1. Introduction
Downgate Labs LLC ("we," "us," or "our") operates the Prevyu mobile application (the "App"). Prevyu is an AI-powered fitness transformation visualization tool that lets you see a realistic preview of your fitness goals. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the App. Please read this policy carefully. By using the App, you consent to the practices described herein.
If you do not agree with the terms of this Privacy Policy, please do not use the App.
2. Information We Collect
2.1 Information You Provide Directly
- Photographs: Photos of yourself that you capture with your camera or import from your device's photo library. These photos are used as the basis for AI-generated fitness transformation visualizations.
- Biometric data: Height, weight, age, sex, body fat percentage, and body type information that you enter manually. This data is used to personalize your transformation results and ensure health-safe outputs.
- Fitness goals: Your selected goal type (e.g., lose weight, gain muscle, body recomposition, tone and define), target weight, and muscle group focus areas.
- Account information: When you create an account, we collect your email address and display name through Supabase authentication. If you sign in with Google, we receive your name and email address from your Google account.
- Purchase information: Information required to process in-app purchases, such as your subscription tier and credit balance. Payment processing is handled entirely by Google Play, Apple App Store, and RevenueCat; we do not collect or store your payment card details.
2.2 Information Collected Automatically
- Device and usage data: We collect analytics data through Mixpanel, including device type, operating system version, app version, session duration, feature usage patterns, screen views, and crash reports.
- Generation metrics: We track anonymized data about transformation generation events (started, completed, failed) and goal types selected to improve our AI generation pipeline.
- Diagnostic data: Error logs and performance metrics used to identify and fix bugs.
2.3 Information We Do Not Collect
- We do not collect precise geolocation data.
- We do not collect medical diagnosis information or health records. Biometric data you provide is used solely for fitness visualization and is not interpreted as medical data.
- We do not access your device's contacts, call logs, or messages.
3. How We Use Your Information
We use the information we collect for the following purposes:
- To provide the App's core functionality, including AI-powered fitness transformation visualization, photo gallery management, and body composition evaluation.
- To process your photos and biometric data through AI image generation (see Section 4).
- To apply health and safety guardrails, such as BMI-based constraints and body fat percentage minimums, to ensure responsible transformation outputs.
- To process in-app purchases and manage your subscription or credit balance.
- To analyze usage trends, diagnose technical issues, and improve the user experience.
- To communicate with you regarding support requests you initiate.
4. AI-Powered Transformation Generation
Important: When you use the transformation feature, your photo and biometric data are transmitted to Google's Gemini API for AI image generation. This requires your initiation of the generation process and is clearly indicated in the App's user interface.
When you initiate a transformation generation:
- Your photo is sent to Google's Gemini API over an encrypted connection along with a structured prompt based on your biometric data and fitness goals. The Gemini model generates a visualization of your potential fitness transformation.
- Before generation, your photo is analyzed by the Gemini API to verify it contains a valid person and meets quality requirements.
- Generated images and your original photos are stored securely in Supabase Storage (see Section 7). Images are accessible only to your authenticated account.
- Google's use of data sent to the Gemini API is governed by Google's Privacy Policy and their Gemini API Terms of Service.
4.1 AI Body Composition Evaluation
The App optionally offers AI-powered body composition evaluation through your photo gallery. If you use this feature:
- Your gallery photo is sent to the Gemini API for visual body composition analysis. The API returns an estimated body fat percentage range and descriptive evaluation.
- This evaluation is informational only and is not a medical assessment. You are prompted to confirm before any evaluation is performed.
5. Health and Safety Guardrails
Prevyu implements safety mechanisms to promote responsible use:
- BMI constraints: The App enforces a minimum BMI floor of 18.5 and limits maximum weight loss to 35% of current body weight to prevent unhealthy transformation targets.
- Body fat minimums: Sex-specific body fat percentage floors are enforced to prevent generation of unrealistic or unhealthy body compositions.
- Content safety filters: Google Gemini's built-in safety filters are applied to all generated content. Photos that are flagged by safety filters (e.g., for nudity) are rejected, and repeated violations may trigger a cooldown period.
- Health warnings: Users whose inputs indicate underweight status receive appropriate health warnings.
These guardrails are applied locally on your device and through the Gemini API. We do not use this data for any purpose other than ensuring safe, responsible outputs.
6. Third-Party Services
The App uses the following third-party services, each of which may collect information as described in their respective privacy policies:
| Service | Purpose | Privacy Policy |
|---|---|---|
| Google Play Services | App distribution, licensing | Link |
| Apple App Store | App distribution, licensing (iOS) | Link |
| Google Gemini API | AI image generation, photo analysis, body composition evaluation | Link |
| Supabase | Authentication, database, and cloud storage | Link |
| Mixpanel | Analytics and usage insights | Link |
| RevenueCat | In-app purchase and subscription management | Link |
7. Data Storage and Security
Your data is stored as follows:
- Photos and generated images are stored in Supabase Storage, organized into separate buckets for user-uploaded photos and AI-generated results. Access is restricted to your authenticated account through Row Level Security (RLS) policies.
- Biometric data, fitness goals, and transformation results are stored in a Supabase PostgreSQL database. All database tables are protected by RLS policies that ensure users can only access their own data.
- User profiles and preferences (display name, locale, unit system) are stored in Supabase and are accessible only to your authenticated account.
We implement the following technical safeguards:
- Encrypted data transmission (TLS/SSL) for all network communications between the App, Supabase, and the Gemini API.
- Row Level Security on all database tables, ensuring strict data isolation between users.
- Signed URLs with one-hour expiration for accessing stored images.
- Environment-variable-based API key management to prevent key exposure.
However, no method of electronic storage or transmission is 100% secure, and we cannot guarantee absolute security. You are responsible for maintaining the security of your device and your account credentials.
8. Data Retention
Your photos, biometric data, and transformation results are retained in Supabase for as long as your account is active. You may delete individual transformation results, gallery photos, or your entire account at any time through the App.
When you delete a gallery photo, its associated AI evaluation, stored image file, and any linked transformation results are also removed (cascade deletion).
When you delete your account, all associated data — including your profile, biometric records, photos, and transformation results — is permanently removed from our systems.
Anonymized analytics data collected through Mixpanel is retained in accordance with Mixpanel's data retention policies.
If you contact us for support, we may retain correspondence for up to 24 months to improve our service.
9. Data Sharing and Disclosure
We do not sell, rent, or trade your personal information to third parties.
We may share information only in the following circumstances:
- With third-party service providers listed in Section 6, solely for the purposes described, and subject to their respective privacy policies.
- To comply with legal obligations, such as responding to a subpoena, court order, or other governmental request.
- To protect rights and safety, when we believe disclosure is necessary to protect our rights, your safety, or the safety of others, or to investigate fraud.
- In connection with a business transfer, if we are involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify users via an in-app notice or update to this policy.
10. Your Rights and Choices
All Users
- You may delete any individual transformation result or gallery photo at any time within the App.
- You may delete your entire account and all associated data through the App's profile settings.
- You may opt out of analytics data collection by contacting us (see Section 15).
- You may uninstall the App at any time to cease all data collection on your device.
California Residents (CCPA/CPRA)
If you are a California resident, you have the right to: (a) know what personal information we collect and how it is used; (b) request deletion of your personal information; (c) opt out of the sale or sharing of personal information (we do not sell personal information); and (d) not be discriminated against for exercising your privacy rights. To exercise these rights, contact us using the information in Section 15.
European Economic Area, UK, and Swiss Residents (GDPR)
If you are located in the EEA, UK, or Switzerland, you may have additional rights including: access to your personal data, rectification of inaccurate data, erasure ("right to be forgotten"), restriction of processing, data portability, and the right to object to processing. Our legal basis for processing is your consent (which you may withdraw at any time) and our legitimate interest in providing and improving the App. To exercise these rights, contact us using the information in Section 15.
11. Children's Privacy
The App is not intended for use by anyone under the age of 13 (or the applicable age of digital consent in your jurisdiction). We do not knowingly collect personal information from children. Given that the App collects biometric data and photographs, we take this obligation seriously. If we become aware that we have collected personal information from a child without parental consent, we will take steps to delete that information promptly. If you believe a child has provided us with personal information, please contact us.
12. Advertising
The App does not display advertisements. We do not share your data with advertising networks or ad exchanges.
13. Permissions
The App may request the following device permissions:
- Camera: To capture photos of yourself for use in fitness transformation visualizations. Photos are uploaded to Supabase Storage and processed by the Gemini API.
- Storage / Photo Library: To import existing photos from your device for use in transformations and your gallery.
- Internet: Required for authentication, AI generation, cloud storage, analytics, and purchase verification.
- Notifications: To inform you when a transformation generation is complete or to deliver important account updates.
All permissions are used solely for the stated purposes. You may manage permissions through your device's system settings.
14. Biometric Data Disclosure
The App collects biometric information that you provide voluntarily, including height, weight, age, sex, estimated body fat percentage, and body type. This information is used exclusively to:
- Generate personalized AI fitness transformation visualizations tailored to your body and goals.
- Apply health and safety guardrails to ensure responsible output (see Section 5).
- Display your biometric history within the App for your personal reference.
We do not use your biometric data for identification purposes. This data is not shared with third parties except as transmitted to the Gemini API as part of the generation prompt (see Section 4). Your biometric data is protected by Row Level Security and is accessible only to your authenticated account.
Illinois Residents (BIPA): Prevyu does not collect biometric identifiers (such as fingerprints, retina scans, or face geometry) as defined by the Illinois Biometric Information Privacy Act. The biometric data collected (height, weight, body fat percentage) consists of self-reported measurements you enter voluntarily and is not used for identification.
15. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. When we make material changes, we will update the "Effective Date" at the top of this page and, where practicable, notify you through an in-app notice. Your continued use of the App after any changes constitutes acceptance of the updated policy. We encourage you to review this page periodically.
16. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:
Email: downgatelabsllc@gmail.com
We will respond to all legitimate requests within 30 days.