Privacy Policy
Last updated May 17, 2026
This Privacy Policy explains how Steadfast ("we," "us," or "our") collects, uses, and protects your information when you use the Steadfast iOS app ("the App"). By using the App, you agree to the practices described here.
1. Information We Collect
We collect only the information needed to provide the App's features:
- Account information — username, display name, and email address. Passwords are stored using one-way hashing and are never readable by us.
- Daily health logs — steps, water intake, calories, protein, and body weight.
- Progress photos — stored securely on Amazon Web Services (AWS S3).
- Workout data — session logs, exercises, sets, reps, cardio activities, drop sets, supersets, and workout templates (including optional video links).
- Food data — per-meal food entries and nutrition information you log. Barcode scans query the Open Food Facts product database to look up a product and are not stored.
- AI macros estimation — when you tap "Ask AI" in the Nutrition tab, the descriptions you type are sent to Anthropic's Claude API for macro estimation. Claude may also run a limited number of web searches (e.g. to look up macros for branded foods). Conversations are kept on our server to enforce per-user daily limits and accumulate anonymized usage statistics; we do not share them with third parties or use them for advertising.
- Custom goals and logs — any personal goals and tracking data you create.
- Partner connections — the usernames of any partners you choose to connect with, and any workout templates you choose to share with them.
- Messages — content sent between you and your connected partners, stored securely on AWS.
- Usage analytics — anonymous counts of feature usage (e.g. food searches, barcode scans) to help us improve the App. These events are not linked to identifiable personal data.
2. Connected Health Apps
Apple Health (HealthKit). With your permission, the App reads step count, completed workouts, and body weight from Apple Health to automatically populate your daily logs and goal progress. We do not write data to Apple Health, and HealthKit data is never shared with third parties or used for advertising. You can revoke this permission at any time in iOS Settings → Privacy & Security → Health.
Google Health (Fitbit, Pixel Watch, and other Google-connected devices). If you choose to connect your Google account in Settings → Connected Apps, the App reads daily step counts and body weight measurements from Google Health on your behalf, using OAuth — we never see or store your Google password. The data is used the same way as Apple Health data: to populate your daily logs and progress charts. We do not write any data back to Google Health, and we do not share it with third parties or use it for advertising. You can disconnect at any time from Settings → Connected Apps → Manage → Disconnect, which revokes our access at Google. You can also revoke access directly from your Google Account permissions page.
Oura. If you choose to connect your Oura account in Settings → Connected Apps, the App reads daily step counts from your Oura ring on your behalf, using OAuth — we never see or store your Oura password. The data is used the same way as Apple Health data: to populate your daily logs and progress charts. We do not write any data back to Oura, and we do not share it with third parties or use it for advertising. You can disconnect at any time from Settings → Connected Apps → Manage → Disconnect, which revokes our access at Oura. You can also revoke access directly from your Oura account settings.
Withings. If you choose to connect your Withings account in Settings → Connected Apps, the App reads body weight measurements from your Withings scale on your behalf, using OAuth — we never see or store your Withings password. The data is used the same way as Apple Health data: to populate your weight log and progress charts. We do not write any data back to Withings, and we do not share it with third parties or use it for advertising. You can disconnect at any time from Settings → Connected Apps → Manage → Disconnect, which revokes our access at Withings. You can also revoke access directly from your Withings account settings.
3. How We Use Your Information
Your information is used solely to operate the App:
- Display your daily logs, progress, and workout history
- Calculate streaks and goal progress
- Share agreed-upon daily stats and workout templates with your connected partners
- Send local push notifications you have configured (rest timers, streak reminders)
- Improve App features using anonymous usage analytics
We do not use your data for advertising, profiling, or any purpose beyond providing the App.
4. Information Sharing
We do not sell, rent, or trade your personal information. Data may be shared only in these limited circumstances:
- Partners — if you connect with a partner, they can see the daily stats you choose to share (steps, water, calories, protein, and weight) and any workout templates you send them. You control visibility in Settings.
- Service providers — we use Amazon Web Services to host the App's backend and store progress photos, and Anthropic to process AI macros estimation requests. These providers do not have independent access to your App data and are bound by their own privacy and security commitments.
- Legal requirements — we may disclose information if required by law or to protect the rights and safety of users.
5. Data Retention
We retain your data for as long as your account is active. You can delete your content or account at any time by going to Settings → Data → Delete Account Data or Delete Account. Deletion is irreversible and takes effect immediately.
6. Notifications
All notifications are scheduled locally on your device. No notification content is transmitted to our servers. You can manage or disable notifications in iOS Settings at any time.
7. Security
We use industry-standard measures to protect your data, including encrypted HTTPS connections, hashed passwords, and secure cloud storage. No method of transmission or storage is 100% secure, and we cannot guarantee absolute security.
8. Children's Privacy
Steadfast is not directed at children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, please contact us and we will delete it promptly.
9. Changes to This Policy
We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page. Continued use of the App after changes constitutes acceptance of the revised policy.
10. Contact Us
If you have any questions or concerns about this Privacy Policy, please contact us at: