Privacy Policy
Last updated: May 22, 2026 · Version 1.1 (initial draft — pending legal review)
This Privacy Policy explains what information Catcher ("we", "the app") collects, how we use it, with whom we share it, and what rights you have over it.
One-line summary: Catcher is local-first. The vast majority of your data lives on your own phone, not on our servers. The data that does pass through third parties is listed below.
1. Who's responsible
Catcher (the "app") is operated by its primary developer. Contact: support@getcatcher.app.
2. What data we process
2.1 Data you create inside the app (stays on your phone)
Catcher stores in a local SQLite database, inside your own device:
- Profile information you enter (name, age, sex, height, weight, goals).
- Meals, recipes, meal photos and nutritional data.
- Routines, workout sessions, sets, reps, exercises, perceived effort.
- Body measurements and body composition.
- Notes, mood, sleep manually logged, and other events you record.
- Medical exam results you upload (PDFs and images) and their extracted values.
- Conversations with the AI coach.
- Data synced from wearables (see §3).
This data is not sent to our servers. If you uninstall Catcher without enabling backup, this data is deleted along with the app.
2.2 Account data (Firebase Authentication)
When you create an account or log in, we collect:
- Your email address.
- Your name (if you provide it or sign in with Google).
- A unique identifier (UID) generated by Firebase.
- Technical login metadata (date, masked IP, device type) — managed by Google Firebase.
2.3 Data sent to the AI coach (Google Gemini / Firebase AI Logic)
When you interact with the coach, the content of your message + context the app deems relevant (e.g., recent nutrition, latest workout, metrics) is sent to Google Gemini via Firebase AI Logic to generate the response.
Google states that calls via Firebase AI Logic are not used to train models and are not retained beyond the minimum latency required.
2.4 Crash reports and technical metrics (Firebase Crashlytics + Analytics)
To detect failures and improve the app, we process:
- Error logs and stack traces when the app crashes.
- Anonymous usage metrics (which screens were opened, session duration).
- Anonymous device identifier (Android Advertising ID or equivalent).
This data is aggregated and does not allow personal identification.
3. Third-party integrations
If you voluntarily connect them, Catcher accesses data from the following services:
- Google Health Connect — steps, heart rate, sleep, weight, exercise, blood oxygen, blood pressure, hydration, blood glucose, menstrual cycle, body temperature, total and active energy, and distance (14 read scopes).
- Strava — sports activities logged in Strava (via OAuth 2.0).
- Withings — weight, body composition, sleep, blood pressure (via OAuth 2.0).
- Google Drive — to save and restore the encrypted backup of your local database. Catcher only accesses the folder it created ("app data folder"), not other files.
- WeatherAPI — temperature, humidity, and weather at your approximate location when logging outdoor workouts.
- FatSecret / USDA / Open Food Facts — food search. We only send the search query (text), not personal data. The FatSecret, WeatherAPI, and USDA keys follow a Bring Your Own Key model: you create your own free account at each service and paste your credentials inside the app; Catcher never sees your keys, which are stored encrypted on your device.
You can disconnect any of these integrations at any time from Settings.
3.1 Strava-specific disclosures
This subsection is required by the Strava API Agreement:
- We use the Strava API to retrieve your own activities only. We do not aggregate, share, or display data from other Strava users.
- Strava data is shown inside Catcher with proper attribution (orange logomark + "Strava" or "Powered by Strava") and a "View on Strava" link that opens the activity at
strava.com/activities/{id}. - You can disconnect Strava at any time from Settings → API and Connections → Strava. Upon disconnect, we delete all Strava-sourced records from your local database within 48 hours, per the API Agreement.
- If you revoke Catcher's access from strava.com/settings/apps instead of from within the app, Strava notifies us via webhook (subscription registered in our backend) and we trigger the same deletion; a client-side fallback also detects revoked refresh tokens on the next sync and purges local data.
- Strava may monitor and collect certain usage data and information related to our use of the Strava API Materials.
- We do not use Strava data to train AI or machine-learning models.
- We do not sell, rent, or redistribute Strava data to third parties under any circumstance.
- For Strava's own privacy policy, see strava.com/legal/privacy.
- In the event of a security incident affecting Strava data, we will notify Strava within 24 hours per the API Agreement.
3.2 Health Connect-specific disclosures
When you grant Catcher access to Health Connect, we may read the following 14 data types (Catcher is read-only with respect to Health Connect — we never write data back):
- Steps (
READ_STEPS) — daily activity tracking and movement-based calorie estimation. - Distance (
READ_DISTANCE) — distance walked/run aggregated into your cardio volume. - Active calories burned (
READ_ACTIVE_CALORIES_BURNED) — daily energy balance. - Total calories burned (
READ_TOTAL_CALORIES_BURNED) — measured TDEE complementing the estimate. - Sleep sessions (
READ_SLEEP) — duration, quality and stages (REM, deep, light, awake, in-bed) for recovery analysis. - Heart rate (
READ_HEART_RATE) — analysis during cardio workouts. - Resting heart rate (
READ_RESTING_HEART_RATE) — recovery and aerobic-fitness indicator. - Heart-rate variability (HRV) (
READ_HEART_RATE_VARIABILITY) — objective readiness/recovery indicator. - Blood oxygen saturation (
READ_OXYGEN_SATURATION) — complementary aerobic-fitness / altitude-acclimatization reference. - Respiratory rate (
READ_RESPIRATORY_RATE) — overnight recovery and stress metric. - Body temperature (
READ_BODY_TEMPERATURE) — trend detection (e.g. febrile state, cycle) that affects training programming. - Exercise (
READ_EXERCISE) — workouts from other apps to avoid duplicates with Strava/Withings. - Weight (
READ_WEIGHT) — weight history for body composition and goal tracking. - Hydration (
READ_HYDRATION) — daily water intake for the nutrition panel.
Catcher also declares the READ_HEALTH_DATA_IN_BACKGROUND permission which (optionally) lets you enable the "Allow accessing data when the app is closed" toggle from your Health Connect settings. Without it, Catcher can only read the data above while the app is open; with it enabled, the morning sync, home widget and AI coach can refresh data even while the app is closed. Strictly optional — if you don't enable it, everything still works when you open the app.
You can revoke any individual permission at any time from your phone's Health Connect settings. If you disable Health Connect entirely, Catcher loses access to new measurements but already-synced records that live in your local database remain until you manually delete them or remove your account.
3.3 Infrastructure providers
- Cloudflare Workers — operates our backend proxy at
api.getcatcher.appthat mediates calls to Google Speech-to-Text, Google Gemini, Strava OAuth, and Withings OAuth. The proxy does not store your health data; it only forwards the request body to the appropriate destination and counts your credit usage. Sensitive secrets (Strava client secret, Withings client secret, Google STT service account, Gemini API key) live exclusively as Cloudflare Workers Secrets and are never bundled in the app binary. - Stadia Maps — serves map tile requests when a map view is displayed in the app. Receives only the current viewport coordinates, not your full location history.
4. System permissions
The app requests permissions only when the feature requires it, justified as follows:
- Camera — to photograph meals, medical exams, and the scale/measuring tape when taking measurements.
- Microphone — for the coach's "Live" mode (voice conversation). Audio is processed in real time and not stored.
- Location — to record the weather of your outdoor workouts, only when you enable it.
- Photo library — so you can attach images to meals and exams from your own gallery.
- Notifications — reminders you configure.
- Exact alarm — so meal and workout reminders fire at the exact time you set.
- Foreground service — to keep the voice session with the coach active while on screen.
5. How we use the data
- To make the app work (display your information, compute metrics, sync wearables).
- So the AI coach can give answers that take your real context into account.
- To detect and fix technical failures.
- To improve the app from aggregated, anonymous metrics.
We don't sell your data. We don't share it with advertisers. We don't do advertising profiling. We don't use your data — nor data from third-party integrations — to train AI or machine-learning models.
6. Medical data and "not a medical device"
Catcher processes sensitive health information (exams, body metrics, sleep, cycle, etc.). Catcher is not a medical device. The app and its AI coach are informational tools and do not replace the diagnosis, prescription, or treatment of a healthcare professional. For any concern or serious symptom, consult your doctor.
7. How long we keep your data
- Data on your phone — for as long as you have the app installed.
- Your Firebase Authentication account — until you or we (upon your request) delete it.
- Crash reports — up to 90 days, then anonymized or discarded.
- Google Drive backup — lives in your own Drive, you control it.
- Strava-sourced data — deleted within 48 hours after disconnecting Strava (via the app, via revoke on strava.com, or via account deletion).
- Backend usage counters (daily credit balance, monthly cost) — 48 hours and 40 days respectively, on Cloudflare Workers KV.
8. Your rights
Over your personal data, you have the right to:
- Access — all your data is visible inside the app.
- Rectify — you can edit any data you entered.
- Erase — from Profile → Your personal information → Session → Delete account and data, or via this page.
- Portability — export your database via the Google Drive backup.
- Object — disconnect any integrations you don't want to use.
- Withdraw consent — at any time, without affecting the lawfulness of previous processing.
9. International transfers
Firebase and other Google services process data on servers in the United States and the European Union. These transfers rely on the standard contractual clauses approved by the European Commission.
10. Minimum age
Catcher is not directed at children under 16. If you discover that a minor created an account, contact us so we can delete it.
11. Changes to this policy
When we make substantive changes, we will notify you within the app and update the date above. For minor changes (typo fixes, clarifications), we may only update this page.
12. Contact
For any rights exercise or question: support@getcatcher.app.
Important note: this policy is an initial technical draft and must be reviewed by a lawyer with privacy experience before public launch on Google Play.