Privacy

What stays on your phone, stays on your phone.

Last updated · April 25, 2026
  • Local-first healthWeight, meals, sleep, HR, workouts — read from Apple Health, processed on device, never uploaded.
  • Minimal syncOnly your handle, XP, level, tier, and streak sync to teammates — and only if you join a squad.
  • Anonymous diagnosticsCrash reports + app-session counts. No personal data, no health data, no advertising IDs.

Plain-English summary

CrestoFit is a fitness journal that lives on your iPhone. Apple Health data — your weight, meals, sleep, heart rate, workouts — is read on-device and never sent to our servers. The only things that ever leave your phone are (1) your squad scoreboard fields, and only if you choose to join a squad, and (2) anonymous crash reports and app diagnostics that help us catch bugs.

Data we read from Apple Health

With your permission, CrestoFit reads the following from Apple Health to compute character stats and quests: steps, weight, sleep, heart rate, active energy, dietary water, and workouts. Your biological sex, date of birth, and height (if set in iOS Health) are read once to pre-fill onboarding so you don't retype them.

CrestoFit writes weight logs, water logs, and workouts back to Apple Health so they show up in other apps you trust. Nothing else is written.

HealthKit data is never transmitted off your device by CrestoFit. It is not used for advertising, data brokerage, or sold to anyone. It is not shared with third parties. Apple's developer rules require this and we comply.

Data we collect when you join a squad

Squad is opt-in. When you join or create one, the following fields are stored in our cloud database (Firebase Firestore) so squad members can see the leaderboard:

  • Display name (your in-app handle, e.g. “FrostWolf42”)
  • Total XP, current level, current rank tier, and tier label (e.g. “Silver II”)
  • Current streak length, in days
  • The squad you belong to (if any)

That's the entire list. Your weight, meals, sleep, HR, photos, and every other health field are never transmitted. The list is enforced both in the iOS app (a single write path with a field allowlist) and on our server (Firestore Security Rules that reject any other field).

Anonymous diagnostics

CrestoFit uses Firebase Crashlytics and Firebase Analytics to catch crashes and understand basic app health. The data sent is anonymous and tied only to a per-install random ID — never to your Apple ID, email, or name. Specifically:

  • Crash reports — stack trace at crash time, device model, OS version, app version, free memory and disk at crash.
  • App diagnostics — app open events, session duration, country (derived from your IP at request time, not stored).

We do not use Apple's advertising identifier (IDFA), and we do not call setUserIDin Analytics — both of which would shift this data into Apple's “Tracking” category and require an on-screen permission prompt. We don't need either, so we don't use them.

What we never collect

  • Your weight, body composition, or any HealthKit value (transmitted off-device)
  • Meal contents, photos, OCR text, or estimated calorie intake
  • Heart rate, sleep stages, HRV, or any clinical data
  • GPS or precise location
  • Contacts, calendar, or any data outside CrestoFit
  • Apple's advertising identifier (IDFA)

Apple Sign-in

Joining a squad requires signing in with Apple. Apple sends us a stable Apple-issued user identifier and (optionally) a relay email address — we never see your real Apple ID email. We use this only to (a) keep your squad and progression linked across devices, and (b) re-link the same account when you reinstall the app. You can revoke CrestoFit's access any time in iOS Settings → Apple ID → Sign-In with Apple.

Sub-processors

CrestoFituses Google's Firebase platform for the squad backend and anonymous diagnostics. Specifically:

  • Firebase Authentication — anonymous and Apple-linked accounts
  • Firebase Firestore — squad scoreboard storage (the fields listed above)
  • Firebase Crashlytics — crash reports
  • Firebase Analytics — anonymous app sessions and country
  • Firebase Hosting — this website

Data in transit is protected by TLS. Firestore is not end-to-end encrypted — Google can technically access squad fields server-side, which is why we restrict that data to what we're comfortable handing to a sub-processor (handle, XP, level, tier, streak — no health data).

Data retention & deletion

On-device data lives until you delete the app or use Settings → Data → Delete all data, which wipes your local logs, profile, settings, and signs you out of Apple. The same action also deletes your cloud user document and removes you from any squad you're in.

Apple's account link itself can only be revoked from iOS Settings → Apple ID → Sign-In with Apple → CrestoFit→ Stop Using Apple ID. We can't do that for you — only Apple controls it.

Crashlytics and Analytics data is retained per Google's defaults (typically 90 days for crashes, up to 14 months for events). Because it's anonymous and not tied to your Apple ID, there's no per-user deletion handle on that data — it ages out automatically.

Your rights

You can:

  • Delete all your local + cloud data at any time (Settings → Data → Delete all data)
  • Sign out of Apple inside the app (Profile → Sign out) without deleting data
  • Revoke Apple's grant entirely from iOS Settings (above)
  • Opt out of public website leaderboards (off by default — Profile → Public leaderboard)

If you're in the EU/UK (GDPR) or California (CCPA), you also have the right to access, correct, or delete personal data we hold about you, and to lodge a complaint with your supervisory authority. Email developer.crestofit@gmail.comwith your request and we'll respond within 30 days. Most requests are already covered by the in-app Delete-all-data button, which we'll always recommend first.

Children

CrestoFit is intended for people 13 and over. We do not knowingly collect data from children under 13. If you believe we have, please email developer.crestofit@gmail.com and we will delete it.

Changes to this policy

If we change what data leaves your device, we'll update this page and bump the date at the top. Material changes will also surface in the app's Privacy report screen on next launch.

Contact

Privacy questions or requests: developer.crestofit@gmail.com. We're a small team and reply to every message within 5 business days.