Privacy Policy

Last updated: March 3, 2026

1. Introduction

At Mofilo ("we", "our", or "us"), your privacy is our top priority. This Privacy Policy explains in simple terms how we handle your personal information when you use our fitness tracking app and website (mofilo.app).

Our Core Privacy Commitments to You:

  • We will never share or sell your data. Your personal information, including any exercises, food entries, or workout routines you create, will never be shared with others or sold to third parties.
  • You have control of your data. At any time, you can change, update, or remove your data. You always have the option to delete your account. Note: If you signed up with Apple or Google, your email address is tied to those accounts and can only be changed by updating your Apple or Google account directly.
  • Permanent deletion means permanent. If you choose to delete your account, your data is permanently removed with zero retrieval options. Once deleted, it cannot be recovered.

2. How We Protect Your Data

Mofilo does not sell or share user data with third parties. Workout data, nutrition logs, measurements, and personal information remain private to each user.

Sensitive data stored on your phone is kept in a secure, encrypted location built into your device by Apple or Google. All data sent between the app and our servers is encrypted. Passwords and credentials for third-party services are stored securely on our servers, not in the app.

Users can only access their own data. Other users cannot see your information.

When a user deletes their account, all associated data is permanently removed from our servers. This includes workouts, nutrition logs, measurements, goals, and any other stored information.

3. Information We Collect

3.1 Personal Data

When you create an account, we collect the following basic information:

  • Name
  • Email address
  • Gender
  • Height
  • Weight
  • Motivational reasons for your goals (e.g., "Why are you doing this?")
  • Authentication information when using sign-in with Apple or Google
  • Device identifiers for analytics and attribution purposes (such as Google Advertising ID or Apple IDFA, only when you have granted permission)

3.2 Data Collected During App Usage

As you use our app to track your fitness journey, we collect the following information:

Body & Weight Tracking:

  • Weight tracking over time
  • Body measurements (Neck, Shoulders, Chest, Biceps, Forearms, Wrists, Waist, Hips, Glutes, Thighs, Calves, Ankles, Abs)

Nutrition Tracking:

  • Food intake: Calories, macronutrients (protein, carbs, fats), micronutrients (vitamins, minerals, fiber)
  • Water intake
  • Macro check-ins: maintenance calories, calorie adjustments, and check-in dates

Workout Tracking:

  • Weight training: exercises, weight, and reps
  • Cardio training: distance, time, and calories burned
  • Workout routines and templates: pre-saved exercise combinations and custom workout plans you create

App Settings & Preferences:

  • Health app integration settings (Apple Health/Google Health Connect)
  • Unit preferences (metric/imperial for weight, distance, water)
  • Time preferences and calorie tracking preferences
  • App theme preferences

3.3 Technical Information

We collect minimal technical information to help us improve our Services and tailor the app to your device:

  • Time zone preference
  • Date and time of app usage
  • General geographic region
  • Device type (iOS or Android)

3.4 Email and Mobile App Notifications

Email Communications: We collect your email address when you create an account with our mobile app or sign up for our newsletter or waitlist. We may use your email address to send you service-related notices, product updates, and marketing communications (such as promotions, educational content, and giveaways). Where required by applicable law (for example, in the EEA, UK, Switzerland, or Canada), we will only send marketing emails after obtaining your explicit consent. In all cases, you can opt out of marketing emails at any time using the unsubscribe link in any email.

To opt out of email communications, simply click the unsubscribe button at the bottom of any email we send you. This will allow you to choose which types of emails you no longer wish to receive.

Mobile App Notifications: Push notifications are enabled during the app onboarding process when you're asked if you'd like to turn on mobile app notifications to receive workout and food log reminders and motivation.

To disable notifications, you can:

  • Go to your phone's settings, select our app, and disable notifications
  • Go to the profile settings page in our app, find the Notification section, and disable notifications from there

3.5 Health App Integration Data

When you enable Apple Health or Google Health Connect integration, we collect and sync the following health data:

  • Heart rate
  • Distance and walking data
  • Calories
  • Macronutrients (protein, carbs, fats)
  • Micronutrients (vitamins, minerals, fiber)
  • Water intake
  • Steps
  • Workouts
  • Weight
  • Sleep data

4. How We Use Your Information

4.1 Personal Data Usage

We use your personal data collected during account setup for the following purposes:

  • User identification: To identify and authenticate your account
  • Personalized recommendations: Using the Mifflin formula with your height, weight, gender, and age to calculate your starting calories and macros
  • Motivation and goal setting: Using your motivational reasons to personalize content for each fitness goal ("Chapter") you start
  • Secure authentication: To enable secure login through Apple or Google sign-in services

4.2 App Usage Data

We use the information you track in the app to provide personalized fitness guidance:

  • Progress tracking: To help you see trends and patterns in your weight, body measurements, training performance, food intake, and nutrient consumption
  • Calorie adjustments: Using your food intake and weight logs to help adjust your calorie intake based on your specific goals and selected rate of progress
  • Workout efficiency: Storing your custom workout routines and templates to save your workouts and load them faster when you want to start a workout session
  • Personalized experience: Using your preferences to tailor the app's units, time settings, theme, and features to your liking

4.3 Health App Integration Data

When you enable Apple Health or Google Health Connect integration, we use this data to create a seamless health tracking experience:

  • Bi-directional sync: We read existing health data from your device and write new data you log in our app (food, weight, workouts) back to your health apps
  • Smart calorie calculations: We combine your heart rate, distance data, personal information, and macro check-ins to provide accurate estimates of calories burned from daily steps
  • Comprehensive activity tracking: We display your daily steps, distance walked, and estimated calories burned to give you a complete picture of your daily activity
  • Unified health data: We synchronize all your health metrics (sleep, workouts, nutrition) to ensure consistency across all your health apps
  • No advertising, analytics, or third-party sharing: We do not use HealthKit/Health Connect data for advertising. We do not include this data in analytics or session replay tools. We do not share HealthKit or Health Connect data with any third parties, including analytics providers, advertising networks, or data brokers.

Permission control: You can revoke Apple Health permissions in the iOS Health app (Privacy & Security → Apps → Mofilo) and Health Connect permissions on Android (Settings → Health Connect → Connected apps). Revoking permissions stops future sync; data in third‑party platforms remains subject to those platforms’ policies.

4.4 Technical Information

We use technical information to ensure the app works properly for you:

  • Accurate data display: To make sure we display the correct date, time, and regional information based on your location and device
  • App optimization: To optimize the app's performance for your specific device type (iOS or Android)

5. Third-Party Services and Data Processing

We use the following third-party services for software operation, including authentication, database features implementation, improvements, and customer support:

  • Google Cloud
  • AWS (Amazon Web Services)
  • Firebase
  • Apple Health & Google Health Connect
  • Aidbase
  • Microsoft Clarity
  • Paddle.com Market Ltd (payment processing for web subscriptions)

These services process your data only as necessary to provide our app's functionality. We do not transmit HealthKit/Health Connect data to analytics or session replay providers. Each third-party service has its own privacy policy governing how they handle your data. We encourage you to review their respective privacy policies for more information.

5.1 Microsoft Clarity (Website Analytics)

We use Microsoft Clarity on our website (mofilo.app) to understand how visitors interact with our site. Clarity is a user behavior analytics tool that helps us improve our website experience through:

  • Session recordings: Clarity may record anonymized replays of user sessions, including mouse movements, clicks, and scrolling behavior
  • Heatmaps: Aggregated visualizations showing where users click and scroll on our pages
  • Analytics data: General usage statistics such as page views, session duration, and device information

Important privacy protections:

  • Clarity automatically masks sensitive content such as form inputs and personal information
  • We do not use Clarity to process any sensitive personal data, protected health information, or data from minors
  • No HealthKit, Health Connect, or mobile app health data is sent to Clarity
  • Clarity is only used on our website, not within the Mofilo mobile app

Microsoft Clarity operates under Microsoft's privacy practices. For more information, please review the Microsoft Privacy Statement and Clarity data collection documentation.

5.2 Paddle (Payment Processing)

When you purchase a subscription through our website, Paddle.com Market Ltd acts as the Merchant of Record. Paddle processes your payment information, manages billing, handles sales tax/VAT, and may process refunds. Paddle acts as an independent data controller for payment-related data processing. When you make a web purchase, Paddle collects your name, email, payment details, billing address, and IP address directly. Please review Paddle's Privacy Policy and Paddle's Buyer Terms for details on how Paddle handles your data.

6. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, we are required to have a legal basis for processing your personal data. We rely on the following legal bases:

  • Performance of contract (Art. 6(1)(b)): Account creation, providing fitness tracking services, subscription management, and customer support — processing is necessary to deliver the services you signed up for.
  • Consent (Art. 6(1)(a)): Marketing emails, push notifications, cookies and website analytics tracking (Microsoft Clarity, Google Analytics). You can withdraw consent at any time.
  • Explicit consent for health data (Art. 9(2)(a)): Certain data we collect — such as weight, body measurements, heart rate, sleep, and nutrition data — constitutes health data under GDPR. We process this data based on your explicit consent, which you provide when you create your account and enable these features. You may withdraw consent at any time by deleting specific data or your account, without affecting the lawfulness of processing before withdrawal.
  • Legitimate interest (Art. 6(1)(f)): Security and fraud prevention, service improvement, diagnostics and crash reporting. Our legitimate interest is ensuring the security and proper functioning of our services, and we have assessed that this interest is not overridden by your data protection rights.
  • Legal obligation (Art. 6(1)(c)): Tax record retention, responding to legal requests, and regulatory compliance.

7. Your Privacy Rights

You have control over your personal information. You can exercise these rights directly in our app:

  • Access your data: View all your personal information directly in the app
  • Correct your data: Edit and update any incorrect or incomplete information in your profile and settings
  • Delete your data: Delete your account and all associated data using the account deletion feature in app settings
  • Control data use: Manage your preferences, notifications, and health app integrations in your app settings

7.1 Additional Rights for EEA/UK/Swiss Residents

If you are located in the EEA, UK, or Switzerland, you also have the following rights under GDPR:

  • Right to restrict processing (Art. 18): Request restriction of processing in certain circumstances
  • Right to data portability (Art. 20): Receive your data in a structured, commonly used, machine-readable format
  • Right to object (Art. 21): Object to processing based on legitimate interest, including direct marketing
  • Right to withdraw consent: Where processing is based on consent, withdraw at any time without affecting the lawfulness of prior processing
  • Right to lodge a complaint: Lodge a complaint with your local data protection supervisory authority. A list of EEA supervisory authorities is available at edpb.europa.eu. UK residents may contact the Information Commissioner's Office (ICO).

To exercise any of these rights, contact us at support@mofilo.app. We will respond within 30 days (or such shorter period as required by applicable law).

7.2 US State Privacy Rights

If you are a resident of California, Virginia, Colorado, Connecticut, or another US state with applicable privacy legislation:

  • We do not sell or share your personal information as defined under the CCPA/CPRA or any other US state privacy law.
  • Right to know: You may request what personal information we have collected about you.
  • Right to delete: You may request deletion of your personal information.
  • Right to correct: You may request correction of inaccurate personal information.
  • Right to non-discrimination: We will not discriminate against you for exercising your privacy rights.

To exercise these rights, contact us at support@mofilo.app. We will verify your identity before fulfilling your request.

8. International Data Transfers

Mofilo LLC is based in the United States. When you use our Services, your personal data is transferred to and processed in the United States and may be stored on servers located outside your country of residence.

If you are located in the EEA, UK, or Switzerland, we protect your data during international transfers using the following safeguards:

  • EU-US Data Privacy Framework: Where our processors are certified under the EU-US Data Privacy Framework.
  • Standard Contractual Clauses (SCCs): For transfers to processors not covered by an adequacy decision, we rely on European Commission-approved Standard Contractual Clauses.
  • UK International Data Transfer Addendum: For transfers from the UK, we use the UK addendum to the SCCs as approved by the ICO.

You may request a copy of the relevant transfer safeguards by contacting support@mofilo.app.

9. Data Retention and Account Deletion

We retain your personal data only for as long as necessary to provide our Services, fulfill the purposes described in this Privacy Policy, and comply with legal obligations.

9.1 Retention Periods

  • Account data (name, email, profile info): Duration of your active account
  • Fitness and nutrition data (workouts, food logs, body measurements): Duration of your active account
  • Health app integration data (HealthKit/Health Connect synced data): Duration of your active account
  • Analytics data (Google Analytics, Firebase Crashlytics): Up to 26 months
  • Payment and transaction records (Paddle web purchases): Retained by Paddle as Merchant of Record per applicable tax law (typically 7 years)
  • Support communications: 2 years from resolution
  • Marketing consent records: Duration of account plus 3 years for record-keeping

9.2 Account Deletion

How to delete your account: Log into the app, go to Profile Settings, and choose "Delete Account." If you cannot access the app, you can also request deletion at /delete-mobile-account or by emailing support@mofilo.app.

  • Active systems: Personal data is removed from active systems within 1–7 days after confirmed deletion.
  • Backups and caches: We do not maintain long-term backups of personal data. Temporary system caches or logs may persist briefly and are overwritten in the normal course of operations.
  • Limited retention: We may retain minimal data where required by law or for legitimate purposes such as security and fraud prevention, and will delete it when no longer needed.

10. Automated Decision-Making

We use automated calculations (such as the Mifflin-St Jeor formula) to estimate your calorie needs and macronutrient targets based on the personal data you provide (height, weight, age, gender, activity level). These calculations provide informational guidance only and do not produce legal or similarly significant effects. You can override any automated recommendation by manually adjusting your targets in the app settings.

11. Cookies and Tracking Technologies

Our website (mofilo.app) uses cookies and similar tracking technologies through Microsoft Clarity and Google Analytics. These are used to analyze website usage and improve the user experience. Our mobile app does not use cookies.

For visitors in the EEA, UK, and other jurisdictions that require cookie consent, we will obtain your consent before placing non-essential cookies. You can manage your cookie preferences through the cookie consent banner displayed on our website.

For more information about Microsoft Clarity's data collection, see Section 5.1 above. For Google Analytics, see the Google Privacy Policy.

12. Data Security and Breach Notification

We implement appropriate technical and organizational security measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. All data transmitted between the app and our servers is encrypted in transit (TLS). Sensitive data stored on your device is kept in secure, encrypted storage provided by Apple (Keychain) or Google (Keystore).

In the event of a data breach that is likely to result in a high risk to your rights and freedoms, we will notify affected users without undue delay, in accordance with applicable law. We will also notify the relevant supervisory authority within 72 hours of becoming aware of a qualifying breach, as required by GDPR.

13. Age Requirements

Our app is exclusively for users 18 years of age and older. We actively prevent account creation for anyone under 18 by requiring date of birth verification during signup.

Age Verification: When you create an account, you must provide your date of birth. Users under 18 will be automatically prevented from creating an account.

By using our app, you confirm you are at least 18 years old. We do not knowingly collect personal information from anyone under 18. If we become aware that we have collected personal data from a person under 18, we will take steps to delete that information promptly. If you believe someone under 18 has provided us with personal data, please contact us at support@mofilo.app.

14. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by updating the "Last updated" date at the top of this page and, where required by applicable law, by providing additional notice (such as in-app notification or email). Your continued use of our Services after the updated policy is posted constitutes your acceptance of the changes. If you do not agree with the updated policy, you should stop using the Services and delete your account.

15. Data Controller

The data controller responsible for your personal data is:

Mofilo LLC
1309 Coffeen Ave STE 1200
Sheridan, WY 82801
United States
Email: support@mofilo.app

16. Contact Us

If you have any questions about this Privacy Policy, concerns about how we process your personal data, or requests related to your data protection rights, please contact us at:

support@mofilo.app

Mofilo LLC
1309 Coffeen Ave STE 1200
Sheridan, WY 82801
United States