Privacy Policy

Last updated: April 12, 2026

This Privacy Policy explains what information LeanSteps ("we", "us") collects when you use our iOS application, how we collect it, how we use and share it, how long we keep it, and the choices you have — including how to revoke consent or request deletion. LeanSteps is designed to keep your health data on your device. We do not require you to create an account, and we do not store your health information on our servers.

Information We Collect and How We Collect It

Each item below lists the data, how it is collected, and every purpose we use it for.

  • Health and fitness data (step counts, weight, calorie intake, goals, and related timestamps): Step counts are read from Apple Health with your permission. Weight, calorie intake, and goals are entered by you. All of this data is stored locally on your device. It is used solely to display your tracking history, calculate progress toward your goals, and generate trends and insights within the app. We do not transmit this data to our servers for storage.
  • Food product information (barcode scans, product names, nutrition values): When you scan or look up a food, the request is sent to the public Open Food Facts API to retrieve the product record. We do not attach your identity to these requests. The result is stored locally with your food log.
  • AI coaching inputs (recent weight, steps, calories, and weight trend) — only if you opt in: If you enable AI coaching tips, the app sends a snapshot of these values over HTTPS to our server, which forwards them to OpenAI to generate a personalized tip. The tip is returned to your device. This feature is off by default and requires your explicit consent. You can turn it off at any time in Settings.
  • Subscription and purchase information: Subscriptions are handled entirely by Apple through StoreKit and the App Store. We receive a receipt that tells us whether your subscription is active. We do not receive your payment information, billing address, or Apple ID. Apple's privacy policy governs the payment data itself.
  • Device and diagnostic information: Basic technical information (such as iOS version and app version) and anonymous crash diagnostics may be collected by Apple through standard system frameworks to help us diagnose problems. We do not use this information to identify you.

LeanSteps does not require an account, does not collect your name, email address, phone number, or password, and does not track you across other apps or websites. We do not sell your personal information, and we never use your health data for advertising.

Apple Health Integration

With your permission, LeanSteps reads step count data from Apple HealthKit. The app requests read-only access — it does not write data back to Apple Health. Data obtained through HealthKit stays on your device, is never used for advertising or any other data-mining purposes, and is handled in accordance with Apple's HealthKit requirements. You can revoke HealthKit permissions at any time in iOS Settings › Health › Data Access & Devices › LeanSteps.

How We Share Information With Third Parties

Because your health data is stored on your device, we do not share a profile of you with anyone. The limited instances in which data leaves your device are:

  • OpenAI (only if AI coaching is enabled): The snapshot you consent to share is sent through our server to OpenAI so it can generate your coaching tip. Our agreement with OpenAI prohibits use of this data to train their models and does not retain it for training purposes. We require OpenAI to provide the same or equal protection of the data as stated in this Privacy Policy.
  • Open Food Facts: Product lookup requests are sent to the Open Food Facts public database to retrieve nutrition information. These requests do not include your identity.
  • Apple: HealthKit access, App Store purchases, and basic diagnostics are handled by Apple under Apple's privacy terms.
  • Our hosting provider: The server that proxies AI coaching requests is hosted with a cloud provider that processes the request on our behalf under a written agreement requiring it to protect the data with the same or equivalent safeguards described in this policy, and to use it only for operating the service.

All third parties with whom we share any data are contractually required to provide the same or equal protection of user data as stated in this Privacy Policy, to use the data only for the purposes we specify, and to implement appropriate security measures. They may not sell your data or use it for their own purposes. We may also disclose information if required by law, to enforce our Terms, or to protect the rights, safety, or property of our users or the public.

Data Retention

Your health tracking data lives on your device for as long as you keep LeanSteps installed. Because we do not store your health data on our servers, there is nothing for us to retain on your behalf. AI coaching requests are processed in memory to generate a response; we do not persist the request content after the response is returned, and server access logs that may contain request metadata are retained for no more than 30 days for security and troubleshooting purposes and then deleted. Residual copies may persist in encrypted backups for up to 90 days before being overwritten.

Your Choices: Revoking Consent and Requesting Deletion

You can exercise your privacy rights at any time:

  • Delete all your data: uninstalling LeanSteps from your device removes all health and tracking data stored by the app. There is no server-side profile to delete because we do not create one.
  • Turn off AI coaching: open the app's Settings screen and disable AI coaching tips. Once disabled, no further data is sent to our server or to OpenAI.
  • Revoke Apple Health access: open the iOS Settings app › Health › Data Access & Devices › LeanSteps and disable any categories you no longer wish to share.
  • Manage your subscription: subscriptions can be managed or cancelled in the App Store under your Apple ID › Subscriptions.
  • Email requests: you may email us at the address below to request deletion of any server-side logs associated with your device, to request a copy of any data we hold, or to withdraw any consent you previously provided. We will respond within 30 days. Withdrawing consent does not affect the lawfulness of processing that occurred before withdrawal.

Security

We use industry-standard safeguards to protect your information, including HTTPS encryption for all data sent to our server, access controls on our infrastructure, and Apple's platform-level protections for data stored on your device. No method of transmission or storage is 100% secure, but we work hard to protect your data and promptly address any incidents we become aware of.

Children's Privacy

LeanSteps is not intended for children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, please contact us and we will delete it.

Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date above and, where appropriate, notify you in the app. Your continued use of LeanSteps after changes take effect constitutes acceptance of the updated policy.

Contact Us

If you have questions about this Privacy Policy, or wish to exercise any of the rights described above, contact us at:

privacy@leansteps.app