Privacy Policy for TortoFit

Last updated: March 12, 2026

Welcome to TortoFit ("the app"). Your privacy is important to us. This Privacy Policy explains what information we collect, how we collect it, how we use it, who we share it with, and how we protect it.

By using the app, you agree to the collection and use of information as described in this policy.

1. Information We Collect

1.1 Account Information

When you sign in using Sign In with Apple, we collect:

  • Name (first name and, optionally, last name)
  • Email address (or Apple's Private Relay email, if you choose "Hide My Email")

Your first name may be visible to other users on the leaderboard. Your email is used as your account identifier and is encrypted at rest.

1.2 Health & Fitness Data (via Apple HealthKit)

With your explicit consent (granted through the iOS HealthKit permission prompt), we read the following categories of data from Apple Health:

  • Activity: Step count, exercise minutes, workout data
  • Heart: Heart rate, resting heart rate, heart rate variability, blood pressure
  • Sleep & Respiratory: Sleep analysis, respiratory rate, oxygen saturation
  • Body Measurements: VO2 Max, body mass, body fat percentage, BMI, lean body mass
  • Clinical: Blood glucose, wrist temperature
  • Mindfulness: Mindful sessions
  • Demographics: Date of birth, biological sex

How we collect this data: HealthKit data is read from the Apple Health app on your device after you grant permission through the standard iOS HealthKit authorization prompt. We only read data — we never write to Apple Health.

We use this data to calculate personalized health scores (biological age, athletic age, longevity score) and provide fitness insights.

1.3 Manually Entered Nutrition Data

If you log meals in the app, we collect and store:

  • Food names, calorie and macronutrient values, meal dates

How we collect this data: You manually enter food log entries through the app's meal tracking interface.

1.4 Manually Entered Blood Test Data

If you upload blood panel results, we collect the values you provide. This may include biomarkers such as cholesterol levels, blood cell counts, metabolic panels, and other lab values.

How we collect this data: You manually enter blood test results through the app's blood work interface.

This data is encrypted (AES-256-GCM) before being stored in the cloud.

1.5 Usage & Analytics Data

We use Firebase Analytics to collect anonymized usage data, including:

  • App session events (screens viewed, features used)
  • Subscription and purchase events
  • Age group and gender (aggregated, not personally identifiable)
  • Device type and iOS version

How we collect this data: Firebase Analytics SDK automatically collects anonymized event data during app usage.

We do not use this data for advertising or share it with ad networks.

2. AI-Powered Health Analysis & Third-Party AI Data Sharing

Important: This section describes how your personal health data is shared with a third-party AI service. Please read it carefully.

2.1 What This Feature Does

TortoFit offers AI-powered health analysis through specialist AI agents that provide personalized health insights, including biological age analysis, disease risk assessment, nutrition recommendations, and fitness guidance. This feature is available to Elite tier subscribers.

2.2 What Data Is Sent

When you use AI health analysis features, the following categories of your health data are sent to a third-party AI service:

  • HealthKit data: Heart rate, resting heart rate, heart rate variability, blood pressure, VO2 Max, step count, exercise minutes, sleep analysis, respiratory rate, oxygen saturation, body mass, body fat percentage, BMI, blood glucose, wrist temperature
  • Manually entered blood work: Any blood panel results you have entered (e.g., cholesterol, blood cell counts, metabolic panel values)
  • Manually entered food logs: Meal names, calorie and macronutrient values
  • Demographic data: Date of birth, biological sex (used for age-appropriate health analysis)

We do NOT send your name, email address, Apple ID, or any other personally identifiable information to the AI service. Your health data is sent without any account identifiers.

2.3 Who the Data Is Sent To

Your health data is sent to Anthropic, PBC, the company that operates the Claude AI large language model. The data flows through the following path:

  1. Your device sends an encrypted HTTPS request to our Google Cloud Function (hosted on Google Cloud Platform)
  2. The Google Cloud Function forwards your health data to Anthropic's Claude API (api.anthropic.com) via a secure HTTPS connection
  3. Anthropic's Claude API processes the data and returns personalized health insights
  4. The Google Cloud Function relays the AI-generated insights back to your device

2.4 How Anthropic Handles Your Data

Per Anthropic's API Terms of Service and data processing policies:

  • Anthropic processes your data only for the duration of the API request to generate a response
  • Anthropic does not retain your data after the request is completed
  • Anthropic does not use your data to train, improve, or fine-tune their AI models
  • Anthropic's full usage policy is available at anthropic.com/policies

2.5 Purpose of AI Data Sharing

The sole purpose of sharing your health data with Anthropic's Claude AI is to generate personalized health insights, including:

  • Biological age estimation and longevity analysis
  • Disease risk assessments based on your health metrics
  • Personalized nutrition and fitness recommendations
  • Blood work interpretation and health trend analysis

Your data is never used for advertising, marketing, or any purpose other than providing you with personalized health analysis.

2.6 Your Consent & How to Opt Out

Consent: Before any health data is sent to the AI service, the app presents an explicit consent prompt explaining what data will be shared and with whom. AI analysis features are never activated without your permission. You must actively choose to use AI features after reviewing the disclosure.

How to disable AI data sharing: You can revoke your consent and stop all AI data sharing at any time by:

  • Navigating to Settings > AI Health Analysis within the app and toggling the feature off
  • Downgrading from the Elite subscription tier (AI features are only available to Elite subscribers)
  • Contacting us at support@honestdev.co to request AI features be disabled on your account

When AI features are disabled, no health data is sent to Anthropic or any other third-party AI service. All other app features (health scores, tracking, leaderboard) continue to work without any third-party data sharing.

3. How We Use Your Data

We use your information for the following purposes:

  • Health score calculation: Calculate biological age, athletic age, longevity score, and nutritional age on your device
  • AI-powered insights (Elite tier): Send health metrics to Anthropic's Claude API to generate personalized health analysis (see Section 2 above)
  • Leaderboard: Display your ranking using first name only
  • Subscription management: Process subscriptions and in-app purchases via Apple StoreKit
  • App improvement: Fix bugs and improve performance using anonymized Firebase Analytics data

4. How We Store Your Data

4.1 Cloud Storage (Google Firebase Firestore)

Your account information, calculated health scores, nutrition log, and app preferences are stored in Google Firebase Firestore. Sensitive fields (such as blood test data) are encrypted using AES-256-GCM before storage. Your encryption key is stored securely in the iOS Keychain on your device and never leaves your device.

4.2 Local Storage

Health data read from Apple Health is processed on your device. Calculated scores and preferences are also cached locally on your device using standard iOS storage.

4.3 Data Retention

Your data is retained as long as your account is active. You may request deletion of your data at any time by contacting us (see below).

5. Third-Party Services

We use the following third-party services. Each service receives only the data necessary for its function and provides protection of your data consistent with this Privacy Policy:

Service Provider Purpose Data Shared
Apple HealthKit Apple Inc. Read health & fitness data Read-only access with your consent
Google Firebase Google LLC Authentication, cloud storage, analytics, Cloud Functions Account info, health scores, nutrition data, encrypted blood work, anonymized analytics
Anthropic Claude API Anthropic, PBC AI-powered health insights (Elite tier only) De-identified health metrics, blood work, food logs (no name, email, or account ID)
Apple StoreKit Apple Inc. Subscription & purchase processing Transaction data (handled entirely by Apple)

We do not sell, rent, or share your personal data with advertisers or data brokers. We do not share data with any third parties other than those listed above.

6. Auto-Renewable Subscriptions

The app offers auto-renewable subscriptions (Monthly and Annual plans). Subscriptions auto-renew unless cancelled at least 24 hours before the end of the current period. You can manage or cancel your subscription in Settings > Apple ID > Subscriptions.

7. Data Security

We use commercially reasonable measures to protect your data, including:

  • AES-256-GCM encryption for sensitive fields stored in the cloud
  • iOS Keychain for encryption key storage (device-only, never transmitted)
  • HTTPS/TLS for all network communication, including data sent to Anthropic
  • Firebase Authentication for secure account access
  • De-identification of health data before sending to AI services (no name, email, or account identifiers)

No method of electronic storage is 100% secure, and we cannot guarantee absolute protection.

8. Your Rights

You have the right to:

  • Access your data by contacting us
  • Delete your account and associated data by contacting us
  • Revoke HealthKit access at any time in iOS Settings > Privacy & Security > Health
  • Revoke Sign In with Apple at any time in iOS Settings > Apple Account > Sign-In & Security > Sign In with Apple
  • Disable AI health analysis at any time in the app's Settings > AI Health Analysis (this immediately stops all data sharing with Anthropic)
  • Revoke AI consent by contacting us at support@honestdev.co

9. Children's Privacy

This app is not directed at children under 13. We do not knowingly collect personal information from children under 13. If you believe we have collected such information, please contact us immediately.

10. Changes to This Privacy Policy

We may update this policy periodically. Changes will be posted on this page with an updated date. We will not make material changes that expand data collection or third-party data sharing without notifying users and obtaining consent where required.

11. Contact Us

For questions about this Privacy Policy, to request data deletion, or to revoke AI data sharing consent, please contact us at:

TortoFit
Email: support@honestdev.co

Thank you for trusting us with your health journey.