Draft. This Privacy Policy is a working draft pending legal review. It describes our intended data practices; the final policy may differ.
Privacy Policy
Last updated: May 27, 2026
1. Overview
CelebBase Wellness is a health & fitness app. We collect only what we need to run the Service and personalize your meal plans. We do not sell your data, and we do not use it for advertising or cross-app tracking.
2. Information We Collect
- Account & identifiers: your email address and an internal account identifier (authentication is handled by AWS Cognito; passwords are never stored by us).
- Health & fitness (for personalization): allergies, intolerances, activity level, basic body metrics (e.g. height, weight, birth year, sex), and any daily logs you choose to record. Provided only if you choose the personalized path.
- Purchases: your subscription tier and status, mirrored from the Apple App Store / Google Play (via RevenueCat). We never receive your card details.
- Diagnostics: crash and error events to keep the app stable. These are scrubbed of personal and health information before they leave the app.
3. Sensitive Health Data
Fields such as biomarkers, medical conditions, and medications are treated as sensitive and encrypted with AES-256 at rest. In the current release these are largely not collected (an optional GLP-1 indicator is the only medication signal); the rest of the schema is reserved for future, explicitly opt-in features.
4. How We Use Your Information
We use your information solely to provide app functionality — generating personalized meal plans, operating your account, and maintaining the Service. We do not use it for advertising, and we do not track you across other apps or websites.
5. Third-Party Services
- AWS Cognito — authentication (email/social sign-in).
- Apple App Store / Google Play / RevenueCat — subscription processing.
- Sentry — crash and error diagnostics (personal/health data redacted).
We do not share your personal data with data brokers.
6. Data Retention & Deletion
You can delete your account at any time in the app (Settings → Delete account). Deletion blocks sign-in immediately and starts a 30-day grace period during which you may restore the account by signing back in. After the grace period your personal data is permanently deleted. Limited records required for legal, security, or financial-audit purposes (e.g. access-audit logs) are retained as required by law.
7. Security
Data is encrypted in transit (TLS) and sensitive health fields are encrypted at rest (AES-256). Access to health data is minimized and audited.
8. Your Rights
You may access, correct, or delete your personal information. Account deletion is available in-app; for other requests, contact us.
9. Children
The Service is not directed to, and is not intended for, individuals under 18.
10. Contact
Questions about this policy? Email support@celebase.app.