Privacy · Prophiit

What Prophiit collects, what we don't, and who can see it. Last updated 2026-05-04.

Who we are

Prophiit is a fitness coaching platform operated from Aotearoa New Zealand. The data controller is Prophiit Ltd. Contact: support@entityfit.app.

What we collect

Account data (email, name, password hash). Profile data you provide (weight, height, DOB, goals). Photos you upload (body analysis, Prophiit AI baseline, gallery, meal snaps, workout snaps). Activity data (workouts, nutrition logs, schedule). Payment metadata via Stripe — we never see card numbers. Optional: HealthKit / Google Fit if you connect them.

Who can see your data

You. Anyone you explicitly connect to (a trainer you choose; a gym you join). App admins for moderation only. Nobody else. Photos default to private — sharing with a coach is a per-photo opt-in. RLS on every table enforces this server-side, not just in the UI.

How we use AI

Claude (Anthropic) reads your photos for body-analysis and Prophiit AI, and answers messages in the AI Coach. Replicate runs FLUX inpainting for Prophiit AI renders. Both providers are bound by their own data policies — they do not use your inputs to train models. We never feed your data to third-party advertising.

Storage and retention

Data lives in Supabase (Postgres + storage), EU and US regions. We delete your account on request — see Settings → Delete account. Photos and rows cascade. Stripe customer records are deleted on a 30-day timer for tax compliance.

Your rights (GDPR / CCPA)

Access, correction, deletion, export, objection. Email support@entityfit.app and we will action within 30 days. We honour Do Not Track and global privacy controls.