Privacy Policy — Client App

Last updated: June 25, 2026

Naff is a fitness service that connects you with a personal trainer and helps track your nutrition, activity, and progress. This Privacy Policy explains what data the Naff client app collects, how it is used, and how it is protected.

1. Who we are

Naff is a fitness service that connects a user with a personal trainer and helps track nutrition, activity, and progress. The data controller is Naff.

2. Data we collect

Account data: phone number, encrypted (hashed) password, and name. Profile data: goals, body metrics, meal plans, and tasks. Health and activity data: steps, sleep, and active calories. Food photos for meal recognition. Technical data: push token (Firebase Cloud Messaging), device identifier, and app activity (logs and crash diagnostics).

3. Health data

The app requests access to health and fitness data solely to display your activity and progress inside the app. We read this data only with your explicit permission, via Health Connect (Android) or Apple Health (iOS). Health data is never shared with third parties, is not used for advertising or marketing, and is never sold or transferred to data brokers or ad networks. You can revoke access at any time in Health Connect or Apple Health.

4. How we use data

We use data to provide the service (workouts, meal plans, progress tracking), to enable communication with your trainer, to send notifications, to recognize meals and calculate nutrients, and for security, diagnostics, and improving the app.

5. Data sharing

We do not sell your personal data. We may share data with your trainer to build plans and give feedback, with infrastructure providers such as Google Firebase (push notifications, hosting, crash analytics), and with authorities where required by law. Health data is excluded from sharing.

6. Data retention and deletion

We retain data for as long as needed to provide the service. You may request deletion by contacting us, and we will process the request within a reasonable time.

7. Security

Data in transit is protected with encryption (HTTPS/TLS) and passwords are stored hashed. We apply reasonable technical and organizational safeguards to protect your data.

8. Children

The app is not intended for individuals under 16. We do not knowingly collect data from children.

9. Changes to this policy

We may update this Policy from time to time. The current version is always available on this page, with the effective date shown at the top.

10. Contact

For any privacy questions or requests, contact us via Telegram (@naff_ai) or by email at [contact email].