Home
Plans & Pricing
How It Works
Resources
Home
Plans & Pricing
How It Works
Resources
More
  • Home
  • Plans & Pricing
  • How It Works
  • Resources
  • Home
  • Plans & Pricing
  • How It Works
  • Resources

Terms and Conditions

**Effective Date:** April 1, 2026

**Last Updated:** April 9, 2026

ShedPilot ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the ShedPilot mobile application (the "App"). Please read this policy carefully. If you disagree with its terms, please discontinue use of the App.

---

## 1. Information We Collect

### 1.1 Account Information

When you create an account, we collect:

- Name and email address

- Password (stored as SHA-256 hash — we never store plain-text passwords)

- Apple ID token (if you use Sign in with Apple)

- Profile photo (optional)

### 1.2 Health & Fitness Data

To provide personalized coaching, we collect health information you voluntarily provide:

- Age, height, weight, and body measurements

- Health conditions (e.g., Type 2 Diabetes, high blood pressure, food allergies)

- Fitness goals and dietary preferences

- Blood pressure readings (if you use the Blood Pressure Tracker)

- Blood glucose readings (if you use the Blood Sugar Tracker)

- Workout logs (exercises, sets, reps, weight)

- Food diary entries and nutrition data

- Progress photos (stored locally on your device unless you choose to share)

### 1.3 Apple HealthKit Data

With your explicit permission, we read and write data to Apple HealthKit, including:

- Step count, active calories, resting calories

- Heart rate and heart rate variability (HRV)

- Sleep analysis

- Body weight and BMI

- Workout sessions

**HealthKit data is never used for advertising, sold to third parties, or shared with any party other than those described in this policy.**

### 1.4 Oura Ring Data

If you connect your Oura Ring, we access:

- Activity scores and daily movement

- Sleep stages, duration, and quality scores

- Readiness scores and recovery data

This connection is optional and can be revoked at any time.

### 1.5 Usage Data

We automatically collect:

- Device type, operating system version, and app version

- In-app actions and feature usage (anonymized)

- Crash reports and performance data

- IP address and approximate location (city-level, for restaurant search)

### 1.6 Location Data

We request location permission only for the "Nearby Restaurants" feature, which shows diet-compatible dining options near you. We do not track your location in the background.

---

## 2. How We Use Your Information

We use the information we collect to:

- **Personalize your experience** — Generate AI meal plans, workout programs, and coaching responses tailored to your health profile

- **Power AI features** — Send relevant portions of your profile to OpenAI's API to generate meal plans and AI Coach responses (see Section 4)

- **Sync your data** — Store your data in Firebase so it's available across your devices

- **Send health insights** — Push notifications for daily meal plans, workout reminders, and progress milestones

- **Provide customer support** — Respond to your questions and troubleshoot issues

- **Improve the App** — Analyze anonymized usage patterns to fix bugs and add features

- **Process payments** — Manage your subscription through RevenueCat

We do **not** use your health data for advertising, sell it to data brokers, or share it with insurers, employers, or government entities.

---

## 3. Data Storage

### 3.1 On-Device Storage

The following data is stored locally on your device:

- Progress photos

- Offline food diary entries

- Cached meal plans and workouts

- Keychain-secured credentials

### 3.2 Firebase Cloud Storage

The following data is stored in Firebase Firestore (Google Cloud):

- Your user profile and health conditions

- Meal plans, food diary, and nutrition history

- Workout history and personal records

- Blood pressure and blood glucose logs

- AI Coach conversation history

- Social Feed posts and activity

Data is stored in Google Cloud (US region) and protected by Google's infrastructure security. See [Google Cloud Privacy](https://cloud.google.com/privacy) for details.

---

## 4. Third-Party Services

We share data with the following third parties solely to operate the App:

| Service | Purpose | Data Shared | Privacy Policy |

|---------|---------|-------------|----------------|

| **OpenAI** | AI meal plans, AI Coach "Alex" | Health profile, dietary preferences, conversation context | [openai.com/privacy](https://openai.com/privacy) |

| **RevenueCat** | Subscription management | User ID, subscription status, purchase receipts | [revenuecat.com/privacy](https://www.revenuecat.com/privacy) |

| **Apple HealthKit** | Health data sync | As described in Section 1.3 | [apple.com/privacy](https://www.apple.com/privacy/) |

| **Yelp** | Nearby restaurant search | Approximate location, dietary filters | [yelp.com/tos/privacy](https://www.yelp.com/tos/privacy_policy) |

| **Instacart** | Grocery ordering (deep link) | Meal plan ingredient list (via deep link URL) | [instacart.com/privacy](https://www.instacart.com/privacy) |

| **Uber Eats** | Restaurant ordering (deep link) | Restaurant name and order details (via deep link URL) | [uber.com/privacy](https://www.uber.com/legal/en/document/?name=privacy-notice) |

| **Amazon** | Grocery ordering (deep link) | Product search terms (via deep link URL) | [amazon.com/privacy](https://www.amazon.com/gp/help/customer/display.html?nodeId=GX7NJQ4ZB8MHFRNJ) |

| **Firebase / Google** | Backend database and auth | Account data, health logs, app data | [firebase.google.com/support/privacy](https://firebase.google.com/support/privacy) |

We do not sell your personal data to any third party. Ever.

---

## 5. Data Retention

- **Active accounts:** Your data is retained for as long as your account is active.

- **Deleted accounts:** Upon account deletion, your data is removed from our Firebase database within 30 days. Anonymized, aggregated data may be retained for analytics.

- **HealthKit data:** Deleting the App or revoking HealthKit permissions removes our access immediately. Data already written to HealthKit persists in the Health app until you delete it there.

---

## 6. Your Rights

You have the following rights regarding your personal data:

### 6.1 Access

You can view all your stored data within the App at any time (Profile → Settings → My Data).

### 6.2 Export

You can export your health data (blood pressure logs, blood glucose logs, nutrition history) as PDF or CSV files directly from the App.

### 6.3 Correction

You can update your profile, health conditions, and any logged data directly within the App.

### 6.4 Deletion (Right to be Forgotten)

You can permanently delete your account and all associated data by going to Profile → Settings → Delete Account. This action is irreversible.

### 6.5 Opt-Out of AI Features

You can disable AI meal plans and the AI Coach at any time in Settings. Your data will no longer be sent to OpenAI.

### 6.6 Revoke HealthKit / Oura Permissions

You can revoke HealthKit access at any time via iPhone Settings → Privacy & Security → Health → ShedPilot. You can disconnect Oura Ring within the App.

---

## 7. Children's Privacy

ShedPilot is not directed to children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with personal information, please contact us at privacy@shedpilot.com and we will delete it promptly.

---

## 8. Security

We implement industry-standard security measures to protect your data:

- Passwords are hashed with SHA-256 before storage

- Sensitive credentials are stored in iOS Keychain

- All data transmission uses HTTPS/TLS encryption

- Firebase security rules restrict data access to authenticated users only

- We do not store your full payment card details (handled by Apple / RevenueCat)

No method of transmission over the Internet is 100% secure. If you discover a security vulnerability, please report it to privacy@shedpilot.com.

---

## 9. California Privacy Rights (CCPA)

If you are a California resident, you have the right to:

- Know what personal information we collect, use, and share

- Request deletion of your personal information

- Opt out of the sale of personal information (we do not sell personal data)

- Non-discrimination for exercising your privacy rights

To exercise your California rights, contact: privacy@shedpilot.com

---

## 10. International Users

ShedPilot is operated from the United States. If you are located outside the US, your information may be transferred to and processed in the US. By using the App, you consent to this transfer.

---

## 11. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will:

- Update the "Last Updated" date at the top of this policy

- Notify you via in-app notification for material changes

Continued use of the App after changes constitutes acceptance of the updated policy.

---

## 12. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy, please contact:

**ShedPilot Privacy Team**

Email: privacy@shedpilot.com

Website: https://shedpilot.com/privacy

We aim to respond to all privacy inquiries within 5 business days.

---

*This Privacy Policy was drafted to comply with applicable US privacy laws including CCPA, Apple App Store guidelines, and HealthKit data use requirements.*

Copyright © 2026 ShedPilot - All Rights Reserved.

Powered by

  • Home
  • Plans & Pricing
  • How It Works
  • Resources
  • Contact Us
  • Terms and Conditions

This website uses cookies.

We use cookies to analyze website traffic and optimize your website experience. By accepting our use of cookies, your data will be aggregated with all other user data.

Accept