Privacy Policy

Last updated: May 20, 2026 · Version 1.0 (initial draft — pending legal review)

This Privacy Policy explains what information Catcher ("we", "the app") collects, how we use it, with whom we share it, and what rights you have over it.

One-line summary: Catcher is local-first. The vast majority of your data lives on your own phone, not on our servers. The data that does pass through third parties is listed below.

1. Who's responsible

Catcher (the "app") is operated by its primary developer. Contact: support@catcher.app.

2. What data we process

2.1 Data you create inside the app (stays on your phone)

Catcher stores in a local SQLite database, inside your own device:

• Profile information you enter (name, age, sex, height, weight, goals).
• Meals, recipes, meal photos and nutritional data.
• Routines, workout sessions, sets, reps, exercises, perceived effort.
• Body measurements and body composition.
• Notes, mood, sleep manually logged, and other events you record.
• Medical exam results you upload (PDFs and images) and their extracted values.
• Conversations with the AI coach.
• Data synced from wearables (see §3).

This data is not sent to our servers. If you uninstall Catcher without enabling backup, this data is deleted along with the app.

2.2 Account data (Firebase Authentication)

When you create an account or log in, we collect:

• Your email address.
• Your name (if you provide it or sign in with Google).
• A unique identifier (UID) generated by Firebase.
• Technical login metadata (date, masked IP, device type) — managed by Google Firebase.

2.3 Data sent to the AI coach (Google Gemini / Firebase AI Logic)

When you interact with the coach, the content of your message + context the app deems relevant (e.g., recent nutrition, latest workout, metrics) is sent to Google Gemini via Firebase AI Logic to generate the response.

Google states that calls via Firebase AI Logic are not used to train models and are not retained beyond the minimum latency required.

2.4 Crash reports and technical metrics (Firebase Crashlytics + Analytics)

To detect failures and improve the app, we process:

• Error logs and stack traces when the app crashes.
• Anonymous usage metrics (which screens were opened, session duration).
• Anonymous device identifier (Android Advertising ID or equivalent).

This data is aggregated and does not allow personal identification.

3. Third-party integrations

If you voluntarily connect them, Catcher accesses data from the following services:

• Google Health Connect — steps, heart rate, sleep, weight, exercise, blood oxygen, blood pressure, hydration, blood glucose, menstrual cycle, body temperature, total and active energy, and distance (14 read scopes).
• Strava — sports activities logged in Strava (via OAuth 2.0).
• Withings — weight, body composition, sleep, blood pressure (via OAuth 2.0).
• Google Drive — to save and restore the encrypted backup of your local database. Catcher only accesses the folder it created ("app data folder"), not other files.
• WeatherAPI — temperature, humidity, and weather at your approximate location when logging outdoor workouts.
• FatSecret / Open Food Facts — food search. We only send the search query (text), not personal data.

You can disconnect any of these integrations at any time from Settings.

4. System permissions

The app requests permissions only when the feature requires it, justified as follows:

• Camera — to photograph meals, medical exams, and the scale/measuring tape when taking measurements.
• Microphone — for the coach's "Live" mode (voice conversation). Audio is processed in real time and not stored.
• Location — to record the weather of your outdoor workouts, only when you enable it.
• Photo library — so you can attach images to meals and exams from your own gallery.
• Notifications — reminders you configure.
• Exact alarm — so meal and workout reminders fire at the exact time you set.
• Foreground service — to keep the voice session with the coach active while on screen.

5. How we use the data

• To make the app work (display your information, compute metrics, sync wearables).
• So the AI coach can give answers that take your real context into account.
• To detect and fix technical failures.
• To improve the app from aggregated, anonymous metrics.

We don't sell your data. We don't share it with advertisers. We don't do advertising profiling.

6. Medical data and "not a medical device"

Catcher processes sensitive health information (exams, body metrics, sleep, cycle, etc.). Catcher is not a medical device. The app and its AI coach are informational tools and do not replace the diagnosis, prescription, or treatment of a healthcare professional. For any concern or serious symptom, consult your doctor.

7. How long we keep your data

• Data on your phone — for as long as you have the app installed.
• Your Firebase Authentication account — until you or we (upon your request) delete it.
• Crash reports — up to 90 days, then anonymized or discarded.
• Google Drive backup — lives in your own Drive, you control it.

8. Your rights

Over your personal data, you have the right to:

• Access — all your data is visible inside the app.
• Rectify — you can edit any data you entered.
• Erase — from Profile → Your personal information → Session → Delete account and data, or via this page.
• Portability — export your database via the Google Drive backup.
• Object — disconnect any integrations you don't want to use.
• Withdraw consent — at any time, without affecting the lawfulness of previous processing.

9. International transfers

Firebase and other Google services process data on servers in the United States and the European Union. These transfers rely on the standard contractual clauses approved by the European Commission.

10. Minimum age

Catcher is not directed at children under 16. If you discover that a minor created an account, contact us so we can delete it.

11. Changes to this policy

When we make substantive changes, we will notify you within the app and update the date above. For minor changes (typo fixes, clarifications), we may only update this page.

12. Contact

For any rights exercise or question: support@catcher.app.

Important note: this policy is an initial technical draft and must be reviewed by a lawyer with privacy experience before public launch on Google Play.