Privacy Policy

Last updated 15 July 2026

The short version

This Privacy Policy explains how Lowdown ("Lowdown", "we", "us") — an AI fitness and nutrition coaching app operated by Shabu Pty Ltd (Queensland, Australia) — handles your information. By using the app you agree to this policy.

Website analytics

The trylowdown.app website uses Google Analytics to understand page views, referral sources, device/browser details, approximate location, and conversion events such as beta signup interest. This website analytics is separate from the Lowdown iPhone app.

1. Data we collect and where it lives

Lowdown is local-first. The information you log and the data we read from your connected services are stored in a database on your device, inside the app's private storage. This includes:

Photos you add are saved as files in the app's private storage on your device. We do not upload your database or photo library to our servers.

2. What leaves your device, and to whom

Some features require sending limited data off your device:

Anthropic (the AI coach)

Lowdown's coach is powered by Anthropic's Claude. When you send a message, we send to Anthropic: your message text, any photos you attach, your profile, a short summary of your recent health data (for example today's calorie and protein totals, last night's sleep duration, recent weight), your coach "memories," and the recent conversation. This is what lets the coach give personalised answers.

Anthropic processes this data to generate the coach's reply and does not use Lowdown API traffic to train its models. See Anthropic's privacy practices at anthropic.com/legal/privacy.

For health metrics we send summaries and aggregates rather than raw, timestamped sensor data. For example, the coach receives "average resting heart rate 58 bpm over the last 7 days," not your individual heart-rate readings. Your profile details (such as weight, height, allergies, and nutrition targets) are sent as the exact values you entered — the coach needs them to be accurate.

Nutrition lookups (USDA)

When you log a food, the app may look up its nutrition facts in the U.S. Department of Agriculture's public FoodData Central database through our secure relay. Only the food's name (for example, "chicken breast") is sent — never your identity, profile, or health data.

App updates (Expo)

The app periodically checks Expo's update service (EAS Update) so we can ship fixes without a full App Store release. That check sends basic technical details — app version, platform, and an update-client identifier — and never any of your health data, chat, or profile.

Anonymous sign-in (Supabase)

To route AI requests securely, the app signs in anonymously using Supabase. This creates an anonymous identifier and a temporary session token. No email address or account is required. Your chat messages, attached photos, and health summaries pass through Supabase's servers in transit on their way to the providers above, but are not stored there — Supabase acts as a secure relay so our API keys stay off your device, and holds only your anonymous identifier and short-lived usage counters used to prevent abuse.

WHOOP (beta connections only — new connections paused)

New WHOOP connections are currently unavailable while we complete WHOOP's developer approval process. If you connected WHOOP during our beta, data previously synced from it stays on your device, and syncing is being phased out — the current app version no longer pulls new WHOOP data (older beta builds may continue syncing until updated). Summaries of that on-device WHOOP data (such as recovery and sleep) may still be included in the recent-health-data summary sent to Anthropic for coaching, as described above; it is never used to train AI models or for advertising. WHOOP access tokens are kept in your device's secure keychain and are never stored on our servers (during syncing they pass through our secure relay only to be exchanged or refreshed with WHOOP). You can remove the connection and delete all synced WHOOP data at any time in Settings.

Voice notes (optional)

If you use voice logging (the "Voice log" Quick Action or Action Button), the app records a short audio clip and converts it to text. By default the recording is sent through our secure relay to a third-party speech-to-text provider (OpenRouter, which routes it to a Whisper transcription model) solely to generate the transcript. The local recording never leaves your device except for that transcription, is deleted once the note is logged, and at most the most recent clip is briefly retained (then overwritten) if a recording is cancelled or fails. If that service is unavailable or you're offline, transcription falls back to Apple's on-device speech recognition, in which case the audio stays on your device. The resulting transcript is then handled like any other chat message (see Anthropic, above). We do not use your voice recordings to train AI models or for advertising.

3. Apple Health

If you grant access, Lowdown reads (read-only) data such as sleep, workouts, weight, heart rate, heart-rate variability, steps and active energy from Apple Health. This data is read on your device and stored in the app's local database. Raw Apple Health samples never leave your device; only the summaries described in Section 2 are shared with the AI coach. You can revoke access at any time in iOS Settings → Privacy & Security → Health → Lowdown, and disconnect (and optionally delete synced data) from within the app.

We never use Apple Health data (or any of your health data) for advertising, marketing, or data mining, we never sell it, and we never share it with third parties except as described in Section 2 — solely to provide the coaching features you asked for, with your permission.

4. What we don't do

We do use Sentry for crash and error diagnostics, so we can find and fix bugs. It records the error/crash, app version, and device/OS details; it is configured not to collect your IP address, and we don't intentionally send health data to it. See sentry.io/privacy.

5. Permissions

Each permission is requested only when needed and can be changed in iOS Settings.

6. Keeping and deleting your data

Because your data lives on your device, you control it. You can:

Anonymous session tokens used to relay AI requests are short-lived. Anthropic retains API inputs and outputs in line with its own policies for a limited period to provide and secure the service.

To request deletion of the small amount of data that exists off your device — your anonymous sign-in record and abuse-prevention counters — email support@trylowdown.app and we'll action it promptly. We can't delete data you've exported yourself.

7. Your rights & international transfers

Because Lowdown is local-first, you exercise most rights directly: your data is on your device, where you can view, correct, export, or delete it at any time. For anything we or our processors hold (the anonymous sign-in record described above), you can request access, correction, or deletion by emailing support@trylowdown.app.

Our service providers — Anthropic, Supabase, Sentry, OpenRouter, Expo, and the USDA database — process data in the United States. By using the app you acknowledge this transfer; each provider is bound by its own published privacy commitments linked above.

Depending on where you live, you may have additional rights under laws such as the Australian Privacy Act, the EU/UK GDPR, or the California Consumer Privacy Act — including the right to complain to your local privacy regulator (in Australia, the OAIC). We honour these requests regardless of where you live: contact us and we'll help. We do not sell personal information, and we do not discriminate against anyone for exercising a privacy right.

8. Children

Lowdown is not intended for anyone under 16, and we do not knowingly collect data from children.

9. Changes

We may update this policy as the app evolves. We'll change the "last updated" date above and, for significant changes, surface a notice in the app.

10. Contact

Questions about privacy? Email support@trylowdown.app.