Privacy Policy

MORFYN ("we", "our", "us") is an AI-powered fitness application developed by Diyorbek Ermamatov (dba DiorDev). The app is available on the Apple App Store.

For privacy-related questions, contact us at: [email protected]

2.1 Information you provide directly:

• •Account information: name, email address, password (hashed), profile picture
• •Physical profile: age, gender, height, weight, fitness goal, activity level, gym experience
• •Nutrition logs: meals, foods, portion sizes, water intake
• •Workout data: exercises performed, sets, reps, weights, session duration
• •Body measurements: weight history, BMI records, progress photos (stored locally on your device)
• •AI chat messages: your conversations with the MORFYN AI coach

2.2 Information collected automatically:

• •Sleep data: automatically retrieved from Apple Health (with your permission)
• •Step count and activity data: from Apple Health (with your permission)
• •Push notification token: for sending workout reminders and weekly summaries
• •Device information: platform (iOS/Android), app version, language preference
• •Usage analytics: features used, session frequency (no keystroke or screen recording)

2.3 Information from third-party services:

• •Google Sign-In: name, email, and profile picture from your Google account
• •Apple Sign-In: email address (which Apple may anonymize) from your Apple ID
• •RevenueCat: subscription status, purchase history (product identifiers, dates)

• •To create and manage your MORFYN account
• •To calculate personalized calorie and macro targets based on your profile
• •To generate AI-powered meal suggestions and workout plans tailored to you
• •To power the AI coach chat (your messages are sent to OpenAI's API to generate responses)
• •To analyze photos of your meals and estimate nutritional content (via OpenAI GPT-4o Vision)
• •To track your progress over time and surface insights and trends
• •To send push notifications: workout reminders, weekly summaries, re-engagement messages (only if you enable notifications)
• •To process in-app purchases and manage your subscription via RevenueCat and Apple App Store
• •To improve app performance, fix bugs, and develop new features
• •To comply with legal obligations

We never sell your personal data to third parties. We do not use your data for advertising profiling.

MORFYN collects health-related data including weight, calorie intake, sleep duration, exercise activity, and body measurements. This data is:

• •Used exclusively to provide fitness tracking and coaching features
• •Never sold, shared with advertisers, or used for insurance/financial purposes
• •Stored securely on our servers (MongoDB with encrypted connections)
• •Accessible only to you and our core engineering team (under strict confidentiality)

Progress photos you take within MORFYN are stored only on your device and are not uploaded to our servers unless you explicitly choose to share them.

Apple Health Integration: MORFYN reads sleep and step data from Apple Health only if you grant explicit permission through iOS. We write data back only if you enable this option. You can revoke this permission at any time in iOS Settings → Health → Data Access.

MORFYN uses OpenAI's API (GPT-4o) to power the AI coach chat and meal photo analysis. When you interact with the AI coach or analyze a meal photo:

• •Your message (and relevant profile context like goals and calorie targets) is sent to OpenAI's servers to generate a response
• •Meal photos are sent to OpenAI GPT-4o Vision for nutritional analysis
• •OpenAI may retain data per their own privacy policy for safety and abuse prevention
• •We do not use OpenAI's data training opt-out APIs — your data is not used to train OpenAI models by default (per OpenAI's API terms)

For OpenAI's privacy practices, visit: openai.com/privacy

We work with the following third-party providers:

Your data is stored on secure servers with the following protections:

• •All data in transit is encrypted using TLS/HTTPS
• •Passwords are hashed using bcrypt (never stored in plain text)
• •Database access is restricted by IP allowlist and authentication
• •API endpoints are protected by JWT authentication
• •Regular security reviews and dependency updates

While we take security seriously and follow industry best practices, no system is 100% impenetrable. In the event of a data breach, we will notify affected users within 72 hours.

• •Your account data is retained as long as your account is active
• •If you delete your account, we will permanently delete your data within 30 days
• •Anonymized, aggregated usage statistics may be retained indefinitely
• •Backup copies may persist for up to 90 days after deletion for disaster recovery

Depending on your location, you have the following rights regarding your personal data:

• •Access: Request a copy of all data we hold about you
• •Correction: Update inaccurate or incomplete data
• •Deletion: Request permanent deletion of your account and data
• •Portability: Export your data in a machine-readable format
• •Objection: Object to specific uses of your data
• •Withdrawal: Withdraw consent for optional data processing at any time

To exercise any of these rights, email us at [email protected]. We will respond within 30 days.

To delete your account, go to MORFYN app → Settings → and contact support, or email us directly.

MORFYN is intended for users aged 17 and above (per App Store age rating). We do not knowingly collect personal information from children under 13. If we discover that a child under 13 has provided us with personal information, we will promptly delete it.

If you are a parent or guardian and believe your child has used MORFYN, please contact us at [email protected].

MORFYN may send push notifications for workout reminders, weekly fitness summaries, and re-engagement messages. These notifications are:

• •Only sent if you grant notification permission when prompted by iOS
• •Controllable in iOS Settings → Notifications → MORFYN
• •Also toggleable within the app under Settings → Notifications

MORFYN operates globally. Your data may be processed in countries other than your own (including the United States where our servers and third-party providers are located). By using MORFYN, you consent to the transfer of your information to these countries, which may have different data protection laws than your country of residence.

We may update this Privacy Policy from time to time. When we make significant changes, we will notify you through the app or by email. The "Last updated" date at the top of this page will always reflect the most recent version.

Continued use of MORFYN after changes are posted constitutes your acceptance of the revised policy.

For privacy questions, data requests, or concerns: