Privacy Policy

1. Scope

This policy applies to the OneFloors iOS / Android app (cc.onefloors.app) and the website onefloors.cc. Using the service means you have read and agree to this policy; if you do not agree, please stop using it.

2. Data We Collect

We only collect what is necessary to provide the service:

• Account data: email, display name, hashed password, avatar.
• Body basics (student): gender, birthday, height, weight, activity level, goals — used to compute nutrition and training recommendations.
• Coach application data: display name, bio, years of experience, service format, location, specialties, exclusions.
• Usage records: meal logs, training logs, body composition photos (student-uploaded), bookings, messages with the coach/AI.
• Device & technical data: device model, OS version, app version, IP address, crash and performance logs.
• Apple App Store subscription receipts: for coach Pro subscriptions, Apple StoreKit's signedTransaction (JWS) used for backend verification. We never receive credit card numbers or Apple ID passwords.

3. How We Use Your Data

• Provide and improve the service: match coaches and students, compute nutrition targets, generate training suggestions, send reminders.
• Account management: sign-in, password recovery, abuse prevention.
• Customer support and dispute handling: when you contact support or a class dispute arises, we review relevant records to help resolve it.
• Legal compliance: provide necessary information when required by authorities.
• Aggregate analytics: anonymized analysis of usage to improve the product.

4. What We Will Not Do

• We will not sell your personal data to any third party.
• We will not use your messages, meal logs, or body composition photos for marketing without your explicit consent.
• We will not display identifiable information about you in public (social media, etc.).
• We will not use any Apple HealthKit data for advertising, marketing, data mining, or sale (per Apple App Store Review Guideline 5.1.3).

5. Apple HealthKit Data Handling (iOS)

OneFloors uses Apple's HealthKit framework on iOS with the following purpose, scope, and limitations:

• Read scope: step count only (HKQuantityTypeIdentifierStepCount). Used to display today's activity on the Home tab and combine it with in-app workout logs to estimate TDEE (Total Daily Energy Expenditure).
• Write scope: none. v1.0.0 does not write any data to Apple Health.
• Storage: step-count data read from HealthKit is processed strictly on-device. It is never uploaded to OneFloors servers, never linked to your account ID or email, and never shared with any third party.
• iCloud: we do not store any health-related data (PHI) in iCloud.
• Use restriction: HealthKit data is never used for advertising, marketing, demographics, data mining, or sale. This complies with Apple App Store Review Guideline 5.1.3 and 5.1.2(vi).
• Revoking access: you can revoke access at any time in iOS Settings → Privacy & Security → Health → OneFloors. The app automatically falls back to a non-HealthKit display mode.

6. Third-Party Services

The service relies on the following third parties, each governed by their own privacy policy:

• Cloud infrastructure (AWS / Cloudflare) — servers and file storage.
• Firebase (Crashlytics / Performance / Analytics) — crash reporting, performance monitoring, aggregate behavioral analytics; no personally identifiable information is collected.
• AI services (Google Gemini 2.5 Flash, called server-side from our backend) — food recognition and AI coaching. Only the necessary image or text fragment is forwarded, without your name or email. The mobile app holds no LLM API key.
• Apple App Store / StoreKit — handles coach subscription billing, governed by Apple's privacy policy.
• Sign in with Apple, Google Sign-In — OAuth third-party login. They only share the basic identifiers you authorize (display name, email, or relay email).

7. Coach / Student Data Sharing (when you bind a coach)

If you are a student and choose to bind to a coach, we share your training-relevant data with that specific coach so they can give personalized guidance. This sharing requires your explicit in-app consent — when you tap “Bind”, a dedicated modal lists exactly what will be shared, and the binding only takes effect after you confirm “I agree, bind coach”. We do not share anything in the background or by default.

• Shared: meal logs, training logs, self-training records, body composition (InBody) values and body photos, bookings, and class notes.
• Not shared: passwords, email address, login devices, payment data; records with other coaches; raw Apple HealthKit data.
• Consent is per-coach and one-way — you only grant access to the one coach you bound to, never to “all coaches” or any third party.
• Revocable at any time: from the home tab “My Coaches” section, long-press the coach avatar → Unbind, and sharing stops immediately. To request that the coach also delete data already shared, email [email protected].
• What we will not do: we will not use this shared data for marketing, advertising, sale to third parties, or share it with anyone other than the coach you bound to.

8. Retention and Security

• Passwords are stored as one-way hashes — even our engineers cannot recover them.
• All transport uses HTTPS / TLS 1.2 or higher.
• Server access follows the principle of least privilege; sensitive operations are audit-logged.
• After account deletion, identifiable data is purged within 30 days (excluding records we are legally required to retain).

9. Your Rights

Under Taiwan's Personal Data Protection Act and general international norms, you have the following rights:

• Access, copy, correct, or supplement your personal data.
• Request that we stop collecting, processing, or using your data.
• Request deletion (the so-called 'right to be forgotten') — in the app: Settings → Account & Privacy → Delete Account; or by email.
• Withdraw consent — you may revoke specific authorizations at any time (coach data sharing, HealthKit, AI services, crash reporting, etc.).

10. Account Deletion and Subscription Cancellation

You can delete your account at any time via Settings → Account & Privacy → Delete Account in the app. Personal data is purged within 30 days.

Note: deleting your OneFloors account does NOT automatically cancel any active Apple subscription. To cancel Coach Pro, go to iOS Settings → Apple ID → Subscriptions.

11. Minors

This service is designed for users 18 years of age or older. If you are under 18, please use it only with the consent of a legal guardian; accounts identified as minors without consent will be suspended.

12. Policy Changes

We may update this policy as the product evolves or as regulations change; material changes will be announced in the app or by email. The version shown on this page is always the authoritative one.

13. Contact

For privacy questions or to exercise your rights, email [email protected] — also the shared channel for general support, partnerships, and App Store review correspondence.