Privacy Policy — Client App
Last updated: June 25, 2026
Naff is a fitness service that connects you with a personal trainer and helps track your nutrition, activity, and progress. This Privacy Policy explains what data the Naff client app collects, how it is used, and how it is protected.
1. Who we are
Naff is a fitness service that connects a user with a personal trainer and helps track nutrition, activity, and progress. The data controller is Naff.
2. Data we collect
Account data: phone number, encrypted (hashed) password, and name. Profile data: goals, body metrics, meal plans, and tasks. Health and activity data: steps, sleep, and active calories. Food photos for meal recognition. Technical data: push token (Firebase Cloud Messaging), device identifier, and app activity (logs and crash diagnostics).
3. Health data
The app requests access to health and fitness data solely to display your activity and progress inside the app. We read this data only with your explicit permission, via Health Connect (Android) or Apple Health (iOS). Health data is never shared with third parties, is not used for advertising or marketing, and is never sold or transferred to data brokers or ad networks. You can revoke access at any time in Health Connect or Apple Health.
4. How we use data
We use data to provide the service (workouts, meal plans, progress tracking), to enable communication with your trainer, to send notifications, to recognize meals and calculate nutrients, and for security, diagnostics, and improving the app.
5. Data sharing
We do not sell your personal data. We may share data with your trainer to build plans and give feedback, with infrastructure providers such as Google Firebase (push notifications, hosting, crash analytics), and with authorities where required by law. Health data is excluded from sharing.
6. Data retention and deletion
We retain data for as long as needed to provide the service. You may request deletion by contacting us, and we will process the request within a reasonable time.
7. Security
Data in transit is protected with encryption (HTTPS/TLS) and passwords are stored hashed. We apply reasonable technical and organizational safeguards to protect your data.
8. Children
The app is not intended for individuals under 16. We do not knowingly collect data from children.
9. Changes to this policy
We may update this Policy from time to time. The current version is always available on this page, with the effective date shown at the top.
10. Contact
For any privacy questions or requests, contact us via Telegram (@naff_ai) or by email at [contact email].