Privacy Policy
Effective date: June 18, 2026 · Last updated: June 18, 2026
This Privacy Policy describes how Physiq: Rate My Physique AI ("Physiq," "we," "us," or "our") collects, uses, and protects your information. This policy applies to the Physiq mobile application (the "App").
Also see our Terms of Service and Support.
Who We Are
Data Controller: Anton, individual developer
Location: Batumi, Georgia
Contact: support@byanton.dev
Website: byanton.dev
As a small-scale individual developer, we are not required to appoint a Data Protection Officer under GDPR Article 37. For all privacy inquiries, contact us at the email above.
Summary: Physiq is an AI physique-rating app — you take a couple of photos of your physique and Physiq scores your aesthetics from 0–100, with a tier, an estimated percentile, and a metric breakdown (muscularity, leanness, V-taper, definition, symmetry, proportion, face, and a body-part breakdown), plus a level-up plan. Your scans, photos, results, body metrics, plan and progress are stored only on your device. When you run a scan, the photo(s) you capture or choose are sent to Google Gemini (via our Cloudflare Workers proxy) to estimate your scores — processed in real time and not stored on our servers, never sold, and never used to train AI models. We require no account, collect no name, email, location, contacts, or tracking identifiers, show no ads, use no third-party analytics, and do not read Apple Health. Physiq is an entertainment and motivation tool and is not medical, fitness, or body-composition advice.
1. AI System Disclosure (EU AI Act Article 50)
You are interacting with an artificial intelligence system. Specifically:
- Your physique rating (the overall 0–100 score, tier, estimated percentile, the individual aesthetic metrics — such as muscularity, leanness, V-taper, definition, symmetry, proportion and face — the body-part breakdown, and the short written read-out) is produced by Google Gemini 2.5 Flash, an AI vision model from Google LLC, accessed via Google Vertex AI.
- AI estimates are subjective and approximate and may contain inaccuracies. They are an aesthetic opinion for entertainment and motivation only — not a medical, fitness, or clinical body-composition measurement, not a body-fat percentage, and not a diagnosis or assessment of your health.
- Your projected "potential" score, target dates, streaks and plan are calculated on your device from your scan results and the figures you enter. They are gentle estimates, not guarantees of any physical outcome.
2. Information We Collect
2.1 Information You Provide
| Data | Purpose | Storage | Retention |
|---|
| The physique photo(s) you capture or pick for a scan | Estimating your physique score, metrics and breakdown for that scan | The chosen image(s) are sent ephemerally to Google Gemini for the request; the photo is also saved with the scan on your device | Cloud: processed in real time, not stored on our servers. Local: until you delete the scan or the App |
| Scan results (overall score, tier, percentile, aesthetic metrics, body-part breakdown, written read-out, level-up plan) | Showing your result, history and progress over time | On your device only (SwiftData) | Until you delete it or the App |
| Profile you set during onboarding (first name, gender, age range, height, weight, goal, body type) | Personalising your experience, plan and unit display | On your device only (SwiftData) | Until you change it or delete the App |
| Plan, streak and progress activity | Showing your daily plan, streak and trend | On your device only (SwiftData) | Until you delete it or the App |
| Preferences (units, notifications on/off) | Personalising the experience | On your device (UserDefaults / SwiftData) | Until you change it or delete the App |
2.2 Information Collected Automatically
- Anonymous subscription status — managed by Apple StoreKit to confirm Physiq Pro access. No name or email is associated with it.
- IP address — visible to our Cloudflare Workers proxy only for rate-limit keying (abuse / cost protection). The IP is never stored in our cache, never shared with Google, and never sold.
- Locale and app version — sent as standard request headers (for response language and diagnostics). Visible to Cloudflare in request logs (~24 h retention).
Physiq does not use any third-party analytics, advertising, or crash-reporting SDK. We do not track which screens you view.
2.3 Information We Do NOT Collect
- Email address, phone number, name, or physical address (unless you choose to email our support)
- Location (GPS) — we never request location permission
- Contacts, calendar, or microphone
- Apple Health / HealthKit — Physiq does not read from or write to Apple Health
- Advertising identifiers (IDFA) — we do not use App Tracking Transparency
- Browsing history, cookies, or web tracking pixels
- We do not create user accounts or require registration; no Apple, Google, or social sign-in
Camera & Photos: Physiq requests camera access (to photograph your physique) and uses the system photo picker (to choose an existing photo). Only the single image you take or select for a scan is used — the App never browses, scans, or uploads your photo library. Your photos are yours; you can delete any scan and its photo at any time.
3. Legal Basis for Processing (GDPR Article 6)
A photo of your body may, in some contexts, be considered sensitive. We process it on your device and transiently in the cloud solely to provide the rating you request; where any processing requires it, our basis is your explicit consent (Article 9(2)(a)), which you give by choosing to run a scan and can withdraw at any time by deleting the data or the App.
| Processing Activity | Legal Basis |
|---|
| Sending your physique photo to the cloud AI | Performance of a contract / your request — only happens when you tap "scan" or "rate" |
| Storing your scans, photos, results, body metrics and progress locally | Performance of a contract + your explicit consent (Article 9(2)(a)) |
| Subscription processing | Performance of a contract (via Apple StoreKit) |
| Rate limiting and abuse prevention | Legitimate interest (service availability, AI-cost protection, and security) |
4. Third-Party Services
Apple Guideline 5.1.2(i) Disclosure: The following named third parties may process your data. Your physique photo is shared with Google's AI service only when you actively run a scan.
| Provider | Service | Data Sent | Retention by Provider |
|---|
| Google LLC (Vertex AI — Gemini 2.5 Flash) | Estimating your physique score, metrics and breakdown from your photo | The physique image(s) you submit for the scan + locale | Not retained. Not used for model training per Vertex AI / Gemini enterprise data-usage terms. |
| Cloudflare, Inc. (Workers) | Secure proxy routing between the App and Google's AI API; per-IP rate limiting | Encrypted request body (HMAC-SHA256 signed); IP visible to the rate limiter only | Rate-limit counters: short sliding window. Request logs ~24 h. No long-term storage of your data. |
| Apple Inc. (StoreKit) | In-app purchase / subscription processing | Managed by Apple per Apple's Privacy Policy | Managed by Apple |
All cloud data transfers use TLS encryption, HMAC-SHA256 request signing, and a short timestamp anti-replay window. The photo you submit is transmitted only for the duration of a single request and is not written to disk on the Cloudflare proxy.
5. Data Storage and Retention
| Data | Where Stored | Retention Period |
|---|
| Scans, photos, results, body metrics, plan, progress, preferences | Your device (SwiftData, app sandbox) | Until you delete it in-app or uninstall the App |
| Physique image in transit to the AI provider | Cloudflare Workers (in memory) → Google Cloud (in memory) | Processed in real time, not written to disk by our proxy |
| Rate-limit counters | Cloudflare Workers | Short sliding window, per IP |
| Subscription data | Apple servers | Managed per Apple's privacy policy |
Because your data lives on your device, deleting the App permanently removes all of it — scans, photos, results, body metrics and progress. There is no server-side copy to request or erase, and your data does not sync between devices.
6. Children's Privacy
Physiq deals with body image and shirtless physique photography and is intended for adults (18+). It is not directed to children.
- COPPA: We do not knowingly collect personal information from children under 13. If we discover such data was collected, we will delete it immediately.
- GDPR Article 8: The cloud AI features are not intended for minors below your country's digital age of consent.
- We do not sell, share, or use anyone's data for advertising or AI model training.
7. Your Rights
All Users
- Access: Your full history is visible inside the App (your scans, results and progress).
- Deletion: Delete any scan in-app, or remove all data by deleting the App. Because the data is on-device, this is immediate and complete.
- Subscription: Manage or cancel anytime via Settings → Apple ID → Subscriptions, or restore a prior purchase from the App's Profile screen.
EU/EEA Residents (GDPR)
- Right to access, rectification, erasure, restriction of processing, portability, and objection
- Right to withdraw consent at any time without affecting prior processing
- Right to lodge a complaint with your local data protection authority (e.g., CNIL in France, BfDI in Germany, DPC in Ireland)
- Our AI processing is for informational entertainment only and produces no legal or similarly significant automated decisions
California Residents (CCPA/CPRA)
- Right to know, delete, correct, and opt-out of sale/sharing
- We do not sell or share your personal information and do not use your data for cross-context behavioral advertising
Brazil (LGPD) · Turkey (KVKK) · Japan (APPI)
- Rights to confirmation, access, correction, deletion, portability, and consent withdrawal as provided under each law
- We respond to verified data-subject requests within the statutory window (e.g., 15 days LGPD, 30 days KVKK)
- Cross-border transfers to the US are conducted under appropriate safeguards (see Section 9)
8. Apple Required Privacy Disclosures
8.1 Required Reasons API (PrivacyInfo.xcprivacy)
Physiq declares the following API usage in its privacy manifest:
| API | Reason |
|---|
| UserDefaults | Store app preferences and onboarding state (reason: CA92.1) |
8.2 App Store Privacy Nutrition Label
| Data Type | Linked to Identity | Used for Tracking | Purpose |
|---|
| User Content (the physique photo you submit) | No | No | App Functionality (AI physique rating) |
| Health & Fitness (height, weight, body metrics) | No | No | App Functionality (stored on-device for your tracking) |
| Purchases (Subscription Status) | No | No | App Functionality (entitlement verification) |
We do not collect any data type not listed above, and we do not engage in tracking as defined by Apple's App Tracking Transparency framework. Body metrics are stored on your device for your own tracking and are not transmitted to us.
9. International Data Transfers
Physique images sent to AI features are processed in the United States (Google Cloud Platform, Cloudflare). These transfers are protected by EU Standard Contractual Clauses (GDPR Article 46), the Google Cloud Data Processing Addendum, Cloudflare's data processing agreement, the EU-US Data Privacy Framework where applicable, and TLS encryption with HMAC-SHA256 request signing.
10. Data Security
- All data in transit encrypted using TLS (HTTPS)
- All API requests to our Cloudflare Workers proxy are signed with HMAC-SHA256 and a short timestamp window to prevent tampering and replay attacks, plus a bundle-identifier check and per-IP rate limiting
- Your scans, photos, body metrics and progress are stored on your device, protected by iOS sandboxing
- Server-side processing keeps your image in memory only — not written to disk on the proxy
- No user accounts, no passwords, no saved credentials — minimal attack surface
11. No Tracking, No Advertising
- Physiq does not track you across apps or websites
- We do not use advertising identifiers (IDFA) or App Tracking Transparency
- We do not display advertisements
- We do not share data with data brokers or ad networks
- We do not sell or share your personal information under any circumstances
12. Data Breach Notification
In the unlikely event of a data breach affecting your personal information, we will notify affected users and relevant supervisory authorities within 72 hours of discovery as required (GDPR, LGPD, KVKK), and take immediate steps to contain and remediate it.
13. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated through an updated "Last updated" date and, where practicable, an in-app notice. Continued use after changes constitutes acceptance.
14. Not Medical or Fitness Advice · Body Image
Physiq provides a subjective, AI-generated aesthetic opinion for entertainment and motivation only. Your score, tier, percentile, metrics, "potential" projection and level-up plan are not medical, fitness, diagnostic, or body-composition advice, are not a body-fat or health measurement, and are not a substitute for a physician, registered dietitian, or qualified trainer. A single AI score is not a measure of your worth, your health, or your attractiveness. If rating your body causes you distress, or if you have or are at risk of body dysmorphia, disordered eating, or exercise compulsion, please step away from the App and consider speaking with a qualified professional or a local support line. Always consult a healthcare professional before starting a new diet or exercise program.
15. Contact Us
© 2026 Anton. All rights reserved.