Privacy Policy

Beast ("the App") is an AI-powered fitness coaching application developed by Creative Rebels sp. z o.o. ("we", "us", "our"). We are committed to protecting your privacy and handling your data transparently.

This Privacy Policy explains what data we collect, how we use it, and your rights regarding your personal information.

Account Information: When you sign up via Apple Sign-In, we receive your Apple ID identifier and, optionally, your name and email address. We do not receive your Apple ID password.

Health & Fitness Data: With your explicit permission, Beast accesses HealthKit data including workouts, heart rate, steps, sleep, weight, and nutrition. This data stays on your device and is sent to our servers only to provide AI coaching features.

Chat Messages: Your conversations with the Beast AI coach are stored securely to provide personalized coaching continuity.

Device Information: We collect basic device info (device model, OS version, timezone) to optimize the app experience and deliver timely notifications.

Location Data (optional): If you enable location features, we use geofencing to provide context-aware coaching (e.g., gym arrival motivation). Location data is processed locally and not shared with third parties.

All data is used exclusively to provide and improve the Beast coaching experience:

• Generate personalized AI coaching responses based on your health metrics, training history, and goals

• Track your progress and adapt training recommendations over time

• Send proactive health insights and reminders at appropriate times

• Improve our AI models and coaching quality (using anonymized, aggregated data only)

We never sell your personal data to third parties. We never use your health data for advertising.

Beast integrates with Apple HealthKit to read and write health data. In accordance with Apple's HealthKit guidelines:

• Health data is never used for advertising or marketing purposes

• Health data is never sold to data brokers, advertising platforms, or information resellers

• Health data is not shared with third parties without your explicit consent

• Health data is encrypted in transit and at rest

You can revoke HealthKit access at any time in your iPhone Settings → Privacy & Security → Health → Beast.

Your messages and health context are processed by AI models (Google Gemini) to generate coaching responses. This data is sent via encrypted connections (TLS 1.3) to our backend servers and then to AI providers.

AI providers process your data solely to generate responses and do not retain your data for their own training purposes under our data processing agreements.

Your conversation history and health snapshots are stored on our servers (Convex) with encryption to maintain coaching continuity across sessions.

Your data is stored securely using industry-standard practices:

• All data in transit is encrypted via TLS 1.3

• Sensitive data (messages, health snapshots) is encrypted at rest using AES-256

• Our backend runs on Convex, which provides SOC 2 Type II certified infrastructure

• Authentication is handled by Clerk, which is SOC 2 Type II compliant

• We implement rate limiting and access controls to prevent unauthorized access

We retain your data for as long as your account is active. If you delete your account:

• All personal data, chat history, and health data are permanently deleted within 30 days

• Anonymized, aggregated analytics data may be retained

You can request data deletion at any time by contacting hello@beastme.app or through the app settings.

Beast uses the following third-party services to operate:

• Clerk — Authentication (Apple Sign-In)

• Convex — Backend database and real-time sync

• Google Gemini — AI model for coaching responses

• Apple Push Notification service (APNs) — Proactive coaching notifications

Each provider operates under their own privacy policy and our data processing agreements.

Depending on your location, you have the right to:

• Access: Request a copy of all data we hold about you

• Rectification: Correct inaccurate personal data

• Deletion: Request permanent deletion of your data

• Portability: Receive your data in a machine-readable format

• Restriction: Limit how we process your data

• Object: Opt out of certain data processing activities

To exercise any of these rights, contact us at hello@beastme.app. We will respond within 30 days.

Beast is not intended for children under 16 years of age. We do not knowingly collect personal information from children. If we discover that a child under 16 has provided us with personal data, we will delete it promptly.

We may update this Privacy Policy from time to time. We will notify you of material changes through the app or via email. Your continued use of Beast after changes constitutes acceptance of the updated policy.