phaze does not extract or store face geometry, facial landmarks, fingerprints, iris scans, voiceprints, speaker embeddings, gait analysis, or any other biometric identifier as defined by the Illinois Biometric Information Privacy Act (BIPA), the Texas CUBI statute, or similar laws. Food scans and progress photos are not processed for facial recognition. Voice transcription uses the platform speech APIs and does not create or retain a voiceprint on the Phaze side.
• No precise location. We do not collect GPS coordinates or use geofencing. We do not geofence around health care facilities.
• No third-party advertising IDs we use ourselves. The IDFA or advertising ID on your device is governed by the platform's privacy controls.

4. How we use your information

We process your information for the following purposes and on the following lawful bases (the lawful basis matters most under GDPR, UK GDPR, and LGPD; United States users may disregard the "Lawful basis" column).

We do not use your information to: sell to third parties for monetary or other valuable consideration; serve targeted advertising; profile you to predict future behavior outside the Service; share with insurers, employers, or data brokers.

You may withdraw consent at any time by deleting the relevant data in-app, disabling the feature, or contacting privacy@phaze.fit. Withdrawal does not affect prior lawful processing.

5. Local storage and Cloud Backup

5.1 Default: on device

Your health, medication, and progress photo data is stored on your device:

• iOS: SwiftData persistent store with iOS Data Protection (NSFileProtectionCompleteUntilFirstUserAuthentication class). Sensitive medical fields (medication identifiers, doses, side-effect entries, injection-site notes, your medical profile, and your dose schedule) are additionally encrypted with AES-256-GCM using a key stored in the iOS Keychain (kSecAttrAccessibleAfterFirstUnlockThisDeviceOnly).
• Android: Room database. Sensitive medical fields are encrypted with AES-256-GCM (cipher mode AES/GCM/NoPadding, 256-bit key, 12-byte IV, 128-bit tag) using a key generated and stored in the Android Keystore (hardware-backed where the device supports it). General preferences use Android Jetpack Security's EncryptedSharedPreferences (AES256_SIV for keys, AES256_GCM for values) with a Keystore-bound master key.

We do not operate a first-party server that stores your health data. The data flows that do leave your device are listed in Section 6 (analytics, AI features, optional Cloud Backup, optional Health platform sync).

5.2 Cloud Backup (optional, off by default)

Cloud Backup is opt-in. You enable it in Settings, Cloud Backup. The target depends on your platform:

• iOS: an encrypted archive is written to your personal iCloud Drive, inside the Phaze app's ubiquity container (iCloud.com.zeit.phaze). The container is private to Phaze within your iCloud account.
• Android: an encrypted archive is written to the AppData folder of your personal Google Drive account. The AppData folder is private to Phaze, application-scoped, and not visible in your normal Drive UI.

In both cases the archive is encrypted with AES-256-GCM before upload.

About the encryption key. So that you can restore the backup on a new device without having to remember a separate passphrase, the encryption key is generated locally and stored alongside the encrypted payload inside the backup file itself. This means the backup is protected by the security of your iCloud or Google account, not by a separate passphrase you hold. We do not currently support a user-supplied passphrase; if you require true zero-knowledge encryption, do not enable Cloud Backup. We may add a user-passphrase option in a future release. We do not call this backup encrypted only for you, because that would imply a key only you can access; Phaze does not market the backup that way.

We do not retain a server-side Phaze copy of your backup outside your own iCloud or Google account.

Once Cloud Backup is enabled, by default it runs automatically each day. You can change the frequency or disable it at any time in Settings, Cloud Backup.

To stop Cloud Backup and remove the cloud copy: disable it in Phaze Settings and delete the backup file from your iCloud (iOS) or Google Drive (Android) account through Apple's or Google's data-management tools. Deleting your Phaze account from within the app deletes your on-device data; it does not currently delete the cloud backup file automatically.

5.3 What this means in plain language

• Default: on device.
• Cloud Backup off by default. If you turn it on, an encrypted file lives in your own iCloud (iOS) or Google Drive (Android).
• AI features and analytics described in Section 6 do transmit specific fields off your device.
• Uninstalling the app removes on-device data. Cloud Backup files persist in your iCloud or Google Drive until you delete them.

6. AI features, analytics, and other third-party processors

6.1 AI features

• Ember (AI chat): when you message Ember, your message and a context payload are sent through a Phaze-operated edge service (Cloudflare Workers, US and global) to Google Gemini for response generation. The context payload includes: a list of side-effect strings you have logged, a weight range (rounded), your nutrition goals (daily protein, water, fiber, calorie targets), your transformation goal, and today's progress totals (protein consumed, calories consumed, water oz, fiber grams, steps, current weight). We strip GLP-1 medication brand and generic names from your outgoing messages before they leave the app. We do not transmit raw progress photos through Ember.
• Food scan: when you scan a meal, the photo is sent through the same edge service to Google Gemini Vision for nutrient estimation. The image bytes are uploaded; we do not extract any biometric identifier from the image.
• Voice meal description: spoken meals are transcribed by Apple Speech Recognition (iOS, via SFSpeechRecognizer) or Android SpeechRecognizer (Android). Both are system APIs whose internal routing is managed by Apple and Google respectively; depending on your device and language they may route to those companies' speech services. The resulting transcript is then sent to Gemini for parsing into food entries.
• Body composition estimate from photo: if you use this feature, the photo is sent to Gemini Vision and a numeric estimate is returned. No biometric identifier is derived or stored.
• Recommendations, milestones, and dose-cycle estimation: run on-device. No external service is called.

Important about AI features:

• AI responses can be inaccurate, incomplete, or out of date. Ember does not provide medical advice, dose recommendations, contraindication guidance, or symptom triage. For dosing decisions, side-effect concerns, or any clinical question, contact your prescribing healthcare provider.
• We instruct Google through the Gemini API not to use your inputs to train its models. We use a paid Gemini API tier on which prompts and responses are not used for model training, and this no-training status is reflected in our Data Processing Addendum with Google.
• AI features can be disabled in Settings, Privacy. Until the in-app toggle ships, contact us at privacy@phaze.fit to disable.
• AI-generated outputs are labeled as such in the interface per the EU AI Act Article 50. Ember responses carry a per-output "AI-generated" label, and AI food-scan estimates are marked with an AI badge.

6.2 Analytics, crash reporting, and attribution

We use the following third-party tools. Each one receives the categories described.

We do not engage providers other than those listed above for the processing of your personal information. We require each provider to (i) act only on our instructions, (ii) implement appropriate security, (iii) not use your data for their own purposes other than aggregate statistics necessary for the service, and (iv) honor your deletion requests passed through us.

6.3 What about advertising trackers?

On the Phaze mobile application, we engage the Meta AEM and TikTok Business SDKs for install attribution, as described above. These SDKs are not used to serve personalized advertising back to you within Phaze; they exist so that we can measure which campaigns brought new users to Phaze. We do not embed Meta Pixel, TikTok web pixel, Snap Pixel, Google Ads conversion tags, Pinterest tag, or LinkedIn Insight tag on our marketing website (phaze.fit). We do not sell your personal information.

7. Apple HealthKit and Google Health Connect

Phaze integrates with Apple HealthKit (iOS, watchOS) and Google Health Connect (Android) only if you authorize it. You choose which categories to share. You can revoke this access at any time from your device system settings.

In accordance with Apple's HealthKit terms (Apple Developer Program License Agreement section 5.1.4) and Google's Health Connect terms:

• We do not use HealthKit or Health Connect data for advertising or other use-based data mining purposes other than improving health, medical, and fitness management, or for the purpose of medical research.
• We do not sell HealthKit or Health Connect data to advertising platforms, data brokers, or information resellers.
• We do not share HealthKit or Health Connect data with third parties for advertising or marketing purposes.
• We do not use HealthKit or Health Connect data to identify users beyond what is necessary for personalization within Phaze.
• We will not access an end user's HealthKit or Health Connect data without their authorization.

HealthKit and Health Connect data is stored on your device. If you enable Cloud Backup, summaries you have created within Phaze (not raw HealthKit or Health Connect records) may be included in the encrypted backup archive.

8. Sharing

We share personal information only in these limited cases:

• With your direction: when you choose to export a PDF report, share a milestone card, send a screenshot, or grant a feature access to your data.
• With processors: the third-party providers listed in Section 6, bound by data-processing terms.
• For legal reasons: to comply with valid legal process (subpoena, court order), respond to government requests where required by law, or protect the safety and rights of Phaze, our users, or the public. We narrow disclosures to what is legally required.
• Business transfer: if Phaze is acquired, merged, or assets transferred, your information may be transferred to the successor entity subject to this Policy. You will be notified of any material change in handling.

We do not "sell" your personal information as that term is defined under the California Consumer Privacy Act, Washington My Health My Data Act, Connecticut Data Privacy Act, Texas Data Privacy and Security Act, or any other applicable law. We do not engage in "targeted advertising" or "cross-context behavioral advertising."

9. Retention

When you delete your account: we delete or de-link personal identifiers from our systems within 30 days; Cloud Backup contents in your Google Drive AppData are deleted within 7 days of the request, except where retention is required by law (for example, subscription and tax records).

10. Security

We implement reasonable administrative, technical, and physical safeguards:

• AES-256-GCM at rest on device and for Cloud Backup archives
• TLS 1.3 in transit
• Apple Keychain and iOS Data Protection (iOS)
• Android Keystore plus EncryptedSharedPreferences (Android)
• Role-based access control on internal tools
• Code review and security testing prior to major releases
• Vendor diligence on processors

No method of transmission or storage is perfectly secure. We do not claim to be HIPAA-compliant, and Phaze is not a HIPAA-covered entity.

Breach notification. If we discover a security incident that compromises the confidentiality of your personal information, we will notify you and applicable regulators in accordance with the FTC Health Breach Notification Rule (16 CFR Part 318), GDPR Article 33 and 34, LGPD Article 48, and applicable state breach-notification laws. Where required, we will notify affected individuals within 60 days of discovery (HBNR) and applicable regulators within 72 hours (GDPR).

11. Children

Phaze is intended for users 18 years of age or older. We do not knowingly collect personal information from anyone under 18. If you believe a person under 18 has provided us with personal information, please contact privacy@phaze.fit and we will delete the account.

If we discover that we have collected personal information from a person under 18, we will delete that information promptly.

12. Your choices and rights

You have the following choices regardless of where you live:

• Access and export: view your data in-app; export a PDF report (Settings, My Report).
• Correct: edit any entry in-app.
• Delete: delete individual entries, or delete all your data in-app via Settings, Privacy, Delete Everything, Delete All Data. This action removes your on-device data. To also remove a Cloud Backup file from your iCloud (iOS) or Google Drive (Android), disable Cloud Backup in Settings and remove the backup file via the Apple or Google data-management tools.
• Disable AI features: Settings, Privacy, AI Features. Until the toggle ships, contact us at privacy@phaze.fit to disable.
• Disconnect HealthKit or Health Connect: revoke from device system settings.
• Disable Cloud Backup: toggle off in Settings, Cloud Backup.
• Opt out of analytics: until the in-app control ships, your platform's system controls ("Limit Ad Tracking" on iOS, "Delete advertising ID" on Android) restrict ad-attribution SDKs (Meta AEM, TikTok); contact us at privacy@phaze.fit for full opt-out of product analytics.
• Push notifications: disable in device system settings.

To exercise any right not available in-app, email privacy@phaze.fit. We will verify your identity (typically by matching to the email of record) and respond within the timeframe required by your local law (generally 30 days under GDPR, 15 days under LGPD, 45 days under CCPA). If we cannot complete the request in that time, we will tell you why and what timeframe applies. You may appoint an authorized agent under CCPA and CPRA.

13. Jurisdiction-specific notices

13.1 European Economic Area and United Kingdom (GDPR / UK GDPR)

Controller and representatives: Zeit Capital Ltda. EU Representative: not currently appointed; see Section 1 for status and contact route. UK Representative: not currently appointed; see Section 1.

Lawful basis: see Section 4 table. We rely on explicit consent for special category health data (Art 9(2)(a) GDPR).

Your rights: access (Art 15), rectification (Art 16), erasure (Art 17), restriction (Art 18), portability (Art 20), object (Art 21), withdraw consent (Art 7(3)), and not be subject to solely automated decisions with legal or similarly significant effects (Art 22). Automated decision-making: AI-generated suggestions in Ember and food scan are decision-support, not solely automated decisions with legal effects. You can disable them and continue using Phaze.

International transfers: We are based in Brazil. Your data may be transferred to the United States or other jurisdictions where our processors operate. We rely on EU Standard Contractual Clauses with our processors, the EU-U.S. Data Privacy Framework where applicable (we verify each processor's DPF certification status), and Transfer Impact Assessments. Contact privacy@phaze.fit for details of the safeguards in place for a specific transfer.

Complaints: you may lodge a complaint with the supervisory authority of your habitual residence. For UK users: the Information Commissioner's Office (ico.org.uk). Cookies and similar technologies on phaze.fit are covered in Section 14.

13.2 Brazil (LGPD)

Controller: Zeit Capital Ltda, registered in Brazil. Encarregado de Dados: Vinicius, privacy@phaze.fit.

Legal bases: Article 7 (general) and Article 11 (sensitive data: health, biometric where applicable). We rely on specific consent (Art 11(I)) for health data.

Your rights (Art 18): confirmation of processing; access; correction; anonymization, blocking, or deletion of unnecessary or excessive data; portability; deletion of data processed with consent; information about public and private entities with whom we share; information about the possibility of not providing consent; revocation of consent.

International transfers: we use standard contractual clauses approved by ANPD (Resolucao CD/ANPD no 19/2024) for cross-border transfers where applicable.

ANPD: you may submit a complaint to the Autoridade Nacional de Protecao de Dados (gov.br/anpd).

13.3 California (CCPA / CPRA)

We collect the following CCPA categories of personal information:

Sale and share: we do not sell or share personal information (including SPI) as those terms are defined in CCPA and CPRA. We do not engage in cross-context behavioral advertising. Sources are: directly from you, from your device, from Apple HealthKit or Google Health Connect if you authorize. Business purposes are as listed in Section 4. Disclosure to third parties is limited to the processors listed in Section 6, in their service-provider capacity.

Your CCPA rights: know, access, delete, correct, opt-out of sale or share (not applicable, we do not sell or share), limit use of Sensitive Personal Information, no retaliation, authorized agent. Submit requests via privacy@phaze.fit or Settings, Privacy, Your Privacy Choices. Premium subscription tiers ("Phaze Pro") are payment for additional features, not a "financial incentive" tied to data collection. Shine the Light: you may request information about disclosures of personal information to third parties for direct marketing. We make none.

Universal opt-out signals (GPC): we honor Global Privacy Control signals on phaze.fit.

13.4 Washington (My Health My Data Act)

See the Consumer Health Data Privacy Policy for the disclosures required by the Washington My Health My Data Act, including categories of consumer health data, purposes, third parties, your right to withdraw consent, delete, and appeal.

13.5 Other US states (CO, CT, VA, UT, TX, OR, MT, IA, DE, NJ, MD, MN, NH, RI, TN, NV)

Residents of these states have rights including access, correction, deletion, portability, and opt-out of targeted advertising or sale (we do not engage in either). Health information is treated as sensitive data and we obtain opt-in consent before processing. Universal opt-out signals are honored where required. Submit requests to privacy@phaze.fit.

13.6 Japan (APPI)

Health data is treated as special care-required personal information and processed only with your opt-in consent. International transfer recipients and their data-protection frameworks are disclosed in Section 6.

13.7 China (PIPL)

Phaze does not actively offer the Service in mainland China. The Simplified Chinese localization is provided for users in other regions. Users in mainland China should not use the Service.

14. Cookies and similar technologies (phaze.fit)

The phaze.fit website uses:

• Strictly necessary cookies: a country cookie set from your IP-derived country header, used for locale and pricing routing; a sidebar_state cookie that remembers the open or closed state of the documentation sidebar.
• First-party performance and analytics: Vercel Analytics and Vercel Speed Insights, which use first-party storage and do not load third-party tracking pixels.
• Third-party widget: the Trustpilot review widget loads lazily from widget.trustpilot.com on every page including the medication-information pages (for example, /ozempic, /wegovy); it may set its own cookies subject to Trustpilot's policies.

We do not embed Meta Pixel, TikTok Pixel, Snap Pixel, Google Ads conversion tag, Pinterest tag, or LinkedIn Insight tag on phaze.fit. We do not engage in cross-context behavioral advertising.

You can manage cookie preferences from your browser settings.

The Phaze mobile application uses the Meta Aggregated Event Measurement and TikTok Business SDKs for install attribution. On iOS, TikTok requests App Tracking Transparency authorization. We do not use these SDKs to serve personalized advertising within Phaze, and we do not embed advertising tags on phaze.fit.

15. Changes to this Policy

We will post material changes here and notify you in-app or by email at least 30 days before they take effect, except where a shorter timeframe is required by law. We will not apply material new uses to data we already hold without obtaining your consent where required.

16. Contact

Questions, requests, complaints:

Phaze is not a medical device. The Service does not provide medical advice, diagnosis, or treatment. Always consult your healthcare provider regarding medications, dosing, or symptoms.