PRIVACY POLICY

What we collect, what we don't, and why.

No dark patterns. No selling your data. No tracking pixels. The shortest readable privacy policy we could write while still being legally accurate.

LAST UPDATED · 26 JUNE 2026

TL;DR: We collect the data you give us (email, workouts, photos) plus your voice during a coach call, use it to run the app, and never sell it. Form Coach video and offline calls stay on your device; physique photos are encrypted on your device. You can delete everything any time.

1. Who runs Evulto

Evulto is operated by Rahul Manghnani (sole proprietor). Reach the team at hello@evulto.com. This policy covers evulto.com, the Evulto Android app (and future iOS version), and any pre-release / beta versions thereof.

2. What we collect

2.1 Account data

2.2 Fitness data

2.3 Location data (territory game only)

When you start a run via the Territory feature, we collect GPS coordinates during that run only. We compute a list of "grid cells" you passed through (200×200 metre squares) and save those cells — not the raw GPS track. Stop the run, the GPS subscription stops.

We never read your location in the background or outside an active run.

2.4 Physique photos

Photos you take in the Physique Check-in feature are encrypted on your device using a key only you hold. The encrypted blobs are uploaded to our storage, but we cannot decrypt them — even with full database access — because we never see your key.

2.5 Push tokens

We store your Firebase Cloud Messaging (FCM) token so the territory game can notify you when someone takes one of your cells, and so the coach can call you at your scheduled time. Used for nothing else.

2.6 Device data

Standard request metadata (IP address, browser user-agent, OS version) is logged by our infrastructure provider (Supabase) for security + abuse prevention. Retained for 30 days, then auto-deleted.

2.7 Camera

The Form Coach uses your camera to analyse your exercise form. This runs entirely on your device using on-device pose detection — video frames are processed locally in real time and are never uploaded or stored. Progress photos are covered separately in 2.4. The camera is used only while a Form Coach or physique-photo session you started is open.

2.8 Microphone & voice (coach calls)

When you answer a live coach call, your microphone audio is streamed in real time to our voice provider, ElevenLabs, so the AI coach can hold a two-way conversation. The audio is used only to power that conversation — never to identify you, never sold. If you have no internet connection, the call falls back to your phone's built-in offline voice and no audio leaves your device. The microphone is used only during an active call or a Form Coach session you start.

2.9 Health & wearable data (optional)

If you choose to connect a smartwatch or Health Connect, Evulto reads your steps, heart rate, HRV and sleep only to calculate daily recovery and adjust your training. This is strictly opt-in — we read it only after you grant permission, we don't share it with advertisers, and you can revoke access any time in your device's Health Connect / Apple Health settings.

3. What we DON'T collect

4. How we use it

We never sell your data. We never share your data with advertisers. We never use your data to train AI models without your explicit opt-in.

5. Where it's stored & who processes it

Your account, fitness, and (encrypted) photo data is stored on Supabase (Postgres + storage) in the AWS US-East region. We share specific data with the processors below only to provide the features you use:

These are data processors acting on our behalf — none of them are permitted to sell your data or use it for their own advertising. Payments (subscriptions or accountability stakes) are handled entirely by the payment processors above; Evulto never sees or stores your card or bank information — we only receive confirmation of what you bought and the email tied to the purchase.

6. Your rights

You can, at any time:

7. Children

Evulto is not directed at children under 13 (under 16 in the EU). We do not knowingly collect data from minors. If you believe a minor has signed up, email hello@evulto.com and we will delete the account.

8. Changes to this policy

If we make material changes (e.g. start collecting new data, add a third-party service), we'll notify you via email + in-app banner at least 14 days before the change takes effect. Minor wording changes don't need notification.

9. Contact

Questions, complaints, data export requests, deletion requests — all to: hello@evulto.com. We respond within 48 hours.

This policy is written in plain English on purpose. Most of the legalese in other policies exists to obscure what's happening. We don't have anything to hide, so we say it straight.