Privacy Policy

Xsension ("we," "us," or "our") operates the Xsension mobile application (the "App"). This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our App.

By using Xsension, you agree to the collection and use of information as described in this policy.

1. Information We Collect

Account Information

• Email address
• Display name
• Password (stored only as a secure bcrypt hash — we never store or see your actual password)
• Apple Sign-In identifier (only if you sign in with Apple)
• Account creation and last-updated timestamps
• Selected fitness goal (if provided)
• Onboarding completion status
• Under-18 status (for restricting certain app features)
• Remaining purchased analysis credit balance

Email and Password Changes

If you signed up with an email and password, you may change your email address or password at any time from the Profile screen. Password changes require you to enter your current password for verification. Users who signed up with Apple Sign-In manage their credentials through Apple and cannot change them within Xsension.

Photos

• You may optionally provide front-profile, side-profile, and physique photos for analysis
• Photos are stored locally on your device using iOS Core Data for before/after comparisons and your photo gallery within the App
• When you perform an analysis, your photos are sent securely over HTTPS to our server and forwarded to our AI analysis provider (OpenAI) for processing
• Photos are not permanently stored on our servers after analysis is complete
• You can delete all your photos at any time from the Profile screen

Questionnaire Responses

When you complete the onboarding questionnaire or a new analysis, we collect the following self-reported information:

• Age range
• Height (in feet/inches or centimeters)
• Weight (in pounds or kilograms)
• Exercise frequency
• Grooming routine consistency
• Skincare routine consistency
• Facial hair maintenance
• Style confidence
• Sleep quality
• Diet consistency
• Daily stress level
• Primary goal and willingness to change

We do not collect gender, ethnicity, sexual orientation, medical history, or any other sensitive personal categories.

Analysis Results

• Overall score and category scores (Facial Presentation, Skin & Grooming, Physique & Posture, Style Potential, and Lifestyle & Habits)
• AI-generated feedback text and a written summary
• AI-generated personalized lifestyle and grooming suggestions with category, priority, and estimated timeframe
• A general body fat percentage estimate, when available — this is a rough visual/questionnaire-based estimate only and is not a medical measurement

Progress Data

• Historical scores from each analysis to track your progress over time
• Daily task completion status for personalized suggestions
• Historical body fat estimates (so trends can be displayed in the Progress tab)

Subscription and Purchase Information

• Subscription status, product identifier, purchase and expiration dates, and trial period status
• Purchase records for any additional analysis credit packs
• We do not collect or store your payment card details — all payments are processed by Apple through in-app purchases

Device and Notification Information

• Push notification device token (only if you opt in to notifications)
• Your notification preferences, including whether you wish to receive announcements, promotional messages, and important updates
• We do not collect device identifiers for advertising, IP addresses for tracking, or any other device metadata

2. How We Use Your Information

• Provide the Service: Your account information is used to authenticate you and maintain your account
• Generate Analyses: Your photos and questionnaire responses are sent to our AI provider to produce your personalized scores, feedback, and lifestyle suggestions
• Track Progress: Your analysis history is stored so you can view your progress over time
• Manage Subscriptions and Credits: Subscription and credit data is used to determine your access level and remaining balance
• Send Notifications: If you opt in, your device token and preferences are used to deliver reminders, weekly check-ins, and optional announcements
• Improve Reliability: We maintain basic error logs to diagnose issues with the App. Error logs are not used for tracking or advertising and contain only technical information about failures, not your personal content.

3. Third-Party Services and AI Processing

We share data with the following third-party services only as necessary to provide the App's functionality. Before any data is shared with OpenAI, you are shown an in-app disclosure and must explicitly consent.

OpenAI (Third-Party AI Service)

Xsension uses OpenAI's GPT-based API to generate your analysis. Specifically, the following data is sent to OpenAI over an encrypted HTTPS connection when you request an analysis:

• Your uploaded photos (front profile, side profile, and optional physique photo)
• Your questionnaire answers (age range, height, weight, exercise frequency, grooming routine, skincare routine, facial hair, style confidence, sleep quality, diet consistency, stress level, and selected fitness goal)

OpenAI processes this data solely to generate the text response (scores, feedback, and suggestions) that is returned to Xsension and displayed to you. OpenAI processes this data in accordance with their Privacy Policy and Business Terms. By default, data submitted through the OpenAI API is not used to train OpenAI's models. OpenAI represents that it maintains industry-standard security protections for data submitted through its API that are equivalent to or stronger than our own. Xsension does not send OpenAI any of your account information (email, password hash, device tokens, subscription details) or any identifying metadata beyond what is needed for the analysis itself.

Amazon Web Services (AWS)

Your account data is stored in AWS RDS (a managed PostgreSQL database), hosted in the United States. Photos are transmitted through our server for processing but are not permanently stored on our servers. AWS provides data protections equivalent to or stronger than our own.

Apple

Subscription and in-app purchases are handled entirely by Apple through StoreKit and the Apple Push Notification service (APNs). We receive subscription status information and deliver notifications through APNs, but never receive your payment details. Apple's handling of purchase and notification data is governed by Apple's own privacy policies.

We do not sell, rent, or share your personal information with advertisers, data brokers, or any other third parties not listed above.

4. AI-Generated Content and Its Limitations

Xsension uses an AI language model (OpenAI's GPT models) to generate your scores, feedback, and suggestions. You should be aware that:

• AI-generated output is based on the model's general training data. It does not pull from or cite specific medical studies, research papers, or clinical sources in real time.
• Scores and body fat percentage estimates are qualitative indicators only. They are not clinical, medical, or diagnostic measurements.
• Suggestions are general self-care, grooming, and lifestyle tips. They are not medical, dermatological, nutritional, or fitness prescriptions.
• You should always consult a qualified professional before making any health, dietary, fitness, skincare, or lifestyle change based on the App's output.

A detailed list of trusted external organizations where you can learn more about these topics is available in the App under Profile → Legal → Sources & Medical Disclaimer.

5. Data Storage and Security

• All data transmitted between the App and our servers is encrypted using HTTPS/TLS
• Passwords are hashed using bcrypt and are never stored in plain text
• Photos are transmitted securely for processing and are not retained on our servers
• Our database is hosted on AWS RDS with encryption at rest, in a private network accessible only to our application server
• Authentication uses JSON Web Tokens (JWT) with secure expiration
• Your authentication token on the device is stored in the iOS Keychain (Apple's hardware-backed secure storage)

6. Data Stored on Your Device

The App stores the following data locally on your device:

• Your authentication token in the iOS Keychain
• Your photos in Core Data, for before/after comparisons and your photo gallery
• Daily task completion status (also synced to our servers)
• Notification preferences
• Push notification device token

This local data is not accessible to other apps and is removed when you delete the App, sign out, or delete your photos from the Profile screen.

7. Data Retention

• Your account data, analysis results, body fat estimates, and progress history are retained for as long as your account is active
• Photos are stored only on your device and are not retained on our servers after analysis processing is complete
• If you delete your account, all associated data on our servers will be permanently deleted
• Deleting the App from your device does not delete your account data on our servers — to delete your server-side data you must delete your account from within the App or contact us

8. Your Rights

You have the right to:

• Access: Request a copy of the personal data we hold about you
• Correction: Update your email, password, display name, or goal in-app, or request correction of any other data
• Deletion: Delete your photos, progress history, or your entire account from within the App at any time
• Opt Out of Notifications: Manage notification preferences in the App or disable notifications entirely in iOS Settings

To exercise any of these rights or for questions, contact us at founder.xsension@gmail.com. We will respond to your request within 30 days.

9. Children's Privacy

Xsension is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. Users who indicate they are under 18 may use the App with certain features restricted (such as photo uploads). If you believe a child under 13 has provided us with personal information, please contact us at founder.xsension@gmail.com and we will delete that information promptly.

10. Analytics and Tracking

Xsension does not use any third-party analytics SDKs, advertising frameworks, or user tracking tools. We do not track your activity across other apps or websites. We do not serve advertisements. Xsension does not collect data in a way that requires App Tracking Transparency (ATT) disclosure.

11. Push Notifications

Push notifications are entirely opt-in. On your first use of the App (or the first time you open the App after an update that introduces notifications), you will be asked whether you want to enable notifications. You can also manage individual notification categories in the Profile → Notifications screen:

• Daily Reminders: Local reminders to complete your daily tasks
• Weekly Check-In: Local reminders when your next analysis becomes available
• Announcements & Promotions: Remote messages about deals, new features, and important app news

You can disable notifications at any time from within the App or from your device's system settings. When you sign out or delete your account, your device token is removed from our servers.

12. International Users

Xsension is operated from and hosted in the United States. By using the App, you understand and agree that your information will be transferred to, stored, and processed in the United States.

13. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page. We encourage you to review this policy periodically. Continued use of the App after changes constitutes acceptance of the updated policy.

14. Contact Us

If you have any questions or concerns about this Privacy Policy or our data practices, please contact us at:

founder.xsension@gmail.com