Privacy Policy
Effective date: July 6, 2026
Waily ("we", "us") is a health and fitness coaching app that helps you log workouts, meals, and hydration, and gives you personalized nutrition and training guidance. This policy explains what data we collect when you use the Waily mobile app and API, how we use it, who processes it on our behalf, and the choices you have.
1. Information you give us
- Account details. Your email address, username, and a password (stored only as a cryptographic hash). If you sign in with Google or Apple, we receive your sign-in identifier from Firebase Authentication instead of a password.
- Profile details. Optionally: your name, sex, height, weight, preferred unit system, main fitness goal, and timezone. We use these to tailor coaching targets (for example portion and protein estimates).
- Workout logs. Session type (strength, cardio, hybrid, fitness, rest), exercise details you type in, when you train, how you felt, and any notes.
- Meal logs. The foods you log, the meal type and setting (home, restaurant, fast food, grab-and-go), its purpose (for example pre- or post-workout), and any free-text context you add.
- Hydration logs. Your water intake entries and daily totals.
- Chat messages. The questions and messages you send to the Waily AI coach, and the conversation history needed to answer them.
2. Information collected automatically
- Device push token. If you enable notifications, we store the device token needed to deliver them, along with your notification preferences.
- Usage and diagnostics. Server logs and telemetry (request paths, timestamps, response codes, correlation identifiers, and IP addresses) used to keep the service secure, debug problems, and monitor reliability. We never log your password or authentication tokens.
- Session state. Sign-in tokens, email verification codes, and basic activity state such as when your account was last seen online.
3. How we use your data
- To provide the core features: logging and reviewing your workouts, meals, and hydration, and showing your history and progress.
- To generate AI coaching. When you request a meal analysis, chat with the Waily coach, or receive recommendations, we send the relevant parts of your logs and profile (for example the meal you logged, today's training, height, weight, and goal) to our AI provider, OpenAI, to generate the response. OpenAI processes this data as a service provider to us and does not use API data to train its models.
- To send you service emails, such as email verification and password reset codes.
- To send push notifications you have enabled, which you can turn off at any time in the app or in your device settings.
- To secure the service, prevent abuse, and diagnose technical issues.
We do not sell your personal data, and we do not use it for third-party advertising.
4. Service providers
Your data is processed by a small set of infrastructure providers acting on our instructions:
- Microsoft Azure — hosting, database storage, email delivery (Azure Communication Services), and application monitoring (Application Insights).
- OpenAI — generation of AI coaching responses, as described above.
- Google Firebase — sign-in with Google or Apple, and push notification delivery.
5. Health data
Your workout, meal, hydration, and wellbeing entries are health-related data. We process them only to provide the coaching features you ask for, and we share them only with the service providers listed above to the extent needed to deliver those features. Waily provides general fitness and nutrition guidance; it is not medical advice and is not a substitute for a healthcare professional.
6. Data retention
We keep your data for as long as your account exists so your history and coaching stay available to you. Sign-in tokens and verification codes expire automatically. Diagnostic logs are retained for a limited period for security and troubleshooting and then deleted.
7. Deleting your account and your rights
- Delete your account at any time from the app's profile settings, or on our account deletion page. This permanently removes your account and the personal data associated with it from our systems.
- Access and correction. You can view and edit your profile and logs directly in the app.
- Depending on where you live, you may also have legal rights to access, correct, export, or erase your personal data, or to object to certain processing. Contact us to exercise them.
8. Security
All traffic between the app and our servers is encrypted with TLS. Passwords are stored only as salted hashes, access is protected by short-lived signed tokens, and production data is held in access-controlled Azure infrastructure.
9. Children
Waily is not directed at children under 16, and we do not knowingly collect personal data from them. If you believe a child has created an account, contact us and we will delete it.
10. Changes to this policy
If we make material changes, we will update this page and the effective date above, and where appropriate notify you in the app.
11. Contact
Questions or privacy requests: use our support page or email support@waily.app.