Privacy Policy — PhysiqueMax
DRAFT for legal review. This is a working draft, not legal advice. Have it reviewed by a German data-protection lawyer before launch. Items marked TODO must be filled in.
Controller: Blocksize One UG (haftungsbeschränkt), Oberstr. 3, 47829 Krefeld, Germany — support@physiquemax.app
1. What this app does with your data
PhysiqueMax analyzes photos of your body to generate predicted images of your physique after 30 to 90 days of training (and unlockable further milestones), and lets you compare weekly progress photos against those predictions.
2. Categories of data
- Body photos you upload (front/side/back and weekly progress photos). These may reveal health-related information and are treated as special-category data under Art. 9 GDPR.
- Derived estimates (e.g. body-fat estimate, physique score, generated prediction images)
- Profile inputs: age range, height, weight, training goal
- Purchase data: subscription status via Apple (we never see your payment details)
- Technical data: app diagnostics, crash logs, product analytics events (PostHog, EU Cloud — anonymized IP, no advertising identifiers), subscription entitlement status (RevenueCat)
3. Legal bases
- Generation of predictions from your photos: your explicit consent (Art. 9(2)(a) GDPR), given in-app before the first scan. You can withdraw it at any time in Settings; withdrawal deletes server-side data.
- Contract performance for subscription features (Art. 6(1)(b)).
- Legitimate interest for crash diagnostics (Art. 6(1)(f)).
4. Processing and retention of photos
- Scan photos are uploaded encrypted (TLS), processed to generate your timeline, and deleted from our servers within 24 hours of processing.
- Generated prediction images and weekly progress photos are stored on your device. Optional cloud backup is off by default.
- We do not use your photos to train AI models.
5. Processors / recipients
- Apple (App Store, payments)
- Image/video generation API providers: TODO — list final providers (e.g. Higgsfield, OpenAI), link their DPAs, confirm EU SCCs for third-country transfers (Art. 46 GDPR)
- RevenueCat, Inc. (subscription management; receives purchase tokens, no photos) — DPA + SCCs required
- PostHog (product analytics, EU Cloud data residency; event data only, never photos)
- Meta Platforms Ireland Ltd. (ad measurement: app events such as install/subscription, hashed identifiers, ONLY with your consent via the tracking toggle; never photos or body data) — lawyer to draft consent wording + joint-controllership note
- Cloudflare, Inc. (hosting/CDN/backend infrastructure; Cloudflare DPA + EU Data Localization Suite — lawyer to verify Schrems II posture)
6. Your rights
Access, rectification, erasure, restriction, portability, objection, withdrawal of consent (Arts. 15–21 GDPR). In-app: Settings → Delete account & data removes all server-side data. Complaints: LDI Nordrhein-Westfalen.
7. Age
PhysiqueMax is an 18+ service. We use automated checks (on-device and server-side) to reject content that appears to involve anyone under 18; such content is deleted immediately.
8. No automated decisions with legal effect
Predictions are visualizations for motivation, not decisions producing legal effects (Art. 22 GDPR).
9. Changes
We will notify you in-app of material changes.
Last updated: TODO