Privacy Policy

Last updated: April 15, 2026

Tare is built by a small team that uses the app themselves. We collect the least data we can get away with, we never sell it, and we explain everything below in plain language. If anything on this page is unclear, email privacy@trytare.app.

Who we are

Tare is operated by Zenith Success Development LLC ("Tare," "we," "us"), a United States limited liability company. Our support inbox is support@trytare.app. Our privacy inbox is privacy@trytare.app.

What we collect

Account and profile data

• Email address — required for account creation, login, and critical account emails.
• Display name — optional. Used only to personalize in-app messages from Milo (the AI coach).
• Training profile — your goals, training experience, days per week, session length, available equipment, and any injuries you disclose. Used to build your training plan.
• Profile photo — optional. Stored privately in Supabase Storage and served via signed URLs only.

Training data

• Workout logs — sets, reps, weights, readiness ratings, RPE, notes you write. This is the core of the app and is always linked to your account.
• Training phases — AI-generated plans and any modifications you or Milo make to them.

Body scan photos

• When you take a body scan, the three photos (front, side, back) are uploaded to a private Supabase Storage bucket. They are not public. They are accessible only via short-lived signed URLs issued to your authenticated session.
• The photos are sent to OpenAI's vision API for body-fat and posture estimation. OpenAI does not use API data to train their models (per their API data-usage policy). We do not save the photos to any third party beyond Supabase and OpenAI.
• You can delete any scan and its associated photos at any time from the Progress tab. Deletion removes them from our database and schedules the underlying storage object for removal.

Chat with Milo (the AI coach)

• Your messages to Milo and Milo's replies are sent to OpenAI for inference. Messages are not linked to third-party advertising identifiers. We do not use your chat content for advertising or share it with anyone.
• Milo may call internal tools to modify your training plan (e.g., swap an exercise). Tool calls are logged with your account for debugging and to give Milo the context to explain changes in later sessions.
• We do not log the raw content of your messages in our analytics system. Only anonymized event metadata (message length, whether it came from a Home-screen chip) is tracked.

Subscription data

• Subscriptions are processed by Apple (App Store) and managed through RevenueCat. We receive an anonymous RevenueCat user ID and entitlement status. We never see your credit card or Apple ID payment details.

Analytics and diagnostics

• We use PostHog for product analytics — which screens you visit, which features you use, and which events fail. Events are keyed to a random identifier, not your email or name.
• We do not use third-party advertising SDKs. Tare does not participate in cross-site tracking.
• We collect standard crash logs via Expo/Sentry-style mechanisms to fix bugs. Crash logs do not include your personal data or chat content.

What we don't collect

• Your precise location. Tare does not use GPS.
• Contacts, microphone, or calendar data.
• Your Apple Health data — unless you explicitly connect Apple Health and grant permission, in which case we only write completed-workout records to Health. We do not read your existing Health data.
• Third-party advertising identifiers (IDFA). Tare does not track you across apps or websites.

How we use your data

• To provide the app: generate training plans, log workouts, run body-fat analysis, respond to Milo conversations, show your progress.
• To improve the app: anonymized product analytics (PostHog) tell us which features are used, which flows break, and where users get stuck.
• To support you: if you email support, we may look at your account data to help diagnose an issue.
• To comply with the law: we will respond to valid legal requests but require them to be legitimate (court orders, subpoenas). We do not proactively share data with law enforcement.

Who we share data with

We share the minimum data necessary with the following service providers. Each one is contractually bound to only use your data to provide their service to us:

• Supabase — database and file storage (US-hosted).
• OpenAI — AI inference for Milo chat, body-scan vision analysis, and embeddings for Milo's knowledge retrieval. OpenAI's Enterprise / API data-usage policy applies; your data is not used to train their general-purpose models.
• RevenueCat — subscription state management (they receive an anonymous user ID, not your email).
• PostHog — product analytics (US-hosted; event keys are random identifiers).
• Apple — App Store hosting, payment processing, TestFlight beta distribution.
• Vercel — hosting for our backend API.

We do not sell your data. We do not share it for advertising.

Your rights

Regardless of where you live, you have the following rights with respect to your Tare data:

• Access: email privacy@trytare.app and we'll send you a machine-readable export of everything linked to your account within 30 days.
• Correction: most data is editable in the app directly (Profile, Training data). For anything else, email us.
• Deletion: you can delete your account in the app (Profile → Delete account) or email privacy@trytare.app. All your data is removed from our active systems within 30 days and from backups within 90 days.
• Opt out of analytics: email us to opt out of PostHog event collection for your account.
• EU / UK residents (GDPR): you also have the right to restrict processing, object to processing, and lodge a complaint with your supervisory authority. We do not engage in automated decision-making that produces legal effects on you.
• California residents (CCPA/CPRA): you have the additional rights to know the specific categories of personal information collected, to know the purposes for which it is used, and to opt out of any "sale" or "sharing" of personal information. We do not sell or share your personal information for cross-context behavioral advertising.

Children

Tare is not intended for children under 13. We do not knowingly collect personal information from children under 13. If you believe we have inadvertently collected such information, email privacy@trytare.app and we will delete it promptly.

Data retention

• Account and training data: retained while your account is active.
• Body-scan photos: retained while your account is active, or until you delete them individually.
• On account deletion: active systems purged within 30 days; backup copies purged within 90 days.
• Analytics event data: retained up to 2 years in aggregate form.

Security

All traffic to Tare is encrypted in transit (TLS 1.2+). Data at rest in Supabase is encrypted. Body-scan photos are stored in a private bucket with row-level security — they are never publicly addressable. We use strong password hashing (via Supabase Auth) and require 2FA on all employee accounts with production access.

No system is perfectly secure. If we discover a breach affecting your personal data, we will notify you by email within 72 hours of confirming it, alongside any applicable regulatory notifications.

International transfers

Our primary data hosting is in the United States. If you access Tare from outside the US, your data will be transferred to and processed in the US. Where applicable, we rely on standard contractual clauses or equivalent safeguards for cross-border transfers.

Changes to this policy

When we make material changes, we'll update the "Last updated" date and notify you via in-app message or email. Minor clarifications that don't change your rights may be made without notice.

Contact

Questions, complaints, or requests: privacy@trytare.app.
General support: support@trytare.app.