Privacy Policy

Last updated: March 27, 2026

Stronger Software LLC ("we," "us," or "our") operates the Anvil mobile application (the "App"). This Privacy Policy explains how we collect, use, disclose, and protect your information when you use our App.

1. Information We Collect

Account Information

When you create an account, we collect:

• Email address — for authentication and account recovery
• Authentication credentials — managed securely through Apple Sign-In, Google Sign-In, or email/password via our authentication provider

Health and Lifestyle Data

To provide testosterone estimation and lifestyle optimization, you may provide:

• Daily lifestyle entries — sleep duration, exercise, nutrition, substance use, stress levels, supplement intake, and other lifestyle factors
• Body composition data — height, weight, and body fat estimates from body scans
• Bloodwork results — lab values including Total Testosterone, Free Testosterone, LH, and SHBG from uploaded lab reports
• Health profile — age, biological sex, health conditions, and goals provided during onboarding

Scan Images

When you use our scanning features, we process:

• Food and product photos — analyzed for nutritional content and ingredient safety
• Body scan photos — analyzed for body composition estimation
• Barcode scans — used to identify products for ingredient analysis
• Bloodwork images — lab report photos analyzed to extract health markers

Apple HealthKit Data

With your explicit permission, we read your daily step count from Apple HealthKit. We only read this data — we never write to HealthKit. Step count data is used solely to track your daily activity level within the App. We do not use HealthKit data for advertising, marketing, data mining, or any purpose other than providing health management features within the App.

Chat Messages

When you use the Ask Anvil assistant, your messages and our responses are stored to maintain conversation history within the App.

Device Information

We collect basic device information (device model, operating system version, app version) for support and diagnostics purposes only.

2. How We Use Your Information

We use your information exclusively to:

• Provide the App's core features — calculating your Optimization Score, generating testosterone estimates, tracking goals, and displaying progress
• Power AI-assisted features — analyzing scan images and providing health guidance through the Ask Anvil assistant
• Sync your data — enabling access across your devices via cloud sync
• Improve the App — understanding usage patterns to make the App better (aggregated, non-identifiable data only)
• Provide support — responding to your questions and resolving issues

We do not use your data for:

• Advertising or ad targeting
• Selling to third parties
• Data mining or profiling for purposes unrelated to the App
• Training AI models

3. Third-Party Services

We use the following third-party services to operate the App. Each receives only the minimum data necessary for its function:

Supabase

We use Supabase for authentication, cloud database, and file storage. Your account information, lifestyle data, and scan images are stored on Supabase's servers to enable cloud sync and multi-device access. Supabase processes data in accordance with their privacy policy.

OpenAI

We use OpenAI's API to power our AI-assisted features, including food scanning, body composition analysis, product scanning, bloodwork extraction, and the Ask Anvil chat assistant. When you use these features, your scan images and/or chat messages are sent to OpenAI for processing. OpenAI does not retain your data for model training. We route all AI requests through a secure server proxy — no API keys are stored on your device. No personally identifiable information (name, email, account ID) is sent to OpenAI — only the images and anonymized context necessary for analysis.

RevenueCat

We use RevenueCat to manage subscriptions and in-app purchases. RevenueCat receives a pseudonymous user identifier and purchase transaction data from Apple. It does not receive your health data, scan images, or lifestyle information.

Apple HealthKit

We read step count data from Apple HealthKit with your explicit permission. This data stays on your device and within our secure cloud sync — it is never shared with third parties, used for advertising, or used for any purpose other than displaying your activity within the App.

4. Data Storage and Security

Anvil is designed as a local-first application. All your data is stored on your device using Apple's SwiftData framework and works fully offline. When you create an account, your data is also synced to our cloud servers (hosted by Supabase) to enable backup and multi-device access.

We protect your data using:

• Encrypted connections (HTTPS/TLS) for all data transmission
• Row-level security policies on our database — you can only access your own data
• Secure authentication through Apple Sign-In, Google Sign-In, or email/password
• Server-side API key management — no third-party API keys are embedded in the App

5. Data Retention and Deletion

Your data is retained for as long as you maintain an active account. You can delete your account at any time from within the App (Profile > Delete Account). When you delete your account:

• All your data is permanently deleted from our servers, including all lifestyle entries, scan results, bloodwork records, chat history, and uploaded images
• Your authentication account is deleted
• Local data on your device is cleared
• This deletion is immediate and irreversible

You can also export your data at any time from within the App (Profile > Export Data) before deleting your account.

6. Children's Privacy

Anvil is intended for users aged 18 and older. We do not knowingly collect personal information from anyone under the age of 18. If we learn that we have collected personal information from someone under 18, we will delete that information promptly.

7. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

• Access — Export your data at any time from within the App
• Deletion — Delete your account and all associated data from within the App
• Portability — Export your data in a standard format (JSON)
• Correction — Update your profile and health data at any time within the App
• Opt-out — You can stop using AI-powered features at any time; core scoring works without them

California Residents (CCPA)

If you are a California resident, you have the right to know what personal information we collect, request deletion of your information, and opt out of the sale of your information. We do not sell your personal information. To exercise your rights, use the in-app tools or contact us at the email below.

European Residents (GDPR)

If you are in the European Economic Area, we process your data based on your consent (provided when you create an account and use features) and our legitimate interest in providing the App's services. You have the right to withdraw consent, request data access or deletion, and lodge a complaint with your local data protection authority. Contact us at the email below to exercise these rights.

8. Tracking and Analytics

Anvil does not use any advertising trackers, analytics SDKs that track you across apps, or device fingerprinting. We do not participate in any advertising networks. We do not use Apple's App Tracking Transparency framework because we do not track users.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by updating the "Last updated" date at the top of this page. Continued use of the App after changes constitutes acceptance of the updated policy.

10. Contact Us

If you have questions about this Privacy Policy or your data, contact us at:

Email: support@anvilhealth.app

Company: Stronger Software LLC