LogBone is a strength training and lifestyle logging application that uses an AI coach to give you data-grounded advice. This policy explains what personal data LogBone collects, why we process it, who we share it with, and the rights you have over your data. Written in plain language — questions to privacy@logbone.com.
The data controller is the entity operating LogBone at logbone.com. Contact: privacy@logbone.com. If you are in the EEA, UK, or California, you have additional rights described in §8–9.
Workout sessions, sets, exercises, RPE, notes, timestamps — everything you log.
If you grant access: sleep, heart rate, resting heart rate, HRV, body weight, body-fat %, active energy, total energy, steps, and exercise/workout sessions (the exact metrics vary slightly by platform). Reads are explicit and granular and we never write data back. Revoke anytime — on iOS in Settings → Privacy & Security → Health → LogBone; on Android in Health Connect → App permissions → LogBone.
Messages you send and the coach's replies, stored so the coach can recall context; the same content is sent in real time to Anthropic for inference (see §4).
API request metadata (endpoint, status, timestamp, IP in server logs); per-request AI token counts for daily budgeting. Google Firebase Analytics (aggregate usage/event measurement and a per-install app-instance identifier) and Google Firebase Crashlytics (crash diagnostics and stack traces) are active from launch. Google LLC (Firebase) is a sub-processor — see §4.3. If you enable notifications, your device's push token (APNs on iOS, Firebase Cloud Messaging / FCM on Android) is stored on our server to deliver reminders, the daily brief, and social alerts; disable anytime in OS notification settings or the in-app Notifications toggle.
We do not collect: location, contacts, calendar, your photo library as a whole (the Body-progress photo in §2.6 is uploaded transiently for a single analysis and then discarded — never stored on our servers — and the original is kept only on your device), microphone audio, or any data from accounts not signed in.
| Data | Purpose | Lawful basis |
|---|---|---|
| Account data | Authenticate, deliver the service | Contract |
| Training data, AI conversations | Provide the coach feature | Contract |
| Health data | Personalize the coach (opt-in) | Explicit consent (Art. 9) |
| Body-progress photo + results | Estimate body composition (opt-in, 18+) | Explicit consent (Art. 9) |
| Diagnostic logs | Operate, secure, debug | Legitimate interest |
| Token-usage budgeting | Prevent runaway costs | Legitimate interest |
We do not process data for advertising, sale, cross-context behavioral tracking, or profiling for marketing. Health data (incl. body-fat / definition derived from a Body-progress photo) is a special category under GDPR Art. 9, processed only with your explicit consent and only for the coach; body-progress additionally requires you to confirm you are 18+.
We use a small number of data processors under contract; we never sell data or share it with advertisers.
When you message the coach, we send your message, the current conversation, a structured context block (recent training + recovery aggregates if you opted into health data), and a fixed system prompt. Per Anthropic's commercial terms, API inputs/outputs are not used to train their models. Body-progress, meal, and equipment photos are uploaded to LogBone's server, which forwards them to Anthropic's vision API once for a single analysis and then discards them — processed in memory, never written to our database or persistent storage (and not used to train Anthropic's models). Only the text/numeric result is stored (for meal and equipment photos, even that is just returned to your device for you to confirm); rejected physique images are discarded with no result saved. US-based; EEA/UK transfers rely on Standard Contractual Clauses.
Health data lives on your device; we read only what you authorize and never use it for advertising or share it with data brokers.
The app embeds Firebase Analytics (aggregate usage/event measurement + a per-install app-instance identifier) and Firebase Crashlytics (crash diagnostics/stack traces); on Android it also uses Firebase Cloud Messaging (FCM) to deliver push notifications. Google LLC acts as a data sub-processor. Google receives aggregate usage, crash data, and the push token only — never your HealthKit / Health Connect or body-progress data — and none of it is used to serve ads inside LogBone. Firebase advertising-ID collection is disabled and no advertising identifier is used. US-based; EEA/UK transfers rely on Standard Contractual Clauses. See Firebase's data-handling terms.
Backend + database on DigitalOcean (US). Sub-processor; no application-level access.
We may disclose data when legally required, resisting overly broad requests and notifying users where permitted.
Account/training/AI-conversation data in a MySQL database on DigitalOcean (US). Tokens stored locally on-device (Keychain / EncryptedSharedPreferences), optionally biometric-gated. Health data stays on-device; we store only daily aggregates. Security: TLS 1.2+ everywhere, revocable Sanctum API tokens, bcrypt password hashing, per-user daily AI token budget, sub-processor security agreements.
| Data | Retention |
|---|---|
| Account / training / AI conversations / health aggregates | While active; deleted within 30 days of account deletion |
| Body-progress results (server) | While active or until you delete the entry; deleted within 30 days of account deletion |
| Body-progress / meal / equipment photos | Uploaded transiently for a single analysis, then discarded; never stored on our servers. Original kept only on your device, removed when you delete the entry or uninstall |
| Push token (APNs / FCM, server) | While notifications are enabled; removed when you disable push or delete your account |
| Crashlytics / Analytics (held by Google) | Per Google Firebase's retention defaults (§4.3) |
| API request logs | 90 days |
| Encrypted backups | Up to 30 days after deletion |
Access, portability (JSON export), rectification, erasure, restriction, objection, withdrawal of consent, and complaint to a supervisory authority — honored globally. Email privacy@logbone.com; we respond within 30 days, free of charge. California residents (CCPA/CPRA) have equivalent rights; we do not sell or share personal information for cross-context behavioral advertising.
EEA/UK data is transferred to the US (backend + Anthropic) under Standard Contractual Clauses (EU 2021/914).
Not intended for children under 13; we don't knowingly collect their data. Where parental consent is required (e.g. GDPR Art. 8 ages 13–16), LogBone is not currently available until the age of digital consent. The Body-progress photo feature (§2.6) is additionally gated to users 18+.
Delete in-app (Profile → Account → Delete account) or email "Delete my account" to privacy@logbone.com. We delete your user record, tokens, and any stored push token (APNs / FCM) immediately, and all training/AI/health/body-progress data within 30 days; backups roll off within 30 days.
No cookies; we do not sell your data or use it for cross-context behavioral advertising. The app does include Google Firebase Analytics (aggregate usage), and Firebase Crashlytics (crash diagnostics), both active from launch and processed by Google LLC as a sub-processor (§4.3) — never combined with HealthKit or body-progress data, never used to serve ads inside the app.
No cross-app tracking. LogBone does not use the device advertising identifier, does not track you across other companies' apps or websites, and shows no App Tracking Transparency prompt. Firebase Analytics and Crashlytics data is used only for first-party aggregate analytics and crash diagnostics, processed by Google as a sub-processor on a non-cross-app basis.
Install attribution (first-party). At first launch the app records campaign-level install attribution — Apple's first-party AdServices framework on iOS (Apple Search Ads campaign/keyword for installs from an ad click; organic installs return none) and the Google Play install referrer on Android — keyed by a random per-install identifier we generate, and stores it on our own servers. This is campaign-level only: no advertising identifier (IDFA), no ATT prompt, and no sharing with third parties for cross-app tracking. Where you are signed in it may be associated with your account to measure which channels drive sign-ups.
The AI coach generates suggestions — not legally significant decisions (GDPR Art. 22). It is not a medical, dietetic, or psychiatric diagnostic tool; do not rely on it for medical decisions.
Material changes are reflected here with a new effective date and communicated by email at least 14 days before taking effect.
Privacy: privacy@logbone.com · Security: security@logbone.com.