Legal

Privacy Policy

Last updated: June 2, 2026

Exono is a health and fitness tracking application developed by Exono. This Privacy Policy explains what data we collect, why we collect it, and how we protect it. We are committed to full transparency — your health data belongs to you.

1. Who We Are

Exono operates the Exono mobile application (“App”). For questions about this policy, contact us at danailovd48@gmail.com.

This policy applies to all users of the Exono iOS and Android applications.

2. Data We Collect

We collect only what is necessary to provide the service. Here is a complete list:

Profile dataAge, gender, height, weight, goal, allergies, dietary preferences. Entered by you during onboarding.
Health & wearable dataHeart rate, HRV, resting heart rate, sleep stages, active calories, steps, recovery score, body temperature delta. Read from your connected wearable with your explicit permission.
Location dataGPS coordinates used to detect nearby restaurants and supermarkets (Menu Radar, Grocery Radar) and to fetch local weather for hydration targets. Location is never stored on our servers.
Camera & photosProgress photos (stored locally on your device only). Food photos for macro analysis (sent to our AI server, not retained after processing). Exercise photos for form analysis (processed and discarded).
Screen time dataManually entered screen time minutes (on-device only, never sent to our servers).
Supplement inventoryNames, doses, and stock of your supplements. Stored locally on your device.
Body weight logManually entered or synced from smart scales via Apple Health / Google Fit. Stored locally on your device.

3. How We Use Your Data

  • Generate personalised training and nutrition plans (Blueprint Engine)
  • Automatically adapt your workout intensity based on recovery signals (HRV, sleep quality)
  • Calculate your daily water intake target based on activity and local weather
  • Identify nearby restaurants and suggest meals that fit your remaining macros
  • Detect nearby supermarkets and surface current promotions for budget meal planning
  • Analyse food barcodes and photos to calculate macros and inflammatory scores
  • Analyse exercise form via camera and provide real-time audio corrections
  • Track supplement stock and alert you when you are running low
  • Monitor digital wellness patterns and provide CNS load scores

We do not use your data for advertising, profiling for third parties, or any purpose beyond delivering the features described above.

4. Where Your Data Lives

The vast majority of your data is stored locally on your device using encrypted on-device storage. This includes progress photos, body weight logs, supplement inventory, screen time data, and your health profile.

Data sent to our servers (Supabase, hosted in the EU — West Ireland):

  • AI prompts — anonymised text describing your goals and current metrics, sent to generate plans. No personally identifying information is included in these prompts.
  • Food photos for macro scanning — sent for AI vision analysis, immediately discarded after processing. Not stored.

5. Third-Party Services

Exono uses the following third-party services. Each has its own privacy policy:

Supabase

Backend infrastructure & AI proxy

Privacy policy →
Groq (Llama 3)

AI text & vision generation (anonymised prompts)

Privacy policy →
Open-Meteo

Weather data for hydration calculation (no account)

Privacy policy →
Open Food Facts

Food barcode database (open data)

Privacy policy →
USDA FoodData Central

Nutritional data (open government data)

Privacy policy →
Foursquare Places

Venue detection for Menu Radar

Privacy policy →
OpenStreetMap

Store detection for Grocery Radar (open data)

Privacy policy →
Apple HealthKit

Health data from Apple Watch (iOS only)

Privacy policy →
Google Fit / Health Connect

Health data from Android wearables

Privacy policy →
Whoop

Recovery and sleep data (if connected)

Privacy policy →
Firebase Cloud Messaging

Push notifications

Privacy policy →

6. Health Data — Special Protections

Health and biometric data receives the highest level of protection. Specifically:

  • Health data from wearables is read with your explicit OAuth permission and stored on-device only.
  • We never sell, lease, or share your health data with any third party.
  • AI prompts sent to Groq contain only abstract metrics (e.g. “HRV 52ms, sleep 6.5h”) — never your name, email, or any identifier.
  • You can disconnect any wearable at any time from within the app, which revokes our access immediately.
  • Progress photos are stored exclusively on your device. We do not have access to them.

7. Data Retention

On-device data is retained until you delete the app or manually clear it from within the app. Server-side AI request logs (if retained by Groq/Supabase) are subject to their respective retention policies, typically 30 days.

Wearable OAuth tokens are stored encrypted on your device and are automatically refreshed. Revoking access on the wearable platform immediately invalidates the token.

8. Your Rights (GDPR & CCPA)

Depending on your location, you have the following rights:

  • Access: Request a copy of any data we hold about you.
  • Correction: Update incorrect profile data directly in the app.
  • Deletion: Delete your account and all associated data. Contact us at danailovd48@gmail.com.
  • Portability: Export your data in a machine-readable format on request.
  • Withdraw consent: Disconnect wearables or revoke camera/location permissions at any time in your device settings.
  • Opt out of AI processing: You may request that your anonymised metrics no longer be sent to the AI generation service. Note that this will disable AI-powered features.

To exercise any right, email us at danailovd48@gmail.com. We respond within 30 days.

9. Children

Exono is not intended for users under the age of 16. We do not knowingly collect data from children. If you believe a child has provided data to us, contact us immediately.

10. Security

We apply industry-standard security measures including:

  • Encrypted on-device storage (iOS Keychain / Android Keystore) for OAuth tokens.
  • HTTPS/TLS for all data in transit.
  • Supabase Row Level Security (RLS) for all server-side data.
  • API keys and secrets stored in server-side environment only — never shipped in the app bundle.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the “Last updated” date at the top of this page and notify active users via push notification. Continued use of the app after changes constitutes acceptance of the updated policy.

12. Contact

Questions, requests, or concerns about this Privacy Policy:

Exono

Email: danailovd48@gmail.com

This policy was last reviewed and updated on June 2, 2026. It covers the Exono iOS and Android applications.