Privacy
Draft — pre-launch placeholder, will be replaced by counsel-reviewed copy before V1. · Last updated 2026-06-01
We treat your health data like the sensitive information it is. Here's the short version of what we collect, why, and what we won't do with it.
What we collect
Account email + the answers you give in onboarding (goal, equipment, diet, allergens, optional medical conditions). When you log workouts, weight, or meals, we store those entries linked to your account. Photos you upload (progress pics, fridge contents) live in our object storage, isolated to your row.
Why we collect it
To build a plan that actually fits you. A vegan with a knee injury training for a marathon needs different programming than a powerlifter — that only works if we have the inputs. We don't sell this data and we don't use it to train any model that ships outside your account.
AI features and third-party processors
AI features (Eva (our AI coach), photo plate scan, menu scan, fridge scan, workout plan generation, recipe generation) send your messages, photos and recent activity to Google LLC via the Gemini API (processed in EU/US). Google is contractually bound by their Generative AI Terms not to train on your data. We never send your name, email or address to Gemini.
AI memory (facts the coach remembers)
After each coach reply we extract up to 3 short facts about you (e.g. "prefers morning workouts", "training for an October marathon") and store them in your profile. Cap: 50 facts. You can (a) toggle Privacy Mode 🔒 in chat to pause extraction, (b) view all stored facts at /account/coach/memory, (c) delete any or all of them with one tap.
AI-generated images
Some exercise illustrations and recipe photos are AI-generated (Gemini / Replicate). Each such image carries an "AI" overlay tag and an aria-label so screen readers + users can see it's synthetic. (EU AI Act Art. 50 — enforceable 2026-08-02.)
Health-related data (GDPR Art. 9)
When the AI memory captures an injury, soreness, dietary restriction or recovery note, that counts as special category health data under GDPR Art. 9. We ask for explicit, separate consent before storing any such note. You can revoke consent at any time on /account/coach — revoking immediately wipes all stored memory.
Medical pause
Toggling medical pause on /account stops the streak counter, the coach shifts to a gentler prompt, and we record the on/off state with a timestamp so the streak math can verify it later. This row is not shared with third parties; it's only used to keep your honest streak honest.
Audit log for health-data changes
Every change to your medical conditions list writes one audit row containing your user ID, an action key ("profile.medical_conditions.set"), a count of conditions stored, and a peppered HMAC fingerprint of the values. The actual conditions are never written to the audit table — they live encrypted in your profile row. The audit log is read only by us, and only for incident response (e.g. proving when consent was given).
Your rights
Delete your account and all derived data from /account/settings. Request a JSON export of everything we hold on you by emailing privacy@volya.fit — we respond within 30 days (GDPR Art. 15). Object to specific processing the same way. If you live in the EU/UK/CA: GDPR / UK GDPR / PIPEDA rights apply.
How long we keep it
Active accounts: as long as you're using Volya. Deleted accounts: 30-day soft-delete window in case you change your mind, then full erasure from primary stores; backups roll out within 90 days. Health-data exports include an audit trail of when entries were created or edited.