TL;DR: We collect the data you give us (email, workouts, photos) plus your voice during a coach call, use it to run the app, and never sell it. Form Coach video and offline calls stay on your device; physique photos are encrypted on your device. You can delete everything any time.
1. Who runs Evulto
Evulto is operated by Rahul Manghnani (sole proprietor). Reach the team at hello@evulto.com. This policy covers evulto.com, the Evulto Android app (and future iOS version), and any pre-release / beta versions thereof.
2. What we collect
2.1 Account data
- Email address — needed to sign in
- Display name — what your coach calls you
- Password — stored hashed; we never see it in plaintext
2.2 Fitness data
- Body stats — height, weight, age, gender (used to compute calorie targets)
- Workout logs — exercises, sets, reps, weight, RPE
- Nutrition logs — foods you log, macros
- Recovery check-ins — sleep quality, soreness, stress
- Streak history — training day counts, freeze inventory
2.3 Location data (territory game only)
When you start a run via the Territory feature, we collect GPS coordinates during that run only. We compute a list of "grid cells" you passed through (200×200 metre squares) and save those cells — not the raw GPS track. Stop the run, the GPS subscription stops.
We never read your location in the background or outside an active run.
2.4 Physique photos
Photos you take in the Physique Check-in feature are encrypted on your device using a key only you hold. The encrypted blobs are uploaded to our storage, but we cannot decrypt them — even with full database access — because we never see your key.
2.5 Push tokens
We store your Firebase Cloud Messaging (FCM) token so the territory game can notify you when someone takes one of your cells, and so the coach can call you at your scheduled time. Used for nothing else.
2.6 Device data
Standard request metadata (IP address, browser user-agent, OS version) is logged by our infrastructure provider (Supabase) for security + abuse prevention. Retained for 30 days, then auto-deleted.
2.7 Camera
The Form Coach uses your camera to analyse your exercise form. This runs entirely on your device using on-device pose detection — video frames are processed locally in real time and are never uploaded or stored. Progress photos are covered separately in 2.4. The camera is used only while a Form Coach or physique-photo session you started is open.
2.8 Microphone & voice (coach calls)
When you answer a live coach call, your microphone audio is streamed in real time to our voice provider, ElevenLabs, so the AI coach can hold a two-way conversation. The audio is used only to power that conversation — never to identify you, never sold. If you have no internet connection, the call falls back to your phone's built-in offline voice and no audio leaves your device. The microphone is used only during an active call or a Form Coach session you start.
2.9 Health & wearable data (optional)
If you choose to connect a smartwatch or Health Connect, Evulto reads your steps, heart rate, HRV and sleep only to calculate daily recovery and adjust your training. This is strictly opt-in — we read it only after you grant permission, we don't share it with advertisers, and you can revoke access any time in your device's Health Connect / Apple Health settings.
3. What we DON'T collect
- No advertising IDs
- No analytics tracking pixels (Google Analytics, Facebook Pixel, etc.)
- No access to your contact list or full photo library
- No background microphone or camera access — both are used only during an active coach call or Form Coach session that you start
- No data from third-party platforms (Instagram, Strava, etc.) unless you connect them
- No card or bank details — our payment processor handles those (see section 5); we never see or store them
4. How we use it
- Run the app — display your data back to you, compute your macros, draw your charts
- Personalise coaching — pick which workouts / tips to surface based on your stats
- Power the territory game — compute leaderboards, deliver steal notifications
- Improve the app — aggregate, anonymised usage stats only (no individual tracking)
We never sell your data. We never share your data with advertisers. We never use your data to train AI models without your explicit opt-in.
5. Where it's stored & who processes it
Your account, fitness, and (encrypted) photo data is stored on Supabase (Postgres + storage) in the AWS US-East region. We share specific data with the processors below only to provide the features you use:
- Supabase — database, authentication, file storage (privacy)
- ElevenLabs — processes your microphone audio during live coach calls to power the AI voice conversation (privacy)
- Anthropic (Claude) — generates written coaching text (privacy)
- Resend — sends account & transactional emails to your address (privacy)
- Lemon Squeezy & Google Play Billing — process payments; they receive your payment details, which Evulto never sees or stores (privacy)
- Google Firebase — Cloud Messaging push tokens for notifications & coach calls (privacy)
These are data processors acting on our behalf — none of them are permitted to sell your data or use it for their own advertising. Payments (subscriptions or accountability stakes) are handled entirely by the payment processors above; Evulto never sees or stores your card or bank information — we only receive confirmation of what you bought and the email tied to the purchase.
6. Your rights
You can, at any time:
- Export your data — email hello@evulto.com and we send a JSON dump within 7 days
- Delete your account — Profile → Settings → Delete Account. Erases everything immediately and irreversibly. (Or email us if you can't access the app.)
- Edit or correct any field — directly from the app
- Withdraw consent — disable specific features (location, photos, notifications) any time from Profile → Permissions
7. Children
Evulto is not directed at children under 13 (under 16 in the EU). We do not knowingly collect data from minors. If you believe a minor has signed up, email hello@evulto.com and we will delete the account.
8. Changes to this policy
If we make material changes (e.g. start collecting new data, add a third-party service), we'll notify you via email + in-app banner at least 14 days before the change takes effect. Minor wording changes don't need notification.
9. Contact
Questions, complaints, data export requests, deletion requests — all to: hello@evulto.com. We respond within 48 hours.
This policy is written in plain English on purpose. Most of the legalese in other policies exists to obscure what's happening. We don't have anything to hide, so we say it straight.