Privacy Policy

Amanecer is a personal training and nutrition planning app. This policy describes what we collect, how we use it, who we share it with, and what choices you have. It applies to amanacer.ai and the Amanecer iOS app.

• Account data: email, name, password hash (or Google sign-in identifier), and two-factor secret if enabled.
• Health profile: date of birth, sex, height, weight, primary sport, injuries, medical notes, goals, and equipment availability — all entered by you during onboarding or profile editing.
• Wearable + Apple Health data: if you connect Apple Health, Garmin, Oura, Whoop, or Vital, we read training sessions, heart-rate variability, resting heart rate, sleep, steps, body-mass, and VO2 max signals to personalize your plan. We never write to your Health database except for hydration logs you create in-app.
• Blood work + medical documents: if you upload a lab PDF or photo, we extract marker values via an AI vision model and store both the extracted markers and the original file.
• Plan history + feedback: your generated weekly plans, the meals you swap, the days you mark as completed or skipped, and any free-text feedback you leave on the plan.

• Generate your plan. Your profile, recent wearable data, and feedback are sent to Anthropic's Claude API to produce your weekly training + nutrition plan. We use prompt caching to minimize cost and exposure.
• Run the app. Data is stored in Cloudflare D1 (our SQLite database) and Cloudflare R2 (file storage). Both run on Cloudflare's infrastructure.
• Aggregate diagnostics. Crash reports and basic telemetry (no health data) help us fix bugs.

We do not sell your data, share it with advertisers, or use it to train AI models for any party other than generating your own plan.

• Cloudflare — hosting, database, object storage.
• Anthropic — Claude API for plan generation and chat. Anthropic does not train on customer API data.
• Better Auth (open-source library running on our servers) — authentication and 2FA.
• Stripe — payments for paid plans. Card data never touches our servers; Stripe handles it directly.
• Google Sign-In — if you choose Google as your sign-in method, Google handles the OAuth handshake.
• Garmin, Oura, Whoop, Vital — only when you connect them; each holds and grants access under its own privacy policy.

• Disconnect a wearable at any time from Profile → Connections. We retain previously synced summaries until you delete your account; we stop pulling new data immediately.
• Revoke Apple Health permissions from iOS Settings → Privacy & Security → Health.
• Delete your account by emailing kyleaoconnell22@gmail.com. We remove your profile, wearable summaries, blood work, documents, plans, and account from our active systems within 30 days. Backups roll off within 90 days.
• Request a copy of your data via the same email.

Amanecer is not directed to children under 13 (or under 16 in the EU) and we do not knowingly collect their data. If you believe a child has provided us data, email us and we will delete it.

Data is encrypted in transit via TLS and at rest on Cloudflare and Anthropic infrastructure. Passwords are hashed; we never see your plaintext password. We follow OWASP guidance for the API surface and rate-limit sensitive endpoints. No system is perfectly secure; we'll notify affected users within 72 hours if we learn of a breach involving their data.

Questions, deletion requests, or anything else: kyleaoconnell22@gmail.com.