Privacy Policy

Introduction

Welcome to Arvia AI ("we," "our," or "us"). The service is operated by an independent developer using the Arvia AI name; if we later form a registered company, we will update this policy as needed.

We are committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, and safeguard your information when you use our mobile application and services. Arvia AI is offered to users worldwide. By using Arvia AI, you agree to the collection and use of information in accordance with this policy. Our Terms of Service govern use of the App.

Information We Collect

We may collect the following types of information:

• Account information (such as name and email address) when you register or sign in
• Onboarding responses only—your answers to the in-app onboarding questions (the App does not accept arbitrary free-text prompts or file uploads for AI processing)
• Usage data and interactions with the app (for example, feature usage and in-app activity)
• Device information (device type, operating system, unique device identifiers)
• Log and technical data (IP address, app activity, crash reports, diagnostics)
• Information you provide directly through the app (such as support requests or feedback)

Health and fitness data. For the AI personalization features, the App collects health and fitness information you provide during onboarding, which may include: age, sex, height, weight, body measurements, fitness level, workout history, health conditions or injuries you choose to disclose, fitness goals, and dietary preferences or restrictions. This information is health-related and is treated with additional care as described in the AI Processing and Legal Basis sections below. You are not required to disclose specific medical conditions — answers to health-related questions can be provided at whatever level of detail you are comfortable with.

How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve our services—including operating AI-powered features
• Authenticate your account and sync your data across devices via our backend infrastructure
• Personalize your experience with Arvia AI
• Send you important updates and notifications
• Respond to your comments and support requests
• Monitor and analyze usage patterns to improve functionality, reliability, and security
• Detect and prevent fraudulent or unauthorized activity

Legal Basis for Processing (GDPR / UK GDPR)

If you are in the European Economic Area (EEA), United Kingdom, or Switzerland, we process your personal data on the following legal bases:

• Contract performance — processing necessary to provide the App and its features to you (e.g., account management, syncing data across devices).
• Legitimate interests — analytics, fraud prevention, and security measures, where our interests are not overridden by your rights and freedoms.
• Explicit consent — processing of health-related data (special category data under GDPR Art. 9), including fitness information, health conditions, and body measurements you provide during onboarding. You may withdraw consent at any time by contacting us at support@arvia-ai.com, though this may limit App functionality (specifically, the AI personalization features).
• Legal obligation — where we must retain or disclose data to comply with applicable law.

AI Processing and OpenAI

To personalize the App, we transmit your answers to onboarding questions and limited session or technical context needed to process them to OpenAI (or its affiliates), which processes that information to generate outputs. We do not send a separate free-form chat or arbitrary user prompts—only the onboarding flow implemented in the App.

OpenAI acts as a service provider processing data on our behalf in accordance with our instructions and our agreement with them. How OpenAI handles information—including retention, security, and subprocessors—is governed by OpenAI’s policies and the terms applicable to our use of their services. See: OpenAI Privacy Policy.

The onboarding questions in the App include health and fitness information (such as your fitness goals, current activity level, health conditions or injuries you choose to disclose, and body measurements). This information is used to generate your personalized program and may be transmitted to our AI provider (OpenAI) as described above. We treat this information as health-related data and handle it with additional care. By providing this information during onboarding, you explicitly consent to its use for this purpose. You are not required to disclose specific medical conditions — answers to health-related questions can be provided at whatever level of detail you are comfortable with. Please avoid including financial account details or government identifiers (such as passport numbers or tax IDs) in your onboarding answers, as these are not needed for the service and we have no way to prevent them from being processed by OpenAI.

Backend Infrastructure (Supabase)

We use Supabase for core backend services, which may include authentication, database storage, and related infrastructure that supports account data, app configuration, and operational logs. Data processed through Supabase is subject to Supabase’s terms and privacy practices. See: Supabase Privacy.

Where your data is physically stored depends on our Supabase project configuration and Supabase’s infrastructure; it may be located in regions outside your country of residence (see International Data Transfers below).

Data Sharing & Disclosure

We do not sell your personal data. We may share your information with the categories of recipients below, and otherwise only as described in this policy:

• OpenAI — AI processing of onboarding responses to generate personalized programs. See: OpenAI Privacy Policy.
• Supabase — backend infrastructure including authentication, database storage, and operational logs. See: Supabase Privacy.
• RevenueCat — subscription management and entitlement tracking; processes purchase status and subscription state. See: RevenueCat Privacy Policy.
• Platform providers—such as Apple or Google, as needed to distribute the app, process in-app purchases, or comply with store policies
• If required by law, regulation, or legal process
• To protect the rights, property, or safety of Arvia AI, our users, or the public
• In connection with a merger, acquisition, or sale of assets (we will notify you where required)

International Data Transfers

We operate globally. Your information may be processed and stored in countries other than where you live, including countries that may not be deemed to provide the same level of data protection as your home jurisdiction.

Where required by applicable law, we implement appropriate safeguards for international transfers (such as standard contractual clauses or other lawful mechanisms). You may contact us using the email below for more information about these safeguards where applicable.

In-App Purchases & Platform Providers

Payments are processed by Apple (App Store) or Google (Google Play), not by us directly. We may share information with the applicable platform—for example, purchase status, subscription state, or usage tied to paid features—as needed to validate entitlements, prevent fraud, handle billing or refund disputes, and comply with that platform’s policies.

On iOS, where Apple requires it for refund-related requests, you acknowledge that we may share data regarding your usage and consumption of purchased content with Apple so it can assess refund requests, in line with Apple’s policies. On Android, Google Play’s terms and privacy policy govern how Google processes purchase-related data.

Data Retention

We retain account data for as long as your account is active. If you delete your account, we will delete or anonymize your personal data within 30 days, except where we are required to retain it for legal purposes (typically up to 7 years for financial and transaction records). Health and fitness data you provide during onboarding is retained as part of your account and is deleted with your account unless retained for legal purposes.

Data processed by OpenAI may be retained according to their API data usage policies as described in the OpenAI Privacy Policy. Data processed by Supabase is retained in our project until deleted at account closure. RevenueCat may retain subscription and transaction data per their policies and applicable financial record-keeping requirements.

You may request deletion of your account and associated data by contacting us at support@arvia-ai.com. We will respond in line with applicable law; some information may be retained where required for legal, security, or legitimate business purposes.

Security

We implement industry-standard security measures to protect your data, including encryption in transit and at rest. However, no method of transmission over the internet or electronic storage is 100% secure, and we cannot guarantee absolute security.

Children's Privacy

Arvia AI is not directed to children under the age of 13 (or under the applicable age of digital consent in your country — for example, 16 in Germany and the Netherlands, 15 in France, 14 in Spain and Austria). We do not knowingly collect personal information from children below this threshold. If you believe a child below the applicable age has provided us with personal data without appropriate parental consent, please contact us at support@arvia-ai.com and we will delete it promptly.

If you are between 13 and 18 (or the higher applicable threshold in your country), certain features of the App — including calorie tracking, macro targets, and weight management — are intended for use with parental or guardian supervision and, where appropriate, medical guidance.

Your Rights

Depending on where you live, you may have rights under local privacy laws (for example, in the European Economic Area, the United Kingdom, Switzerland, California, or other jurisdictions). These may include the right to:

• Access the personal data we hold about you
• Request correction of inaccurate data
• Request deletion of your personal data
• Object to or restrict certain processing, or opt out of certain activities where applicable
• Data portability
• Lodge a complaint with a supervisory authority in your country or region, where applicable

California residents (CCPA/CPRA): In addition to the rights above, you have the right to opt out of the "sale" or "sharing" of personal information. We do not sell your personal information for money. We may share certain identifiers with analytics or advertising services; to opt out of such sharing, contact us at support@arvia-ai.com with "California Privacy Request" in the subject line. You also have the right to limit use of sensitive personal information, which includes health and fitness data we collect.

To exercise any of these rights, contact us at the email below. We may need to verify your request before responding. If you are in the EEA, UK, or Switzerland and believe we have not resolved your concern, you may have the right to contact your local data protection authority.

Not a Covered Healthcare Service

Arvia AI is a consumer wellness and fitness application. It is not a healthcare provider, health plan, or healthcare clearinghouse as defined under HIPAA (the US Health Insurance Portability and Accountability Act). The App does not create or maintain protected health records (PHRs), and HIPAA does not apply to data collected through Arvia AI. Your data is governed by this Privacy Policy and applicable privacy laws — not HIPAA.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by updating the date at the top of this page and, where appropriate, through in-app notifications. We encourage you to review this policy periodically.