Legal

Privacy Policy

Effective Date: 04/10/2026 · Last updated: 04/27/2026

Hi, I'm Ilya Seyfouri, the individual developer behind Slimmer. I built this app to help people feel better about their bodies through guided workouts, body exercises, and progress tracking. Your privacy matters to me personally — not as a policy checkbox, but because I want you to feel safe using something I made.

This Privacy Policy explains what personal data Slimmer collects, why I collect it, how it is stored, and what rights you have over it.

Welcome to Slimmer's Privacy Policy

This Privacy Policy (the "Privacy Policy") sets out the main principles on which personal data collected from you, or provided by you, will be processed in connection with your use of "Slimmer" (the "App") and all related services, features, and content available through it (collectively, the "Service"), provided by Ilya Seyfouri, an individual developer ("I", "me", or "my").

I encourage you to read this Privacy Policy in full.

How to Reach Me

If you have any questions or concerns about your privacy or how I handle your personal data, please get in touch:

Email: slimmerapphelp@gmail.com

Website: https://slimmer.up.railway.app/

I'll do my best to respond promptly and helpfully.

Changes to This Privacy Policy

I may revise this Privacy Policy from time to time to reflect:

changes in applicable laws or regulatory requirements;
updates to how Slimmer works or what data it collects;
new features or improvements added to the Service.

The "Effective Date" at the top of this Policy indicates when the most recent changes were made. If I make material changes that affect your rights or require your consent, I will notify you in advance where possible — for example, through a notice in the App or by email. Your continued use of the Service following the Effective Date of any updated Policy constitutes your acknowledgment and acceptance of the changes.

1.What Is Personal Data, and Who Oversees Its Processing?
2.What Personal Data Do I Collect?
3.What Are the Purposes for Processing Your Data?
4.What Are the Legal Bases for Processing Your Data?
5.When and Why Do I Share Your Data?
6.Where Is Your Data Stored and Transferred?
7.What Do I Avoid When Handling Your Data?
8.How Long Do I Keep Your Data?
9.What Security Measures Do I Use?
10.How Do I Respond to Security Incidents?
11.What Are Your Rights Over Your Data?
12.How Can You Manage Your Data?
13.How Do I Process Your Requests?

1. What Is Personal Data, and Who Oversees Its Processing?

"Personal Data" means any information that identifies you as an individual or relates to an identifiable individual.

For the purposes of the UK General Data Protection Regulation ("UK GDPR") and the Data Protection Act 2018 ("DPA 2018"), I — Ilya Seyfouri — act as the data controller. As the controller, I determine the purposes and means of processing your personal data when you use Slimmer.

The Service is governed by the laws of England and Wales, and UK data protection law applies.

2. What Personal Data Do I Collect?

Data You Provide Directly

Basic Information

During onboarding, you provide certain details needed to personalise your experience. This includes your first name, age, height, and weight. This information is used to build your workout plan and tailor progress tracking to your specific goals.

Subscription Information

When you subscribe to Slimmer, your payment is handled entirely by Apple through the App Store. I do not collect, see, or store your payment card details. I receive only confirmation that a subscription is active, along with the plan type and renewal status, via RevenueCat.

Health and Wellness Information

To deliver a personalised experience, the App records your workout completion data, daily water intake, and calorie intake that you log manually within the App. This data is stored securely and used solely to power your progress dashboard and AI coaching features.

Progress Photos (Weekly Face Scans)

If you choose to use the progress tracking feature, the App will ask for access to your camera so you can take weekly photos to monitor your facial changes over time. These photos are:

stored securely in Firebase Storage and linked only to your account;
used solely to display your visual progress within the App;
not used for facial recognition or biometric identification purposes;
not shared with any third party beyond what is necessary for secure cloud storage via Firebase;
automatically deleted after 28 days, unless you delete your account sooner.

Taking progress photos is entirely optional. You may withdraw consent for this feature at any time by contacting me at slimmerapphelp@gmail.com, and I will delete your stored photos upon request. For further details, please refer to the Terms of Service.

AI Coach Interaction

When you use Slimmer's AI coaching features, your inputs — such as questions or prompts you type — are processed by OpenAI's API to generate personalised responses. I store these interactions to improve the coaching experience over time. You can read more about how OpenAI handles data at openai.com/privacy.

Support and Communications

If you contact me with a question or issue, I process the information you provide in order to assist you. This may include your name, email address, and details of your request.

Data Collected Automatically

Device and Technical Information

When you use the App, certain technical information is collected automatically. This may include your device model, operating system version, unique device identifiers, and general App usage patterns such as which features you use and how frequently. This information helps me identify bugs, improve stability, and understand how the App is performing.

3. What Are the Purposes for Processing Your Data?

I collect and process your personal data for the following purposes:

To Deliver and Maintain the Service

I process your data to provide you with access to Slimmer, including your personalised workout plan, progress tracking, and AI coaching features. This includes verifying your account and keeping the Service running reliably.

To Personalise Your Experience

Your age, height, weight, and activity preferences are used to build a plan tailored to you. Your progress photos and logged health data help you and the App track how you are doing over time.

To Manage Subscriptions

I process subscription status information received via RevenueCat to verify that you have access to the features included in your plan.

To Improve the Service

I use anonymised usage data and feedback to fix bugs, refine existing features, and develop new ones. Your data helps me make Slimmer better for everyone.

To Provide Support

If you contact me, I will use the information you provide to respond to your request. I may use AI tools to assist in drafting responses, but all support decisions are made by me personally.

To Ensure Security and Integrity

I process data to protect the App from misuse, detect technical errors, and maintain a safe and reliable experience for all users.

To Comply with Legal Obligations

Where required, I process data to meet my responsibilities under applicable law, including responding to valid legal requests or regulatory obligations.

4. What Are the Legal Bases for Processing Your Data?

Under UK GDPR, I rely on the following legal bases:

Purpose	Legal Basis	Data Involved
To deliver and maintain the Service	Performance of a Contract (Art. 6(1)(b) UK GDPR)	All data necessary to provide the App
To personalise your plan and track progress	Performance of a Contract (Art. 6(1)(b) UK GDPR)	Name, age, height, weight, workout data, water intake, calorie intake
To store and display progress photos	Consent (Art. 6(1)(a) UK GDPR)	Face scan / progress photos
To manage subscriptions	Performance of a Contract (Art. 6(1)(b) UK GDPR)	Subscription status via RevenueCat
To improve the Service	Legitimate Interests (Art. 6(1)(f) UK GDPR)	Anonymised usage and technical data
To provide support	Legitimate Interests (Art. 6(1)(f) UK GDPR)	Communication content and account details
To ensure security	Legitimate Interests (Art. 6(1)(f) UK GDPR)	Device and technical information
To comply with legal obligations	Legal Obligation (Art. 6(1)(c) UK GDPR)	As required by applicable law

Payments. All subscriptions are processed exclusively through the Apple App Store. I do not collect or store payment card details. Apple handles all payment transactions independently in accordance with their own privacy policy at apple.com/legal/privacy.

5. When and Why Do I Share Your Data?

I do not sell, rent, or trade your personal data. I share it only with the third-party service providers necessary to operate Slimmer, and only to the extent required for that specific purpose. Each provider processes your data under contractual obligations that ensure strict data protection standards, and none of them are permitted to use your data for any other purpose.

Third-Party Service Providers

Processor	Privacy Policy	Purpose
Firebase Authentication	firebase.google.com/support/privacy	Secure user authentication and session management.
Firebase Firestore	firebase.google.com/support/privacy	Storing profile data, workout progress, water intake, calorie logs, and subscription status.
Firebase Storage	firebase.google.com/support/privacy	Storing weekly progress photos securely, linked only to your account.
RevenueCat	revenuecat.com/privacy	Managing subscription status, purchase validation, and entitlement checks.
OpenAI	openai.com/privacy	Powering AI coaching features. Processes inputs to generate personalised coaching responses.
Cloudflare Stream	cloudflare.com/privacypolicy	Hosting and delivering workout video content securely within the App.

Legal Compliance and Protection of Rights

I may disclose your personal data where required to do so by law, court order, or regulatory authority, including:

compliance with legal obligations, such as responding to lawful requests from law enforcement or regulatory bodies;
protecting the security and integrity of the Service against fraud, misuse, or unauthorised activity;
protecting the rights and safety of users or others where there is a legitimate good-faith need to do so.

6. Where Is Your Data Stored and Transferred?

Your personal data is stored and processed using Firebase (operated by Google) and Cloudflare, whose infrastructure is primarily based in the United States. This means your data may be transferred to and processed in countries outside the United Kingdom.

Whenever data is transferred outside the UK, I ensure that appropriate safeguards are in place in accordance with UK GDPR. These include reliance on International Data Transfer Agreements (IDTAs), UK Addendums to Standard Contractual Clauses, or transfers to countries with an adequacy decision under UK law.

I only use processors that meet high privacy and security standards, and I do not transfer data to jurisdictions that lack adequate data protection frameworks. Where additional safeguards are required, I apply measures such as encryption and strict access controls to mitigate risk.

By using the App, you acknowledge that your data may be stored and processed in countries outside the UK as described in this Policy. All such transfers are conducted in compliance with applicable UK data protection law.

7. What Do I Avoid When Handling Your Data?

No Sale, Rental, or Licensing of Data

I do not sell, rent, or license your personal data to any third party for financial gain or any other purpose.

Limited Sharing

Your data is only shared with the service providers listed in this Policy, for the specific purposes described. I do not share your data with advertisers, marketing platforms, or analytics networks.

Children's Data

Slimmer is not intended for children under the minimum age set out in the Terms of Service. I do not knowingly collect personal data from children. If you believe a child has provided data through the App, please contact me at slimmerapphelp@gmail.com and I will delete it promptly.

8. How Long Do I Keep Your Data?

I store your personal data only for as long as necessary to provide the Service and meet my legal obligations.

Retention Periods

When your personal data is no longer required for its original purpose, I will securely delete or anonymise it. If you delete your account, your personal data will be deleted or anonymised within two (2) months, unless I am required to retain it for longer by law.

Progress Photos

Your progress photos are automatically deleted after 28 days. If you delete your account before then, your photos will be deleted as part of that process. If you withdraw consent for photo storage, I will delete your photos promptly upon receiving your request at slimmerapphelp@gmail.com.

Exceptions

In limited circumstances I may retain minimal personal data beyond the standard retention period where necessary for:

legal compliance, including adherence to applicable laws, regulations, or law enforcement requests;
dispute resolution, to investigate, defend, or settle legal claims;
contract enforcement, to uphold agreements and protect legitimate interests.

Once retention is no longer required for these purposes, I will ensure the final deletion or anonymisation of your data.

9. What Security Measures Do I Use?

I take the security of your personal data seriously and have put reasonable technical safeguards in place to protect it against unauthorised access, loss, alteration, or misuse.

Technical Measures

Encryption in transit and at rest, via Firebase and Cloudflare's industry-standard infrastructure;
Access controls limiting who can access data stored in Firebase;
Secure user authentication managed through Firebase Authentication;
Regular review of third-party processors' security practices and policies.

Acknowledgment of Limitations

While I take commercially reasonable steps to protect your data, no system is entirely immune to risk. Protecting your information is an ongoing commitment, and I continuously review and improve my practices. If you have concerns about the security of your data, please contact me at slimmerapphelp@gmail.com.

10. How Do I Respond to Security Incidents?

In the unlikely event of a personal data breach, I will promptly assess the incident, contain its impact, and evaluate the risk to your rights and freedoms.

If the breach is likely to result in a high risk to you, I will notify you without undue delay, providing details of what happened, the data affected, and what steps you can take to protect yourself.

Where required by law, I will report the breach to the UK's Information Commissioner's Office (ICO) within 72 hours of becoming aware of it. All incidents will be documented, and measures will be implemented to prevent recurrence.

To report a security concern or potential breach, please contact me at slimmerapphelp@gmail.com.

11. What Are Your Rights Over Your Data?

As a user subject to UK GDPR, you have the following rights regarding your personal data:

Right to Access

You can request a copy of the personal data I hold about you, along with details of how it is processed, why, and with whom it is shared.

Right to Rectification

If your personal data is inaccurate, incomplete, or out of date, you can ask me to correct or update it.

Right to Restrict Processing

You can ask me to pause processing your data in certain circumstances — for example, while I verify its accuracy, or if you contest whether I have legitimate grounds to process it.

Right to Data Portability

You can request your personal data in a structured, commonly used, and machine-readable format, and ask for it to be transferred to another provider where technically feasible.

Right to Object

You can object to processing based on legitimate interests, and I will cease processing unless I can demonstrate compelling legitimate grounds that override your interests.

Right to Withdraw Consent

Where I process your data on the basis of consent — such as for progress photos — you can withdraw that consent at any time. Withdrawing consent will not affect the lawfulness of processing that took place before withdrawal.

Right to Erasure ('Right to be Forgotten')

You can request deletion of your personal data where:

the data is no longer necessary for the purposes for which it was collected;
you withdraw consent and there is no other lawful basis for processing;
you object to processing and there are no overriding legitimate grounds;
your data was processed unlawfully; or
deletion is required to comply with a legal obligation.

This right may not apply where processing is necessary for legal compliance or the establishment, exercise, or defence of legal claims.

Right to Lodge a Complaint

If you believe your privacy rights have been violated, you have the right to make a complaint to the UK's Information Commissioner's Office (ICO):

Website: ico.org.uk

Telephone: 0303 123 1113

To exercise any of the rights listed above, please contact me at slimmerapphelp@gmail.com.

12. How Can You Manage Your Data?

Accessing or Updating Your Data

You can update your profile information within the App at any time. If you need further assistance, email me at slimmerapphelp@gmail.com.

Deleting Your Account

Option 1 — In the App

Open Profile → Settings.
Select Profile Details.
Tap Delete Account and confirm on the prompt.

This will initiate deletion of your account and all associated data, including progress photos, workout history, and logged health data.

Please note: Deleting your account within Slimmer does not automatically cancel your App Store subscription. You will need to manage your subscription separately through your Apple ID settings (Settings → Apple ID → Subscriptions).

Option 2 — Email Request

Email me at slimmerapphelp@gmail.com with a brief description of your request, and I will process it for you.

Important: Once your account is deleted, I may not be able to restore any associated data. All progress, photos, and subscription access will be permanently removed.

13. How Do I Process Your Requests?

Response Timeframe

I aim to respond to all valid requests within 30 days of receipt. If your request is complex or I am dealing with a high volume of requests, I may require additional time. In that case, I will inform you of the extension and provide a revised timeline.

Right to Decline

I reserve the right to decline requests that are manifestly unfounded, excessive, or repetitive under applicable privacy law. If I decline your request, I will explain why.

Identity Verification

To protect your privacy and prevent unauthorised access, I may ask you to verify your identity before processing certain requests — particularly requests for access or deletion. If I cannot reasonably verify your identity, I may be unable to fulfil the request, and I will let you know.

This Privacy Policy was last updated on 04/27/2026. If you have any questions, please contact Ilya Seyfouri.

Back to Slimmer