🔒 Privacy Policy
Last updated: January 2026
Welcome to Ultimate Fasting App (“App”, “we”, “us”, or “our”). Your privacy is critically important to us.
This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application.
By using the App, you consent to the data practices described in this Privacy Policy. If you do not agree with this policy,
please do not use the App.
1. Information We Collect
1.1 Personal Information You Provide
When you use our App, we may collect the following personal information:
- Account Information: When you sign in with Google, we collect your email address, display name, and profile picture from your Google account
- User Profile Data: Gender, age, fasting goals, dietary preferences, and timezone settings
- Fasting Records: Start/end times, duration, fasting protocol, notes, and completion status
- Weight Tracking: Weight measurements with dates and optional notes (notes are stored locally only and never synced to the cloud)
- Mood & Energy Data: Energy levels, hunger levels, mood ratings, and timestamps
- Preferences: Language, theme, notification settings, quiet hours, and app customization preferences
1.2 Health Data (Optional)
With your explicit permission, we may access health data through Android Health Connect:
- Steps taken
- Weight measurements
- Heart rate data
- Sleep duration and times
- Active and total calories burned
Important:
- Health data integration is entirely optional and requires your explicit consent
- You control which health data permissions to grant through Android Health Connect settings
- Health data is used only to enhance your fasting experience with personalized insights
- We do not share health data with third parties except as described in this policy
1.3 Automatically Collected Information
We automatically collect certain information when you use the App:
- Usage Data: Screens viewed, features used, buttons clicked, and interaction patterns
- Device Information: Device type, operating system version, app version, language settings
- Analytics Data: Session duration, feature usage frequency, achievement unlocks
- Crash Reports: Error logs and stack traces when the app crashes
- Authentication Tokens: Encrypted tokens for maintaining your signed-in session
1.4 Leaderboard Data (Optional Opt-In)
If you choose to join the leaderboard feature:
- Display name and profile picture (publicly visible)
- Fasting statistics (longest fast, total fasting hours, number of fasts)
- Leaderboard rank and position
- Weekly and monthly leaderboard performance
Important: Leaderboard participation is entirely optional. You must explicitly opt-in, and your data will only be publicly shared if you choose to participate.
2. How We Use Your Information
2.1 App Functionality
- Provide core fasting tracking and timer features
- Store and display your fasting history and statistics
- Track weight progress and calculate BMI
- Generate weekly and monthly reports
- Sync your data across devices (when you choose to enable cloud sync)
- Manage your account and authentication
2.2 Personalization
- Customize AI coach messages based on your preferences and fasting patterns
- Provide meal suggestions tailored to your dietary preferences
- Display personalized insights and recommendations
- Show relevant achievements and badges
- Adapt notifications to your schedule and quiet hours
2.3 Analytics & Improvement
- Understand how users interact with the App
- Identify and fix bugs and crashes
- Improve existing features and develop new ones
- Analyze usage patterns to enhance user experience
- Monitor app performance and stability
2.4 Communication
- Send fasting reminders and motivational notifications
- Alert you about phase transitions during fasting
- Notify you of achievements and milestones
- Provide important app updates and announcements
2.5 Subscription Management
- Process and validate in-app purchases
- Manage Pro subscription access and entitlements
- Provide customer support for billing issues
- Prevent subscription fraud and abuse
3. Third-Party Services & Data Sharing
We use trusted third-party services to operate and improve the App. These services may collect and process your information on our behalf:
3.1 Firebase (Google)
Services Used:
- Firebase Authentication: Manages user sign-in and account security
- Cloud Firestore: Stores fasting data when you enable cloud sync
- Firebase Analytics: Tracks anonymized usage patterns and app interactions
- Firebase Crashlytics: Collects crash reports and error diagnostics
Data Shared with Firebase:
- User ID and authentication tokens
- Fasting records (when cloud sync is enabled)
- Leaderboard data (when you opt-in to leaderboards)
- Analytics events and user properties
- Crash logs and error reports
Important:
- Weight record notes are NEVER synced to Firebase – they remain stored locally on your device only
- Firebase Analytics data is anonymized and aggregated
- You can disable analytics in app settings at any time
- Google processes this data according to Google’s Privacy Policy
3.2 RevenueCat
Purpose: Manages in-app purchases and subscription validation
Data Shared:
- Purchase receipts and transaction IDs
- Subscription status and entitlements
- Device identifiers for subscription validation
- User ID for linking purchases to your account
Important: We do not process or store payment information ourselves. All payment processing is handled securely by Google Play Store or Apple App Store.
3.3 Google Play Services / Apple App Store
Purpose: Process payments for subscriptions and in-app purchases
Data Shared:
- Payment information (credit card, billing address, etc.)
- Purchase history and transaction records
- Subscription management and renewal information
Important: Payment data is processed directly by Google/Apple according to their respective privacy policies. We never have access to your full payment details.
3.4 Health Connect (Android)
Purpose: Read and sync health data with your permission
Data Accessed:
- Steps, weight, heart rate, sleep, calories (only with your explicit permission)
Important:
- Health data never leaves your device unless you manually choose to sync it
- We do not share health data with third parties
- You can revoke Health Connect permissions at any time through Android settings
4. Data Storage & Retention
4.1 Local Storage
- Fasting records, weight data, and notes are stored in an encrypted SQLite database on your device
- User preferences and settings are stored locally using SharedPreferences
- Subscription cache is stored in encrypted secure storage
- All local data remains on your device unless you choose to enable cloud sync
4.2 Cloud Storage
- When you enable cloud sync, fasting data is stored in Google Cloud Firestore
- Leaderboard data is stored in Firestore when you opt-in to leaderboards
- Cloud data is retained until you delete your account or manually delete records
- Weight record notes are NEVER synced to the cloud
4.3 Data Retention Periods
We retain your personal data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy. Specific retention periods are as follows:
| Data Type | Retention Period | Justification |
|---|---|---|
| Fasting records | Until you delete them or your account | Core app functionality |
| Weight measurements | Until you delete them or your account | Core app functionality |
| Weight record notes | Stored locally only, never synced | Privacy protection |
| Account information (email, profile) | Until account deletion | Account management |
| User preferences | Until account deletion | App functionality |
| Leaderboard data | While you participate, removed upon opt-out | Leaderboard feature |
| Analytics data | 14 months (anonymized) | Firebase default retention |
| Crash logs | 90 days | Debugging and improvement |
| Subscription records | 7 years | Tax and legal requirements (Bulgaria/EU) |
| Deleted account data | 30 days (then permanently deleted) | Recovery period |
| Authentication tokens | Until logout or token expiration | Security |
Your Rights:
- You can delete individual records at any time through the App
- You can request early deletion of any data by contacting support
- Account deletion triggers immediate deletion of most data, with complete removal within 30 days
- Subscription records may be retained longer due to legal obligations
5. Data Security
We implement industry-standard security measures to protect your information:
- Encryption: All data transmitted between your device and our servers uses TLS/SSL encryption
- Secure Authentication: Google Sign-In with OAuth 2.0 authentication
- Database Security: Cloud Firestore security rules restrict data access to authorized users only
- Local Encryption: Sensitive data stored on your device is encrypted
- Subscription Validation: Server-side receipt validation prevents fraud
- Access Controls: Strict access controls limit who can access backend systems
Important: While we implement strong security measures, no method of transmission or storage is 100% secure. Please use caution when sharing sensitive information.
6. Your Privacy Rights & Choices
6.1 Access & Control
- View Your Data: Access all your fasting records, weight data, and settings within the App
- Export Your Data: Export all app data as JSON files for backup or migration
- Delete Records: Delete individual fasting or weight records at any time
- Account Deletion: Delete your entire account and all associated data through Settings
6.2 Analytics & Tracking
- Disable Analytics: Turn off Firebase Analytics in Settings → Privacy → Analytics
- Opt-Out of Leaderboards: Leave the leaderboard at any time to stop sharing your data publicly
- Control Notifications: Manage notification preferences and quiet hours in Settings
6.3 Cloud Sync
- Manual Sync Only: We never automatically sync your data without your permission
- Disable Cloud Sync: Choose to keep all data local and never sync to the cloud
- Delete Cloud Data: Remove all synced data from Firestore while keeping local data
6.4 Health Data
- Revoke Permissions: Revoke Health Connect permissions through Android system settings
- Control Access: Choose which health data types to share with the App
6.5 Data Portability
- Export Data: Download your complete data archive as JSON
- Backup & Restore: Create backups and restore them on other devices
- Share Backups: Export backups through email, cloud storage, or other apps
6.6 Your Legal Rights (GDPR & CCPA)
If you are in the European Economic Area (EEA) or California, you have additional rights:
- Right to Access: Request a copy of all personal data we hold about you
- Right to Rectification: Correct inaccurate or incomplete data
- Right to Erasure: Request deletion of your personal data
- Right to Restrict Processing: Limit how we use your data
- Right to Data Portability: Receive your data in a machine-readable format
- Right to Object: Object to certain types of data processing
- Right to Withdraw Consent: Withdraw consent for data processing at any time
To exercise these rights, please contact us through the Support section in the App or email us at support@ultimate-fasting.app.
7. Children’s Privacy
The App is not intended for children under 18 years of age. We do not knowingly collect personal information from children.
Fasting is not appropriate for children, and minors should not use this App without parental supervision and medical guidance.
If you believe we have inadvertently collected information from a child, please contact us immediately so we can delete the information.
8. International Data Transfers
8.1 Where Your Data is Processed
| Service Provider | Location | Data Types | Legal Basis |
|---|---|---|---|
| Google Cloud Platform (Firebase, Firestore) | United States, EU regions | Fasting data, account info, analytics | Standard Contractual Clauses (SCCs) |
| RevenueCat | United States | Subscription data, purchase receipts | Standard Contractual Clauses (SCCs) |
| Google Play Services | United States | Payment information | Google’s Privacy Shield successor framework |
8.2 Safeguards for International Transfers
When your data is transferred outside the European Economic Area (EEA), we ensure adequate protection through:
Standard Contractual Clauses (SCCs):
- Google Cloud and Firebase comply with EU-approved Standard Contractual Clauses
- View Google’s SCCs: https://cloud.google.com/terms/eu-model-contract-clause
- These clauses are legally binding contracts that ensure EU-level data protection
Encryption & Security:
- All data is encrypted in transit using TLS 1.3
- All data is encrypted at rest using AES-256
- We use secure authentication protocols (OAuth 2.0)
Data Minimization:
- We only transfer data that is necessary for app functionality
- Weight record notes are NEVER transferred (local only)
- Analytics data is anonymized before transfer
8.3 Your Rights Regarding International Transfers
You have the right to:
- Object to international data transfers
- Request information about safeguards in place
- Withdraw consent for transfers (may limit app functionality)
To exercise these rights:
- Contact us at info@ultimate-fasting.app
- Specify which transfers you object to
- We will work with you to find alternative solutions or limit functionality as needed
Note: Objecting to certain transfers (e.g., Firebase) may prevent you from using cloud sync and cross-device functionality.
9. Third-Party Links
The App may contain links to third-party websites or services (e.g., support documentation, privacy policies, app stores).
We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing any personal information.
10. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.
When we make changes:
- We will update the “Last updated” date at the top
- Significant changes will be communicated through in-app notifications
- Continued use of the App after changes constitutes acceptance of the updated policy
We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.
11. Do Not Track Signals
Some web browsers have “Do Not Track” features. Our App does not currently respond to Do Not Track signals because there is no standard interpretation or implementation of DNT signals for mobile apps.
However, you can control analytics tracking by disabling Firebase Analytics in the app settings.
12. California Privacy Rights (CCPA)
If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA):
Categories of Personal Information We Collect:
- Identifiers (email, name, user ID)
- Health information (fasting data, weight, mood)
- Biometric information (via Health Connect with permission)
- Internet activity (usage analytics)
- Commercial information (subscription purchases)
How We Use Personal Information:
- App functionality and personalization
- Analytics and improvement
- Communication and notifications
- Subscription management
Third Parties We Share With:
- Firebase/Google (infrastructure and analytics)
- RevenueCat (subscription management)
- Google Play / Apple (payment processing)
Your CCPA Rights:
- Right to Know: Request disclosure of data collected in the last 12 months
- Right to Delete: Request deletion of personal information
- Right to Opt-Out: Opt-out of sale of personal information (Note: We do NOT sell personal information)
- Right to Non-Discrimination: Equal service and pricing regardless of privacy choices
To exercise your rights, contact us through the Support section.
13. European Privacy Rights (GDPR)
If you are in the European Economic Area (EEA), UK, or Switzerland, you have rights under the General Data Protection Regulation (GDPR):
Legal Basis for Processing:
- Consent: Health data, analytics, leaderboard participation
- Contract: Providing app functionality and subscription services
- Legitimate Interests: App improvement, fraud prevention, security
Your GDPR Rights:
- Access, rectification, erasure, restriction, portability, objection (detailed in Section 6.6)
- Right to lodge a complaint with your local data protection authority
Data Protection Officer:
We have assessed our data processing activities under GDPR Article 37 and determined that we are not required to appoint a Data Protection Officer because:
- We do not process personal data on a large scale as our core business activity
- We are a small organization with limited data processing operations
- The nature of our processing does not require regular and systematic monitoring of individuals on a large scale
For GDPR-related inquiries and data protection matters, please contact our Privacy Team:
- Email: info@ultimate-fasting.app
- Subject Line: “GDPR Request” or “Data Protection Inquiry”
We will respond to all data protection requests within 30 days as required by GDPR.
14. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
Support Contact:
- In-App: Settings → Support → Contact Us
- Email: info@ultimate-fasting.app
Mailing Address:
Ultimate Fasting App
Kiril and Metodi Str, 2
Montana, Montana Province
Bulgaria
We will respond to your inquiry within 30 days (or as required by applicable law).
15. Summary of Key Privacy Practices
✅ We DO:
- Store fasting and weight data locally on your device
- Encrypt data in transit and at rest
- Give you full control over cloud sync
- Allow you to export and delete your data
- Provide opt-in leaderboards and optional Health Connect integration
- Use Firebase Analytics with anonymized data (can be disabled)
- Process subscriptions securely through RevenueCat and app stores
❌ We DO NOT:
- Sell your personal information to third parties
- Share health data with advertisers
- Automatically sync data without your permission
- Sync weight record notes to the cloud
- Collect data from children
- Require Health Connect to use the app
By using Ultimate Fasting App, you acknowledge that you have read and understood this Privacy Policy.
Thank you for trusting us with your fasting journey! 🙏