1. Overview
Waylost is a mobile application for weight management, nutrition tracking, and AI-powered coaching. This policy explains what personal data we collect, how we use it, and the rights you have. We do not sell or share your data with third parties for marketing.
2. Data We Collect
Account: Email address, password (encrypted, we cannot see it), display name.
Health & fitness: Age, gender, height, weight, date of birth, activity level, goal (lose/gain/maintain), body measurements (waist, chest, hip, arm, leg, body fat %), optional blood values (glucose, HbA1c, cholesterol), meals & macros, workout logs, water intake.
Optional integrations: Apple Health / Google Fit (steps, calories, heart rate) — only if you enable them.
Content: Messages exchanged with the AI coach, meal photos (sent to AI for analysis, not stored), favorite meals, generated workout/meal plans.
Location (optional): Used only while the app is open to find nearby healthy restaurants. Coordinates are not saved; they are passed to Google Places API for the search only.
Technical: Device type, OS version, crash logs.
3. How We Use Your Data
- Calculate personalized BMR/TDEE/macro targets
- Provide AI coaching (profile summary is sent to Gemini for suggestions)
- Progress tracking (charts, comparisons, trends)
- Meal & workout reminders
- Debugging and stability
4. Third-Party Services
- Supabase — Database & auth (encrypted connection, Row-Level Security)
- Google Gemini AI — AI coaching & meal photo analysis. Google commits not to use API data for model training (Gemini commercial terms).
- Google Places API — Nearby restaurant suggestions (coordinates not stored)
- Expo / EAS — App distribution and push notifications
- Apple Health / Google Fit — Only when you enable, read-only
Each service is governed by its own privacy policy.
5. Data Retention
- Data is retained while your account is active.
- On deletion request: all data permanently deleted within 30 days (including backups).
- AI coach chat history: retained 30 days for context, can be deleted anytime.
- Meal photos: deleted immediately after analysis — only the analysis result is stored.
6. Your Rights (KVKK + GDPR)
- Access — Find out what data we hold
- Correction — Fix inaccurate data
- Deletion — Delete your account and all data (Profile → Delete Account)
- Portability — Request a JSON export
- Objection — Object to processing
To exercise your rights: support@wayloftapp.com
7. Security
- All network traffic uses HTTPS / TLS 1.3
- Supabase Row-Level Security ensures each user only accesses their own data
- Passwords stored with bcrypt hashing
- Sensitive data (blood values) isolated with RLS protection
8. Children
Waylost is not intended for users under 13. We do not knowingly collect data from children under 13. If we detect such data, it is deleted immediately.
9. Health Disclaimer
Waylost is not a medical device. AI coach suggestions and calculated targets are not a substitute for medical advice. Consult your physician before starting any diet or exercise program. In emergencies call 112 (TR) or your local emergency number.
10. International Transfers
Data may be processed on Supabase (EU servers) and Google Cloud (global). International transfers rely on GDPR Standard Contractual Clauses.
11. Cookies & Tracking
The app does not use cookies and contains no third-party advertising or analytics trackers.
12. Policy Updates
If this policy changes, we will notify you in-app. The "Last updated" date above reflects the latest revision.