Privacy Policy
Last updated June 9, 2026 · ZENITH iOS application
Introduction
ZENITH ("we", "our", or "us") operates the ZENITH mobile application. This Privacy Policy explains how we collect, use, disclose, and safeguard your information. If you disagree with these terms, please stop using the App.
Information We Collect
What you give us
- Name and email address (via Sign in with Apple)
- Age
- Health and wellness data: skin condition self-assessments, sleep hours, water intake, energy levels, workout logs
- Progress photos you voluntarily upload
- Goals and focus areas
- Usage preferences and app settings
Collected automatically
- Device information (iOS version, device model, unique device identifiers)
- App usage data (screens viewed, features used, session duration)
- Crash reports and performance data via Sentry
- Push notification tokens
From third parties
- Authentication data from Apple (name, email, unique ID)
- Subscription status from RevenueCat
- Analytics data via PostHog
Face-Related Data
ZENITH does not collect Face ID or Touch ID biometric templates, facial geometry maps, or use facial recognition to identify users. Face ID / Touch ID uses Apple's on-device LocalAuthentication API only — no biometric data reaches our servers.
Progress photos may include your face. These are stored as standard photos for progress tracking and AI feedback. We do not extract or store biometric face templates.
How We Use Your Information
- To provide and personalize the App's features and your ZENITH program
- To calculate and display your progress scores
- To power AI coaching via OpenRouter
- To enforce fair usage limits shown in the App
- To send push notifications (with your permission)
- To process subscription payments via RevenueCat
- To improve the App through analytics
- To comply with legal obligations
Data Storage and Security
All personal data is stored in Supabase using AES-256 encryption at rest and TLS 1.2+ in transit. Authentication tokens are stored in iOS Keychain via expo-secure-store. We never store your Apple ID credentials — only tokens provided by Apple. Progress photos are stored in Supabase Storage with private access policies. Row Level Security (RLS) ensures you can only access your own data.
Third-Party Services
- Supabase — Database and authentication (supabase.com/privacy)
- RevenueCat — Subscription management (revenuecat.com/privacy)
- PostHog — Usage analytics, anonymized (posthog.com/privacy)
- Sentry — Crash reporting (sentry.io/privacy)
- OpenRouter — AI coaching responses (openrouter.ai/privacy)
- Apple — Authentication (apple.com/privacy)
Your Health Data
The wellness data you enter in ZENITH (skin ratings, sleep, exercise) is treated as sensitive health information. We do not sell this data. We do not share it with insurance companies, employers, or healthcare providers. It is used solely to provide personalized coaching within the App.
Your Rights
- Access your personal data (export available in Account settings)
- Correct inaccurate data (edit profile at any time)
- Delete your data (Delete Account in Settings removes all data within 30 days)
- Withdraw consent for analytics (disable in Settings › Security)
- Lodge a complaint with your local data protection authority
Data Retention
Active accounts: data retained while account is active. Deleted accounts: all personal data removed within 30 days, except records required for legal compliance (transaction records retained 7 years per tax law). Anonymized analytics may be retained indefinitely.
Children's Privacy
ZENITH is not intended for users under 13. We do not knowingly collect data from children under 13. If we discover such data, we will delete it immediately.
Changes to This Policy
We will notify users of material changes via push notification and in-app notice at least 7 days before changes take effect.
Apple-Specific Disclosures
If you use Sign in with Apple, Apple may provide a unique identifier and, on first sign-in, your name and email. You can manage Apple ID permissions in iOS Settings.
Subscriptions and refunds are processed by Apple. We do not receive your full payment card number. ZENITH is on the App Store (App ID 6776723661, SKU ZENITH-IOS-001).
ZENITH may request camera, photo library, storage, and notification permissions. You may revoke these in iOS Settings at any time.
App Tracking & Analytics
We use PostHog for first-party analytics tied to a pseudonymous user ID — not your name or email unless you sign in. ZENITH does not sell personal information, does not share health or progress data with ad networks, and does not use your data for cross-app advertising.
ZENITH requests App Tracking Transparency permission on first launch. You may allow or deny — core features work either way. Disable analytics anytime in Settings › Security.
AI Coaching Data
Messages to the AI Coach are transmitted to OpenRouter and underlying model providers. Do not submit sensitive personal data you don't want processed by AI vendors. AI output is automated and may be inaccurate — it is not medical or professional advice.
California Privacy Rights (CCPA/CPRA)
California residents may request to know, correct, delete, and opt out of the sale of personal information. We do not sell personal information. Email thezenithappsupport@gmail.com with "California Privacy Request". We will respond within 45 days.
EEA, UK & Switzerland (GDPR)
Our legal bases include contract performance, legitimate interests (security, analytics, improvement), and consent (notifications, optional features). You may request access, rectification, erasure, restriction, portability, and objection by emailing thezenithappsupport@gmail.com.
International Data Transfers
Your data may be processed in the United States and other countries where our service providers operate. We rely on appropriate safeguards such as standard contractual clauses where required.
Data Breach Notification
If we become aware of a breach affecting your personal data, we will notify affected users and regulators as required by applicable law.