DIALLED

Privacy Policy

Effective date: 8 April 2026
Last updated: 8 April 2026

1. Introduction

DIALLED (“the App”) is a personal fitness, nutrition, and skin/eczema tracking application developed by Mathew Clark (“we”, “us”, “our”). We are committed to protecting your privacy and handling your personal data transparently. This Privacy Policy explains what information the App collects, how it is stored, and your rights regarding that data.

2. Data We Collect

When you use DIALLED, the following data may be collected:

2.1 Profile Information

Age, biological sex, height, weight, activity level, and display name. This information is used to calculate personalised targets (e.g. TDEE, macro recommendations).

2.2 Nutrition and Meal Logs

Food items, macro-nutrient values (calories, protein, carbohydrates), meal timestamps, dairy-load scores, and day-type classifications (training, rest, refeed).

2.3 Body Measurements

Weight entries, body-fat percentage estimates, and body-part measurements logged over time for trend tracking.

2.4 Skin and Eczema Check-ins

Severity scores, affected body areas, trigger notes, and correlation data used to identify patterns between diet and skin condition.

2.5 Workout and Heart-Rate Data

Exercise sessions including heart-rate data received via Bluetooth from compatible devices (e.g. Polar heart-rate monitors). This data is used to classify workout intensity and calculate calorie adjustments.

2.6 Sleep Self-Reports

Subjective sleep quality and duration ratings entered manually by you.

2.7 Progress Photos

Photos you optionally upload during body check-ins. These are stored in Supabase Storage and are accessible only to your account.

3. How Your Data Is Stored

All server-side data is stored in a Supabase (PostgreSQL) database. Supabase enforces Row-Level Security (RLS) on every table, meaning each user can only read and modify their own data. Authentication is handled via Supabase Auth with JWT-based tokens.

Progress photos are stored in Supabase Storage with user-scoped access policies. No other user or administrator can view your photos through the application.

4. BYOK AI Coaching

DIALLED offers an optional AI coaching feature that uses a Bring Your Own Key (BYOK) model. If you choose to use this feature:

  • You provide your own Anthropic API key within the App settings.
  • Your API key is stored locally on your device only. It is never transmitted to or stored on our servers.
  • Coaching conversations are sent directly from your device to Anthropic's API. Our servers do not proxy, log, or retain any part of these conversations.
  • You are responsible for managing your own Anthropic API key and any usage costs incurred.

For information on how Anthropic handles data sent to their API, please refer to Anthropic's Privacy Policy.

5. Third-Party Services

The App relies on the following third-party services:

  • Supabase — database, authentication, and file storage.
  • Vercel — API hosting and deployment.
  • Anthropic (optional, BYOK) — AI coaching conversations, accessed directly from the device.

We do not use any advertising SDKs, analytics frameworks, or tracking pixels. No third-party analytics data is collected.

6. Data Sharing

We do not sell, rent, trade, or otherwise share your personal data with third parties for marketing or advertising purposes. Your data is used solely to provide and improve the DIALLED app experience for you.

7. Data Retention and Deletion

Your data is retained for as long as your account is active. You may delete your account at any time from within the App settings. Upon account deletion:

  • All personal data, logs, check-ins, and photos associated with your account are permanently removed from our servers.
  • Any data stored locally on your device (such as your Anthropic API key) should be cleared by uninstalling the App.

If you need assistance deleting your data, contact us at the email address below.

8. Data Security

We take reasonable measures to protect your personal data, including:

  • Row-Level Security on all database tables, ensuring strict user isolation.
  • JWT-based authentication for all API requests.
  • HTTPS encryption for all data in transit.
  • User-scoped storage policies for uploaded photos and files.

While no system is completely secure, we continuously review and improve our security practices.

9. Bluetooth and Device Permissions

The App may request Bluetooth permissions to connect to heart-rate monitors and fitness devices. Bluetooth data is used solely to record workout heart-rate information and is not shared with any third party.

10. Children's Privacy

DIALLED is not intended for use by children under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us so we can delete it.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, the “Last updated” date at the top of this page will be revised. We encourage you to review this policy periodically. Your continued use of the App after changes constitutes acceptance of the updated policy.

12. Contact

If you have questions or concerns about this Privacy Policy or your personal data, please contact:

Mathew Clark
mathewclark@hotmail.com

This privacy policy is hosted at https://dialled-api.vercel.app/privacy