Privacy Policy

Effective: May 13, 2026 · Last updated: May 13, 2026

Witnr is a private, trust-based weight-tracking app operated by SEVENTWOTWO LLC, a New Jersey limited liability company ("Witnr", "we", "us", or "our"). This Privacy Policy explains what information we collect, how we use it, who we share it with, and the rights you have over your data.

By using Witnr, you agree to the practices described in this policy. If you don't agree, please don't use the app.

A quick summary

This is the short version. The rest of the document goes into detail, but here's what matters:

We collect what we need to run the app: your email, password, date of birth (for age verification), display name, and the weigh-in data you log.
Your weight data is private by default. Only the people in your specific circles can see it, and only when you explicitly share it.
We never sell your data. Not to advertisers, not to data brokers, not to anyone.
We never use your data for advertising. Witnr has no ads and no advertising business model.
You can delete your account at any time. All your data is permanently removed within 48 hours.
You can leave any circle at any time. The other people in that circle lose access to your shared data immediately.

Information we collect

Information you provide directly

When you create an account and use Witnr, you provide us with:

Email address — used to identify your account, verify ownership, and send essential account communications.
Password — stored in hashed form using industry-standard cryptographic hashing (bcrypt with appropriate cost factor). We never store or have access to your plaintext password.
Date of birth — collected to verify that you are 18 or older. We store this but do not display it publicly in the app.
Display name — a name you choose, visible to other members of your circles. This does not need to be your legal name.
Profile photo (optional) — a photo you upload as your avatar. Visible only to members of your circles.
Unit preference — whether you weigh yourself in pounds or kilograms.
Goal direction (optional) — whether you're losing, maintaining, or gaining weight, or just tracking. Used only to personalize language in the app.
Weigh-in data — each weight entry includes the weight value, the date and time logged, an optional note, and optional photos.
Notes — short free-text notes you attach to weigh-ins.
Photos — scale photos and progress photos you choose to attach to weigh-ins.
Circle information — the circles you create or join, the people in those circles, and the activity within them.
Reactions and interactions — emoji reactions sent within circles, share toggles, and sharing preferences.

Information collected automatically

When you use the app, we automatically collect:

Device information — device model, operating system version, app version. Used for compatibility and debugging.
Push notification tokens — Firebase Cloud Messaging (FCM) tokens for Android and Expo push tokens for iOS, used solely to deliver notifications you've enabled.
Crash and error logs — when the app crashes or encounters an error, we collect technical details to fix the issue. These logs do not contain your weight data or photos.
Approximate usage information — whether you've opened the app, completed onboarding, or interacted with key features. Used to improve the product. This does not include behavioral tracking for advertising.

Information we do NOT collect

We do not collect your precise location, GPS coordinates, or location history.
We do not collect your contacts, photos library, calendar, or other apps' data.
We do not use cookies for advertising on our website.
We do not use behavioral tracking pixels.
We do not collect or store data from Apple Health or Health Connect beyond a single confirmed weigh-in value you choose to save.

How we use your information

We use the information we collect to:

Operate the app and provide the features you signed up for
Verify your identity and protect your account
Send essential account communications (verification emails, password resets, account deletion confirmations)
Send the reminders and notifications you've enabled
Share your weigh-ins and photos within the circles you've joined, when you choose to share them
Process subscription payments through Apple App Store or Google Play (handled by those platforms — we don't see your card details)
Detect and prevent fraud, abuse, and security threats
Comply with legal obligations
Improve the product based on aggregated, anonymized usage patterns

We do not use your information to:

Show you ads (we don't show ads)
Build profiles for advertising (we don't have an advertising business)
Sell to data brokers
Train AI models that produce content for third parties

People in your circles

When you join a circle (Partner, Gym Buddy, or Group), the other members of that circle see:

Your display name and profile photo (if you uploaded one)
Your weigh-in entries — weight numbers, timestamps, and any notes — when you choose to share them
Photos you explicitly choose to share within that circle
Reactions you send

Other circle members do not see:

Your email address
Your date of birth or precise age
Your password (we don't even have it)
Your activity in other circles
Weigh-ins or photos you haven't shared
Your goal direction (unless you choose to share it)

When you leave a circle or dissolve a partnership, the other members lose access to your shared data immediately. They cannot save copies of your data within the app (screenshot blocking is enabled on shared photos), though we cannot prevent someone from photographing their screen with another device.

Service providers

We use a small set of third-party services to operate the app. These providers handle data on our behalf under strict data processing agreements:

Google Cloud Platform (GCP) — hosts our backend infrastructure including Cloud Run (compute), Cloud SQL (database), and Cloud Storage (encrypted photo storage). Data is stored in the United States.
Firebase Cloud Messaging (Google) — delivers push notifications to Android devices.
Expo — delivers push notifications to iOS devices and provides over-the-air updates.
RevenueCat — handles in-app subscription management. Apple and Google are the merchants of record; RevenueCat coordinates entitlement state.
Resend — sends transactional emails (verification emails, password resets, account deletion confirmations).
Cloudflare — provides DNS, content delivery, and DDoS protection for our website (witnr.io).

Each of these providers is bound by contractual obligations to handle your data only for the purposes we specify and to protect it with appropriate technical measures.

Legal compliance

We may disclose information if required by law, such as in response to a valid subpoena, court order, or government request. We will only disclose what is legally required and will notify you when possible.

Business transfers

If SEVENTWOTWO LLC is acquired, merged, or sells substantially all of its assets, your information may be transferred to the acquiring entity. We'll notify you before this happens and you'll have the option to delete your account if you don't want your data transferred.

Apple Health & Health Connect

Witnr offers optional integration with Apple Health (iOS) and Health Connect (Android). When you enable this integration:

We may read your most recent body mass entry to pre-fill the weigh-in input. We only read this when you open the weigh-in screen — we don't access HealthKit or Health Connect in the background.
If you enable write-back, we save your confirmed Witnr weigh-ins to Apple Health or Health Connect.
We never store raw HealthKit or Health Connect data on our servers. Only the specific weigh-in value you save in Witnr is sent to our backend.
We never use HealthKit or Health Connect data for advertising, analytics, or any purpose other than the integration you enabled.
We don't share HealthKit or Health Connect data with third parties.

You can disable the integration at any time in Witnr's Profile settings, or by revoking permission directly in your iOS Settings or Health Connect settings.

Photos and screenshots

Scale photos and progress photos are stored encrypted at rest in Google Cloud Storage using AES-256 encryption. Access to photos requires signed URLs with a 15-minute time-to-live — there are no permanent public URLs for any photo.

Photos default to private. You explicitly choose, per photo, whether to share it within a circle. You can unshare or delete a photo at any time, which immediately revokes access from other circle members.

When you delete a photo or your account, photos are permanently removed from our storage within 48 hours via our hard-delete background pipeline.

Screenshot protection: When another circle member views a photo you've shared, Witnr uses platform-level protection to block screenshots. We also notify you if someone attempts a screenshot. We cannot prevent someone from photographing their screen with another device.

Your circles and shared data

Your circles (Partner, Gym Buddy, Group) are private, invite-only, and cannot be discovered by other users. Witnr does not include any social discovery, public profiles, friend suggestions, or contact import features.

When you invite someone to a circle, the invite code is shared via your device's native share functionality — Witnr doesn't access your contacts or messaging apps.

When you leave a circle or it dissolves, the data you previously shared with that circle becomes inaccessible to the other members immediately. Your personal data (your own weigh-ins and history) remains in your account.

How long we keep your information

Account information (email, password hash, display name, date of birth): retained as long as your account is active.
Weigh-in data: retained as long as your account is active.
Photos: retained as long as your account is active, unless you delete them sooner.
Crash logs and debug information: retained for 90 days, then deleted.
Aggregated, anonymized usage data: retained indefinitely for product improvement.
Email logs (from Resend): retained for 30 days, then deleted.

Deleting your account

You can permanently delete your Witnr account at any time from the Profile screen in the app. Account deletion:

Removes your account from any active circles immediately
Triggers a hard-delete pipeline that permanently removes all your weigh-ins, photos, notes, reactions, and account information within 48 hours
Cannot be reversed once initiated
Sends a confirmation email when complete

If you'd prefer to download your data before deleting, Pro subscribers can export their weigh-in history as a CSV file from the Profile screen.

Security

We use industry-standard security practices to protect your information:

All data in transit is encrypted using TLS 1.3
Passwords are hashed using bcrypt with an appropriate cost factor
Photos are encrypted at rest using AES-256
Authentication uses JWT access tokens with refresh token rotation
Database access is restricted via VPC-internal connections
We follow the principle of least privilege for internal access

No security system is impenetrable. If we discover a breach affecting your data, we will notify you as required by applicable law.

Children's privacy

Witnr is intended for adults aged 18 and older. We verify age during sign-up via date of birth entry. We do not knowingly collect information from anyone under 18.

If you believe a minor has created a Witnr account, please contact us at privacy@witnr.io and we will investigate and delete the account.

International users

Witnr is operated from the United States. If you access Witnr from outside the US, your information will be transferred to and processed in the US, where data protection laws may differ from those of your country.

By using Witnr, you consent to this transfer. For users in the European Economic Area, the UK, and Switzerland, see the specific section below.

California privacy rights

If you are a California resident, the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) give you specific rights regarding your personal information:

Right to know — you can request a copy of the personal information we hold about you.
Right to delete — you can request deletion of your personal information.
Right to correct — you can request correction of inaccurate personal information.
Right to opt out of sale or sharing — we do not sell or share your personal information for cross-context behavioral advertising. There is nothing to opt out of.
Right to limit use of sensitive personal information — we use sensitive information (weight data, photos) only for the purposes you've agreed to.
Right to non-discrimination — we won't deny service or charge different prices if you exercise your privacy rights.

To exercise these rights, email privacy@witnr.io from the email address associated with your account.

European Economic Area, UK, and Switzerland

If you are located in the EEA, UK, or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR) and equivalent laws:

Right of access — request a copy of the personal data we hold about you
Right to rectification — correct inaccurate or incomplete data
Right to erasure ("right to be forgotten") — request deletion of your data
Right to restrict processing — limit how we use your data
Right to data portability — receive your data in a portable format
Right to object — object to processing based on legitimate interests
Right to withdraw consent — for processing based on consent
Right to lodge a complaint — with your local data protection authority

Legal basis for processing. We process your information based on:

Contract — to provide the Witnr service you signed up for
Consent — for optional features like push notifications and health integrations
Legitimate interests — for security, fraud prevention, and product improvement
Legal obligation — when required by law

Data transferred from the EEA, UK, or Switzerland to the US is protected by Standard Contractual Clauses where applicable.

To exercise these rights, email privacy@witnr.io.

Third-party services we use

Here are the third parties we work with and their privacy policies:

Changes to this policy

We may update this policy from time to time. When we do, we'll update the "Last updated" date at the top of this page. For material changes, we'll notify you via email and/or in-app notification at least 30 days before the changes take effect, giving you time to delete your account if you don't agree.

Your continued use of Witnr after the effective date of an update constitutes acceptance of the updated policy.

Contact us

For privacy questions, requests, or concerns:

Email: privacy@witnr.io

We aim to respond to all privacy inquiries within 30 days.