NovaLife Privacy Policy

Effective date: July 5, 2026
Contact: [email protected]

NovaLife is a health and lifestyle tracking app. This policy explains, in plain language, what data the app handles, where it lives, what leaves your phone, and the controls you have.

The short version: almost everything you log stays on your phone, encrypted. The few things that leave it are listed below, with why.

1. What stays on your phone

The following is stored only on your device, in a local database encrypted with SQLCipher (the encryption key is held in your phone's secure keystore):

The Coach AI (an optional download of roughly 550 MB in Settings) runs entirely on your device. Your health data is never sent anywhere for coaching, guidance, or chat. Coaching numbers are computed locally; the model only rewords them, on the phone.

2. What leaves your phone, and why

DataWhere it goesWhyStored there?
Email address (and password hash, or your Google account ID if you sign in with Google)Supabase (our backend provider)Creating and signing in to your accountYes, until you delete your account
Progress photosSupabase Storage (private bucket; only your account can access them)So your photos survive a lost phone and sync across devicesYes, until you delete the photo or your account
Meal photos (only when you use "Log meal from photo")Our server function, which forwards the photo to Anthropic's Claude API for analysisTo identify foods and estimate portions in the photoNo. The photo is analyzed and discarded; it is not stored by us. You are asked for consent before the first use, and nutrition numbers always come from a food database, not the AI
Food search text (what you type, or a scanned barcode)USDA FoodData Central and Open Food FactsTo look up nutrition dataQueries are not linked to your account by us
Crash reports (device model, OS version, stack trace)Firebase Crashlytics (Google)To find and fix crashesYes, retained per Google's Crashlytics policy. Crash reports contain no health values and no log content
Push notification tokenFirebase Cloud Messaging (Google)Reminders you schedule (meals, water, workouts, weekly summary)Yes, while the app is installed
Mood & journal entries (only if you opt in)Supabase, under your accountBackup/restore you explicitly requestedYes, until you opt out or delete your account

We do not sell your data, use it for advertising, or share it with data brokers. We log no analytics events: no screen tracking, no behavioral profiles.

3. AI features, spelled out

4. Health Connect

With your permission, NovaLife reads steps, heart rate, active calories, and sleep from Google Health Connect, and writes back workouts, water, weight, and active calories you log. Health Connect data is displayed in the app and stored only in the encrypted local database.

Per Google's Health Connect policy: we use this data solely to provide the app's tracking features. We do not use Health Connect data for advertising, do not sell it, and do not share it with third parties. You can revoke access at any time in the Health Connect app, and the app keeps working without it.

5. Permissions the app asks for

Camera (barcode scanning, meal photos, progress photos), location (live run/walk tracking only; stored on-device), calendar (showing and adding your planned workouts/meals, with permission), notifications (reminders you set), and Health Connect (section 4). Each is optional; the app functions without any of them.

6. Your controls

7. Security

Local data is encrypted at rest (SQLCipher, key in the platform keystore). All network traffic uses TLS. Server data is protected by row-level security so each account can only access its own rows and photos.

8. Children

NovaLife is not directed at children under 13 (or the equivalent minimum age in your region) and we do not knowingly collect data from them.

9. Retention

Local data stays until you delete it or the app. Server data (account, photos, opted-in backups) stays until you delete your account. Crash reports are retained according to Google's Crashlytics retention policy (90 days as of this writing).

10. Changes

We will update this policy as the app changes (for example, if cloud sync of fitness logs ships, this policy will be updated first; as of this writing, fitness logs are not synced to our servers). Material changes will be announced in the app.

11. Contact

Questions or privacy requests: [email protected].