Privacy policy

AggressiveCut (“we,” “us,” or “our”) operates the AggressiveCut mobile app and related services (the “Service”). This Privacy Policy explains what information we collect, how we use it, who we share it with, and the rights you have over your data. By using the Service, you consent to the practices described here.

Data controller. For the purposes of the EU/UK GDPR and the California CCPA/CPRA, the data controller responsible for your personal information is AggressiveCut, founded by Eyad Zebdeh. A registered business entity and postal address will be added to this policy when the entity is formalized. In the meantime, you can reach the data controller by email at info@aggressivecut.com.

Account and identity

• Your email address, display name, and a platform-specific user identifier, provided through Firebase Authentication when you use Sign in with Apple or Sign in with Google. We do not store your password; authentication is handled by Apple or Google. We use this to create and identify your account.

Health and fitness data you provide

• Stats you enter during onboarding: sex, age, height, weight, goal weight, and event date. We use these to calculate your cut plan.
• A body-composition reference photo you pick from a set of example images during onboarding. From your selection we derive an internal body-fat estimate used only to calculate your plan; we never ask you to type a body-fat percentage, and that estimate is not shown back to you in the app.
• Daily logs you enter manually: weight, resistance-training sessions, step count, and any notes you add. We use these for progress tracking and to adapt your plan over time.
• Meal records — the meal name, calories, macros, and item list, produced from the nutrition estimate plus any edits you make. These are stored in your account database (Firestore) so your day’s intake persists.
• Meal photos you submit for nutrition estimation. Photos are sent to Google (Gemini via Vertex AI), the calorie and macro estimate is returned, and the photo is discarded immediately after inference. We do not retain your meal photos on our servers.
• Meal text descriptions you type (instead of, or alongside, a photo) are likewise sent to Google (Gemini via Vertex AI) to return a nutrition estimate, and are not retained beyond the inference request.

Device and usage information

• Basic device information (device model, operating-system version, language, time zone) and crash diagnostics, collected through Firebase Crashlytics, used to debug the app and fix bugs.
• App-usage telemetry (which screens you open, which features you use) collected through Firebase Analytics, used for aggregate product analytics so we can improve the app.
• A device identifier issued by the Firebase SDK (App Check and Firebase Installations), used to verify requests come from a genuine instance of our app and to protect the Service against abuse.
• A push-notification token issued by Apple Push Notification service (APNS) or Firebase Cloud Messaging (FCM), used only to send you reminders and account notifications.
• Your IP address, which we use transiently for security and rate-limiting; we do not build advertising profiles from it.

Purchase information

• Purchases are processed by Apple (App Store) or Google (Google Play). We receive a confirmation and an entitlement identifier, but we do not receive your payment-card number, billing address, or full-name details from the platform.

• To operate the Service: build your cut plan, adapt it overnight based on your actual performance, render your dashboard, and produce your event-day reveal.
• To estimate nutrition: transiently process meal photos and text descriptions through Google (Gemini via Vertex AI); the photo is discarded immediately after the estimate is returned.
• To provide support: respond to correspondence you send us at info@aggressivecut.com.
• To secure the Service: detect fraud, abuse, and technical problems.
• To improve the Service: analyze aggregate, de-identified usage trends. We do not use your individual health or fitness data to train machine-learning models without your explicit consent.
• To comply with law: meet legal obligations and respond to lawful requests.

If you are in the European Economic Area, the United Kingdom, or Switzerland, we rely on the following legal bases under the GDPR and UK GDPR:

• Performance of a contract — to provide the Service you purchased.
• Explicit consent — to process health data (weight, body-fat, meals). You can withdraw consent at any time by deleting your account; withdrawal does not affect processing done before withdrawal.
• Legitimate interests — to secure the Service, prevent fraud, and analyze aggregate usage.
• Legal obligation — where we are required to retain or disclose data by law.

We share data only in these limited cases:

• Service providers acting on our behalf under written contracts. They may process data only to deliver the service we pay for and must protect it under terms at least as strict as this policy. The current processors are:
  • Google Firebase — cloud hosting, authentication, database, app integrity, analytics, crash reporting, and push delivery (Firebase Auth, Firestore, Cloud Functions, App Check, Firebase Installations, Firebase Analytics, Crashlytics, and Cloud Messaging / FCM).
  • RevenueCat — subscription and in-app purchase management. Receives your platform-issued user identifier and entitlement status; does not receive your health or fitness data.
  • Resend — transactional email delivery (for example, your account-deletion confirmation link). Receives the recipient email address and message content only.
  • Google (Gemini via Vertex AI) (privacy policy) — receives the meal photo and any text description transiently to return a calorie and macro estimate. We do not retain the photo on AggressiveCut servers; Google processes it transiently to return nutrition estimates. Google processes meal images and text under their Vertex AI data processing terms, which provide equivalent protection: no training on customer data, no retention beyond the inference request, and contractual confidentiality obligations.
  • Vercel Analytics — privacy-friendly, cookieless aggregate page metrics for our marketing website (aggressivecut.com). No cross-site tracking and no health or fitness data; it does not apply to the mobile app.
• App Store and Google Play process your payment and report the purchase back to us.
• Legal and safety — we may disclose information if required by law, to enforce our Terms, or to protect the rights, safety, or property of users or the public.
• Business transfers — if AggressiveCut is involved in a merger, acquisition, or asset sale, your data may be transferred as part of that transaction; we will notify you via in-app notice or email.

We do not sell your personal information. We do not share your personal information for cross-context behavioral advertising as defined by the California Consumer Privacy Act.

We keep your account data for as long as your account is active. When you delete your account — through the in-app Delete Account flow (which opens aggressivecut.com/delete-account), directly on the web at that same URL, or by emailing us — we remove your profile, cuts, and all logs from our live systems immediately upon confirmation, and from routine backups within 30 days. Our subscription provider (RevenueCat) retains its own purchase records independently of us, as may Apple and Google for the platform-level purchase. Meal photos are never stored — they are discarded immediately after calorie inference.

Depending on where you live, you may have the following rights regarding your personal information:

• Access — request a copy of the data we hold about you.
• Correction — request that we correct inaccurate information.
• Deletion — delete your account and associated data. You can do this from inside the app or on the web at aggressivecut.com/delete-account at any time.
• Portability — request a copy of your data in a machine-readable format.
• Objection and restriction — object to or restrict certain processing activities.
• Withdraw consent — for processing based on consent, withdraw consent at any time.
• Lodge a complaint — file a complaint with your local data-protection authority (for EU/UK users).

To exercise these rights, use the in-app Delete Account flow, visit aggressivecut.com/delete-account, or email info@aggressivecut.com. We will respond within 30 days.

If you are a California resident, the California Consumer Privacy Act (CCPA/CPRA) gives you rights to know, delete, correct, and limit the use of your personal information, and the right not to be discriminated against for exercising these rights. We do not sell or share your personal information for cross-context behavioral advertising. To exercise your rights, email info@aggressivecut.com.

AggressiveCut is not intended for children under 18. We do not knowingly collect personal information from anyone under 18. If you believe a child has provided us with personal information, email info@aggressivecut.com and we will delete it.

We use reasonable administrative, technical, and physical safeguards to protect your data, including encryption in transit (TLS) and at rest, access controls, and audit logging. No method of storage or transmission over the internet is 100% secure; if you believe your account has been compromised, contact us immediately at info@aggressivecut.com.

AggressiveCut is operated from the United States, and our servers and service providers are primarily located in the United States. If you use the Service from outside the United States, your data will be transferred to and processed in the United States. Where required by law (for example, for EEA/UK/Swiss users), we rely on appropriate safeguards such as the European Commission’s Standard Contractual Clauses.

We may update this Privacy Policy from time to time. If we make material changes, we will notify you through the app or by email at least 14 days before the changes take effect, unless a shorter period is required by law. The “Last updated” date at the top of this policy reflects the most recent revision.

Questions about this policy or your data? Email info@aggressivecut.com.

See also our Terms of service and medical disclaimer.