Privacy Policy

Last updated: April 7, 2026

Oxus ("we", "our", "us") is a mobile application that provides AI-powered nutritional guidance. This policy explains what data we collect, how we use it, and your rights.

1. Information We Collect

Account information

• Name, email address, and password (stored securely via Firebase Authentication)

Health and body information

• Gender, age, height, current weight, target weight
• Activity level and training details
• Weight loss speed preference
• Meals per day and meal timing preferences

Usage data collected over time

• Daily calorie and protein intake (per meal)
• Weight check-ins with timestamps
• Workout completion status
• Food descriptions and meal notes
• Weight trend analytics and projections

Content you provide

• Chat messages with the AI nutritionist
• Food photos (from your camera or photo library)
• Voice recordings (used for speech-to-text, stored temporarily and deleted after transcription)

2. Device Permissions

Oxus may request the following permissions, each used solely for meal logging:

• Camera — to take food photos
• Microphone — to record voice messages for meal logging
• Photo Library — to select existing food photos

3. How We Use Your Data

• To provide personalized AI nutritional guidance and meal portioning
• To calculate and adjust your daily calorie and protein targets
• To track your weight trends and adapt recommendations over time
• To analyze food photos and generate portion recommendations
• To improve the app experience through anonymous usage analytics

4. Third-Party Services

We use the following third-party services to operate Oxus:

Firebase (Google) — for user authentication and data storage. Your account information, profile data, daily progress, chat history, and subscription status are stored in Firebase. Firebase Privacy Policy

Microsoft Azure OpenAI — to power our AI nutritionist. Your health profile, chat messages, food photos, and voice recordings are sent to Azure OpenAI for processing. Data is processed in transit and is subject to Azure OpenAI's data policies.

PostHog — for product analytics. We send anonymized usage events (such as app opens, messages sent, and meals logged) and basic user properties (email, name) to PostHog, hosted in the United States. PostHog Privacy Policy

Apple — for payment processing via in-app purchases. We do not collect or store your payment details. All payment processing is handled by Apple. Apple Privacy Policy

5. Data Storage

• Cloud: Your profile, progress, chat history, and subscription data are stored in Firebase (Google Cloud).
• On your device: A local cache of your profile, chat sessions, and food photos is stored on your device for offline access.
• Temporary: Voice recordings are stored temporarily on your device and deleted immediately after transcription.

6. What We Don't Collect

• No location data
• No contacts, calendar, or Bluetooth data
• No device advertising identifiers (IDFA/IDFV)
• No biometric data (Face ID/Touch ID)
• No Apple Health or HealthKit data
• No advertising or ad-tracking SDKs

7. Data Retention and Deletion

Your data is retained as long as your account is active. You can delete your account at any time from the Profile settings in the app. Account deletion removes:

• Your Firebase authentication account
• All data stored in our cloud database
• All locally stored data on your device

8. Age Requirements

Oxus is intended for users aged 16 and older. We do not knowingly collect data from anyone under 16. If you believe a minor has provided us with personal data, please contact us and we will delete it.

9. Changes to This Policy

We may update this privacy policy from time to time. If we make significant changes, we will notify you through the app. Your continued use of Oxus after changes are posted constitutes acceptance of the updated policy.

10. Contact

If you have questions about this privacy policy or your data, contact us at support@oxus.app.