Last updated: March 27, 2026
Welcome to TortoFit ("the app"). Your privacy is important to us. This Privacy Policy explains what information we collect, how we collect it, how we use it, who we share it with, and how we protect it.
By using the app, you agree to the collection and use of information as described in this policy.
When you sign in using Sign In with Apple, we collect:
Your first name may be visible to other users on the leaderboard. Your email is used as your account identifier and is encrypted at rest.
With your explicit consent (granted through the iOS HealthKit permission prompt), we read the following categories of data from Apple Health:
How we collect this data: HealthKit data is read from the Apple Health app on your device after you grant permission through the standard iOS HealthKit authorization prompt. We only read data — we never write to Apple Health.
We use this data to calculate personalized health scores (biological age, athletic age, longevity score) and provide fitness insights.
If you log meals in the app, we collect and store:
How we collect this data: You manually enter food log entries through the app's meal tracking interface.
If you upload blood panel results, we collect the values you provide. This may include biomarkers such as cholesterol levels, blood cell counts, metabolic panels, and other lab values.
How we collect this data: You manually enter blood test results through the app's blood work interface.
This data is encrypted (AES-256-GCM) before being stored in the cloud.
If you choose to personalize your weekly fitness mascot, you may select one photo from your library using Apple’s standard photo picker (you are not granting us access to your entire photo library).
This optional photo flow is separate from the Elite health-analysis AI described in Section 2. It only runs when you explicitly choose a photo and (for cloud analysis) have granted AI consent.
We use Google Firebase Analytics and Mixpanel to understand how the app is used and to improve the product. Depending on your account and app settings, this may include:
How we collect this data: Event data is sent from the app to Firebase and Mixpanel over HTTPS when you use the app. We may also append copies of select analytics events to our own Google Firebase Firestore database for internal funnel reporting and operations; those copies are subject to the same access controls as your other cloud data.
Mixpanel may derive approximate geographic information (such as city or region) from IP address when that feature is enabled in their SDK. We configure analytics for product improvement, not for selling data.
We may use Apple’s AdServices APIs to attribute installs to Apple Search Ads campaigns; where available, campaign metadata may be stored in analytics as described above.
We do not use this data for third-party advertising networks, and we do not sell your personal information.
If you allow Location When In Use on iOS, the app may request a coarse device location (kilometer-level accuracy) to perform a one-time or occasional reverse geocode and determine your city and country. We use this to enrich your profile for in-app experiences (for example leaderboards or regional context) and for the analytics purposes described in Section 1.6.
How we collect this data: Apple’s Core Location and geocoding services process coordinates on Apple’s systems; we store the resulting city and country (for example as text on your profile) in Firebase Firestore together with your other account data.
You can revoke access at any time in iOS Settings > Privacy & Security > Location Services and selecting TortoFit. If you deny location, the rest of the app continues to work; we may still infer coarse region from your device locale or IP where permitted by analytics providers.
Important: This section describes how your personal health data is shared with a third-party AI service. Please read it carefully.
TortoFit offers AI-powered health analysis through specialist AI agents that provide personalized health insights, including biological age analysis, disease risk assessment, nutrition recommendations, and fitness guidance. This feature is available to Elite tier subscribers.
When you use AI health analysis features, the following categories of your health data are sent to a third-party AI service:
We do NOT send your name, email address, Apple ID, or any other personally identifiable information to the AI service. Your health data is sent without any account identifiers.
Your health data is sent to Anthropic, PBC, the company that operates the Claude AI large language model. The data flows through the following path:
Per Anthropic's API Terms of Service and data processing policies:
The sole purpose of sharing your health data with Anthropic's Claude AI is to generate personalized health insights, including:
Your data is never used for advertising, marketing, or any purpose other than providing you with personalized health analysis.
Consent: Before any health data is sent to the AI service, the app presents an explicit consent prompt explaining what data will be shared and with whom. AI analysis features are never activated without your permission. You must actively choose to use AI features after reviewing the disclosure.
How to disable AI data sharing: You can revoke your consent and stop AI health data sharing at any time by:
When AI consent is off, no health data is sent to Anthropic for Elite analysis, and optional mascot reference-photo analysis will not run (your locally saved mascot photo, if any, stays on your device until you delete it). Weekly mascot image generation that does not use your photo may still use other subscription-gated AI image services as described in your in-app disclosures.
If you opt in and select a reference photo (Section 1.5), that image is transmitted to our Cloud Function and then to Anthropic solely to obtain short text traits for stylizing your cartoon mascot. It is not mixed with your name, email, or Apple ID in that request. Anthropic’s handling of API data is described in Section 2.4. If you do not use this feature or do not grant AI consent, no reference photo is sent.
We use your information for the following purposes:
Your account information, calculated health scores, nutrition log, and app preferences are stored in Google Firebase Firestore. Sensitive fields (such as blood test data) are encrypted using AES-256-GCM before storage. Your encryption key is stored securely in the iOS Keychain on your device and never leaves your device.
Health data read from Apple Health is processed on your device. Calculated scores and preferences are also cached locally on your device using standard iOS storage. If you use mascot personalization, your chosen reference image and any cached trait JSON are stored only on your device unless you trigger cloud analysis as described in Section 1.5.
Your data is retained as long as your account is active. You may request deletion of your data at any time by contacting us (see below).
We use the following third-party services. Each service receives only the data necessary for its function and provides protection of your data consistent with this Privacy Policy:
| Service | Provider | Purpose | Data Shared |
|---|---|---|---|
| Apple HealthKit | Apple Inc. | Read health & fitness data | Read-only access with your consent |
| Google Firebase | Google LLC | Authentication, cloud storage, analytics, Cloud Functions, optional analytics event mirror in Firestore | Account info, health scores, nutrition data, encrypted blood work, city/country when stored on profile, product analytics events |
| Mixpanel | Mixpanel, Inc. | Product analytics, funnels, cohorts | Event data, pseudonymous user ID, profile properties you configure in-app (e.g. tier, age group); approximate geo from IP when enabled |
| Apple Location & Maps | Apple Inc. | Optional coarse device location and reverse geocoding when you grant When In Use permission | Transient location fix and geocoding on Apple systems; we store resulting city/country text in our backend as described above |
| Anthropic Claude API | Anthropic, PBC | AI-powered health insights (Elite tier); optional mascot reference-photo trait extraction when you opt in (Section 1.5) | Health: de-identified metrics, blood work, food logs (no name, email, or account ID). Mascot: user-selected reference image sent only for trait text output, not retained on our servers as an image asset. |
| Apple StoreKit | Apple Inc. | Subscription & purchase processing | Transaction data (handled entirely by Apple) |
We do not sell, rent, or share your personal data with advertisers or data brokers. We do not share data with any third parties other than those listed above.
The app offers auto-renewable subscriptions (Monthly and Annual plans). Subscriptions auto-renew unless cancelled at least 24 hours before the end of the current period. You can manage or cancel your subscription in Settings > Apple ID > Subscriptions.
We use commercially reasonable measures to protect your data, including:
No method of electronic storage is 100% secure, and we cannot guarantee absolute protection.
You have the right to:
This app is not directed at children under 13. We do not knowingly collect personal information from children under 13. If you believe we have collected such information, please contact us immediately.
We may update this policy periodically. Changes will be posted on this page with an updated date. We will not make material changes that expand data collection or third-party data sharing without notifying users and obtaining consent where required.
For questions about this Privacy Policy, to request data deletion, or to revoke AI data sharing consent, please contact us at:
TortoFit
Email: support@honestdev.co
Thank you for trusting us with your health journey.