Privacy Policy

Last updated: May 16, 2026

Epoch AI ("we", "us", or "our") operates the Epoch mobile application. This Privacy Policy explains how we collect, use, and protect your information when you use our app.

1. Information We Collect

We collect information you provide directly:

Account information: email address and password (or OAuth credentials via Apple/Google)
Profile data: display name, profile photo, bio, height, weight, fitness goals, and activity level
Fitness data: workout logs, nutrition logs, body measurements, progress photos, and water intake
User content: posts, comments, and messages you share within the app

We also collect limited data automatically:

Crash reports and error logs (via Sentry) to improve app stability
Basic usage data to understand how features are used

2. How We Use Your Information

To provide, operate, and improve the Epoch app
To personalize your experience and calculate fitness metrics (TDEE, macros, etc.)
To power the AI coach feature — your fitness data is sent to OpenAI's API to generate responses
To process Pro subscription purchases via RevenueCat and Apple/Google billing
To send transactional emails (account confirmation, password reset) via Supabase
To detect and fix crashes and performance issues

3. Third-Party Services

We use the following third-party services, each governed by their own privacy policies:

Supabase — database, authentication, and file storage
OpenAI — powers the AI coach (your messages and fitness data are processed by OpenAI's API)
RevenueCat — subscription management
Sentry — crash reporting and error monitoring
Expo / EAS — app delivery and over-the-air updates
USDA FoodData Central — food nutrition database (queries are proxied through our server)

4. Data Storage & Security

Your data is stored on Supabase infrastructure. All data is encrypted in transit (HTTPS/TLS). Sensitive data such as session tokens are stored in encrypted storage on your device. We implement row-level security so users can only access their own data.

5. User Content & Community

Posts, workout shares, and meal shares you publish to the Community feed are visible to other Epoch users. You can delete your own posts at any time. Profile privacy settings allow you to control what information is visible to others.

6. Data Retention & Deletion

You can delete your account at any time from the Settings screen in the app. Account deletion permanently removes your profile, fitness data, and user content from our systems within 30 days.

7. Children's Privacy

Epoch is not directed at children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, please contact us at privacy@epochai.app.

8. Your Rights

Depending on your location, you may have rights to access, correct, or delete your personal data, or to object to certain processing. To exercise these rights, contact us at privacy@epochai.app.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes through the app or by email. Continued use of Epoch after changes constitutes acceptance of the updated policy.

10. Contact

For privacy-related questions, contact us at privacy@epochai.app.