← Back to Home

Privacy Policy for the Phemilo iOS App

1. Data Controller

The data controller responsible for processing your personal data under the General Data Protection Regulation (GDPR) is:

Lukas Möller
c/o POSTFLEX PFX-083-616
Emsdettener Straße 10
48268 Greven, Germany
Email: support@phemilo.app

2. Core Principle: Local Storage and Apple CloudKit

Your privacy is our highest priority. Most workout, profile, body, and training data is stored locally on your device and, if enabled, in your private Apple iCloud database through Apple's CloudKit service. We do not have access to your private iCloud database.

Some optional or server-based features require limited data to be processed by our backend infrastructure or third-party providers. This includes subscriptions, AI credits, AI chat and plan generation, opt-in analytics, diagnostics, exercise search, and share links. These cases are described below.

If you create a share link for a plan, workout day, or exercise, the shared payload is uploaded to Apple's CloudKit public database so that people with the link can import it. Only create share links for content you intend to share.

3. Apple Health (HealthKit) Integration

Our app integrates with Apple's HealthKit framework (Apple Inc., 1 Cupertino, CA 95014, USA) to provide you with a seamless fitness experience.

  • Reading Data: With your explicit consent, we read data such as calories burned, heart rate, pace, weight, and waist circumference from Apple Health to display and analyze them within the app.
  • Writing Data: With your consent, we save completed workouts and manually entered body measurements directly to your Apple Health app.

STRICT HEALTHKIT DATA USAGE POLICY: We guarantee that data collected from Apple HealthKit will never be used for marketing, advertising, or similar use cases. We do not sell this data to data brokers or share it with third parties. Processing is strictly limited to providing the app's core functionality based on your consent (Art. 6 (1) (a) GDPR). You can revoke these permissions at any time in your iOS "Health" settings.

4. Analytics with PostHog (Opt-in, Pseudonymous)

To detect bugs, fix crashes, and understand which features of our app are used, we use the analytics service PostHog. Analytics is disabled by default and is only enabled after you give consent in the app. You can disable analytics again at any time in the app settings.

  • Data Minimization: We configure PostHog for privacy-friendly analytics. We do not intentionally send Apple Health data, AI chat content, free-text notes, or personal profiles to PostHog.
  • Typical Events: Analytics events may include app launches, onboarding steps, feature usage, paywall views, settings changes, and technical diagnostics. These events may be associated with a pseudonymous app or device identifier so we can understand usage over time and debug issues.
  • EU Hosting: The collected telemetry data is hosted on servers located within the European Union.

The legal basis for analytics is your consent (Art. 6 (1) (a) GDPR).

5. In-App Purchases and Subscriptions (RevenueCat)

We use RevenueCat (RevenueCat, Inc., USA) to manage in-app purchases and subscriptions. RevenueCat does not process Apple Health data. It processes a pseudonymous App User ID, purchase tokens, subscription status, trial eligibility, and purchase history (which subscription or in-app purchase was purchased and when) to unlock premium features for you. The legal basis for this is the performance of a contract (Art. 6 (1) (b) GDPR).

6. Backend Services and AI Credits (Supabase)

We use Supabase to operate selected backend functions for Phemilo. These functions support AI credits, premium entitlement checks, AI feature access, exercise search, and related technical services.

  • AI Credits: Supabase may store a pseudonymous App User ID, monthly and purchased AI credit balances, credit debit events, and technical timestamps.
  • RevenueCat Webhooks: When RevenueCat notifies us about selected purchase events, we store limited webhook metadata such as event type, event ID, pseudonymous App User ID, and processing timestamp to prevent duplicate processing and grant purchased AI credits.
  • AI Usage Logs: For AI plan generation, we may store usage metadata such as provider, model, token counts, estimated cost, duration, and timestamp. If you have allowed AI telemetry, the prompt and AI response may also be stored for debugging and quality assurance. If telemetry is disabled where supported, prompts and responses are minimized or not stored in our Supabase usage logs.

7. Artificial Intelligence (AI) Features and Data Processing

To provide personalized coaching and dynamic workout generation, Phemilo offers optional Artificial Intelligence (AI) features, including an AI Chat Assistant and an AI Workout Plan Generator.

  • Explicit Consent (GDPR Article 9): Because workout routines and fitness goals may be considered "special category data" (health data) under the GDPR, we require your explicit, opt-in consent before you can access our AI features. You will be prompted to grant this consent within the app before using these features for the first time.
  • What Data is Shared: If you choose to use our AI features, we only transmit the data strictly necessary to generate your response or workout plan. This may include:
    • Your chat messages and prompts.
    • Your stated fitness goals, available equipment, training level, focus areas, and target workout frequency.
    • Relevant workout or plan context, such as exercises in your current plan, sets, reps, target weights, and AI memories or preferences you saved.
  • Data Minimization and Pseudonymization: We employ strict data minimization. Your name, email address, or Apple ID is not transmitted to our AI providers by default. AI requests may be associated with a pseudonymous App User ID so we can enforce subscriptions, manage AI credits, prevent abuse, and debug system quality.
  • Third-Party AI Providers: To power these features, we use secure third-party Large Language Model (LLM) APIs, currently via OpenRouter and the configured model providers behind it.
  • Strict "No Training" Policy: We guarantee that any data transmitted to our AI providers is strictly prohibited from being used to train, improve, or fine-tune any AI models. Your data is only processed temporarily to generate your requested response and is not retained by the provider for training purposes.
  • AI Processing, Observability, and Quality Assurance: When you interact with Phemilo AI, your chat inputs and the AI's responses are processed by our LLM providers. To ensure the safety, quality, and reliability of our AI, and to support transparency and traceability requirements, we may log AI interactions using Langfuse, a specialized third-party observability platform hosted in the European Union. These logs may be associated with a pseudonymous App User ID and are used solely by our engineering team to debug errors, improve prompt quality, monitor system health, and investigate abuse. Please do not share sensitive personally identifiable information or medical data in the chat.
  • Your Right to Withdraw Consent (GDPR Article 7(3)): You have the right to withdraw your consent for AI processing at any time. You can instantly revoke your consent by navigating to Settings -> Data & Privacy within the Phemilo app and toggling off "AI Coaching Consent." Revoking your consent will disable the AI features but will not affect your access to the rest of the app, nor will it delete workout plans you have already generated.
  • Automated Decision-Making: While the AI generates workout suggestions, it does not make legally binding decisions or decisions that significantly affect you. Phemilo AI is an automated assistant, and you are always in control of accepting, editing, or rejecting the generated workouts. Please verify all health-related suggestions and consult a physician before beginning any new exercise routine.

8. Additional Permissions

  • Location: If you track outdoor cardio workouts, Phemilo may use your location to map routes, calculate distance, and save workout routes to Apple Health. Location data is processed on device and is not intentionally sent to our analytics or AI providers.
  • Camera and Photos: If you choose a profile or exercise image, Phemilo may access the selected photo or camera capture. These images are stored locally or in your private app data and are not uploaded to our backend by default.
  • Microphone and Speech Recognition: If you use voice input for AI, audio is used to convert your speech into text. The resulting text may be sent to the AI service when you submit it. Raw audio is not intentionally stored by Phemilo.

9. Your Choices and Deletion Requests

You can disable analytics and AI consent in the app settings. You can also manage Apple Health permissions in the iOS Health app and system settings.

To request deletion of backend AI credit, AI usage, or support data associated with your pseudonymous App User ID or email address, contact us at support@phemilo.app. Some purchase records may need to be retained where required for fraud prevention, accounting, or legal obligations.

10. Contact and Support

If you contact us via email, we will store your email address and the content of your message solely for the purpose of processing your request. This data will be deleted once your inquiry has been fully resolved.