Volya
Back home

Privacy

Draft — pre-launch placeholder, will be replaced by counsel-reviewed copy before V1. · Last updated 2026-06-01

We treat your health data like the sensitive information it is. Here's the short version of what we collect, why, and what we won't do with it.

What we collect

Account email + the answers you give in onboarding (goal, equipment, diet, allergens, optional medical conditions). When you log workouts, weight, or meals, we store those entries linked to your account. Photos you upload (progress pics, fridge contents) live in our object storage, isolated to your row.

Why we collect it

To build a plan that actually fits you. A vegan with a knee injury training for a marathon needs different programming than a powerlifter — that only works if we have the inputs. We don't sell this data and we don't use it to train any model that ships outside your account.

AI features and third-party processors

AI features (Eva (our AI coach), photo plate scan, menu scan, fridge scan, workout plan generation, recipe generation) send your messages, photos and recent activity to Google LLC via the Gemini API (processed in EU/US). Google is contractually bound by their Generative AI Terms not to train on your data. We never send your name, email or address to Gemini.

AI memory (facts the coach remembers)

After each coach reply we extract up to 3 short facts about you (e.g. "prefers morning workouts", "training for an October marathon") and store them in your profile. Cap: 50 facts. You can (a) toggle Privacy Mode 🔒 in chat to pause extraction, (b) view all stored facts at /account/coach/memory, (c) delete any or all of them with one tap.

AI-generated images

Some exercise illustrations and recipe photos are AI-generated (Gemini / Replicate). Each such image carries an "AI" overlay tag and an aria-label so screen readers + users can see it's synthetic. (EU AI Act Art. 50 — enforceable 2026-08-02.)

Health-related data (GDPR Art. 9)

When the AI memory captures an injury, soreness, dietary restriction or recovery note, that counts as special category health data under GDPR Art. 9. We ask for explicit, separate consent before storing any such note. You can revoke consent at any time on /account/coach — revoking immediately wipes all stored memory.

Medical pause

Toggling medical pause on /account stops the streak counter, the coach shifts to a gentler prompt, and we record the on/off state with a timestamp so the streak math can verify it later. This row is not shared with third parties; it's only used to keep your honest streak honest.

Audit log for health-data changes

Every change to your medical conditions list writes one audit row containing your user ID, an action key ("profile.medical_conditions.set"), a count of conditions stored, and a peppered HMAC fingerprint of the values. The actual conditions are never written to the audit table — they live encrypted in your profile row. The audit log is read only by us, and only for incident response (e.g. proving when consent was given).

Cookies

Volya sets one strictly necessary cookie (`volya_session`) so we can keep you signed in. It is httpOnly, SameSite=Lax, and never read by client JavaScript. We do NOT use third-party analytics, marketing, or social cookies today. If we add any in future you'll see the cookie banner ask first; you can pick essential-only and we won't load them.

Who we share it with

Supabase hosts the database. Anthropic processes your AI-coach messages (subject to their zero-retention API mode where supported). Stripe / RevenueCat process payments. Sentry receives crash reports (we scrub user IDs and free-text fields server-side first). That's the full list.

Your rights

Delete your account and all derived data from /account/settings. Request a JSON export of everything we hold on you by emailing privacy@volya.fit — we respond within 30 days (GDPR Art. 15). Object to specific processing the same way. If you live in the EU/UK/CA: GDPR / UK GDPR / PIPEDA rights apply.

How long we keep it

Active accounts: as long as you're using Volya. Deleted accounts: 30-day soft-delete window in case you change your mind, then full erasure from primary stores; backups roll out within 90 days. Health-data exports include an audit trail of when entries were created or edited.

Questions? Email hello@volya.fit.