Back to TenetTerms of Service

Privacy Policy

Last updated: January 31, 2026

Introduction

Tenet Labs, LLC (“we”, “our”, or “us”) operates the Tenet mobile application (the “App”). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our App. By using Tenet, you agree to the collection and use of information as described in this policy.

Information We Collect

1. Account Information

When you create an account, we collect your email address, display name, and an encrypted password. We never store passwords in plain text.

2. Health & Fitness Data

You may choose to provide:

  • Body measurements: weight, height, age, sex
  • Fitness goals: target weight, calorie targets, activity level
  • Workout data: exercises, sets, reps, weights, duration
  • Nutrition data: foods logged, calories, macronutrients
  • Activity tracking: GPS routes, distance, pace, elevation
  • Sleep and mood data (when manually entered)

3. Apple HealthKit Data

With your explicit permission granted through the iOS system prompt, we may access the following HealthKit data types:

Read: Steps, distance, active calories, basal calories, flights climbed, heart rate, resting heart rate, heart rate variability, sleep analysis, respiratory rate, oxygen saturation, VO2 Max
Write: Body weight, active energy burned

HealthKit data is used solely to display your fitness metrics within the App and to keep your health data synchronized across your devices. We do not sell, share, or use HealthKit data for advertising or marketing purposes. HealthKit data is stored locally on your device in encrypted storage and is not transmitted to our servers unless you explicitly initiate a sync.

4. Location Data

When you use activity tracking (running, cycling, etc.), we collect GPS coordinates to record your route. Location data is only collected while you are actively tracking an activity and is stored in encrypted local storage.

5. Device Information

We collect device type, operating system version, and app version for troubleshooting and to ensure compatibility.

6. Camera and Photos

With your permission, we access your camera for barcode scanning (food lookup) and meal photos. Photos are processed locally or sent to our secure servers for food recognition. We do not store photos beyond what is needed for the food logging feature.

How We Use Your Information

  • To provide personalized calorie, macro, and fitness recommendations
  • To track your progress toward your health and fitness goals
  • To synchronize data with Apple Health or Google Health Connect
  • To look up food nutrition information from public databases
  • To display weather conditions for outdoor activities
  • To improve the App and develop new features
  • To send important service-related communications

We do not use your health data for advertising, marketing, or any purpose other than providing the fitness tracking services described above.

Third-Party Services

We use the following third-party services to provide App functionality:

  • Supabase: Database hosting, user authentication, and data storage. Your account and fitness data are stored on Supabase servers with encryption at rest and in transit.
  • USDA FoodData Central: Food nutrition lookup. Search queries are sent to the USDA API; no personal data is shared.
  • Open Food Facts: Barcode-based food lookup. Barcodes are sent to the Open Food Facts API; no personal data is shared.
  • Open-Meteo: Weather data for activity conditions. Your approximate location coordinates are sent to retrieve weather forecasts.
  • Strava / Fitbit (optional): If you connect these services, we access your activity data via their OAuth 2.0 APIs with the permissions you grant. You can disconnect at any time.

Each third-party service has its own privacy policy. We encourage you to review them.

Data Storage & Security

  • Cloud storage: Account data and synced fitness data are stored on Supabase servers with industry-standard TLS/SSL encryption in transit and AES-256 encryption at rest.
  • Local storage: Health data, nutrition logs, workout history, and GPS routes are stored on your device using encrypted storage (MMKV with AES encryption). On iOS, data is further protected by the iOS Data Protection API.
  • Authentication tokens: Stored in the iOS Keychain (SecureStore) for maximum security.
  • Session security: Sessions automatically expire after 30 minutes of inactivity.

Data Sharing

We do not sell, trade, or rent your personal information to third parties.

We may share data only in the following circumstances:

  • Service Providers: With Supabase for database hosting and authentication, as described above.
  • Legal Requirements: If required by law, regulation, legal process, or governmental request.
  • Safety: To protect the rights, property, or safety of our users or the public.
  • With Your Consent: For any other purpose with your explicit consent.

We never share HealthKit data with third parties for advertising or marketing.

Your Rights

All Users

  • Access and export your personal data (Profile > Export Data)
  • Correct inaccurate information in your profile
  • Delete your account and all associated data (Profile > Delete Account)
  • Clear locally stored health data (Settings > Privacy & Data)
  • Withdraw HealthKit permissions at any time via iOS Settings
  • Disconnect third-party integrations (Strava, Fitbit)

EU/EEA Residents (GDPR)

You additionally have the right to:

  • Request data portability in a machine-readable format
  • Restrict processing of your personal data
  • Object to processing based on legitimate interests
  • Lodge a complaint with your local data protection authority

California Residents (CCPA)

You have the right to:

  • Know what personal information is collected and how it is used
  • Request deletion of your personal information
  • Opt out of the sale of personal information (we do not sell your data)
  • Non-discrimination for exercising your privacy rights

To exercise any of these rights, visit the Profile section in the app or contact us at privacy@tenetlabs.io.

Data Retention

We retain your personal data for as long as your account is active. When you delete your account:

  • All server-side data (profile, logs, workouts, custom foods) is deleted immediately
  • All locally encrypted data is cleared from your device
  • Anonymized, aggregated data may be retained for analytics
  • Backup data is purged within 30 days

You can also clear locally cached health data at any time without deleting your account via Settings > Privacy & Data > Clear Local Health Data.

Children's Privacy

Tenet is not intended for children under 13 years of age (or under 16 in the EU/EEA). We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us at privacy@tenetlabs.io and we will promptly delete it.

International Data Transfers

Your information may be transferred to and processed in the United States, where our servers are located. If you are located outside the United States, you consent to the transfer and processing of your data in the United States. We take appropriate measures to ensure your data is treated securely and in accordance with this Privacy Policy regardless of where it is processed.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting a notice within the App or by sending you a notification. The “Last updated” date at the top of this policy indicates when the latest changes were made. Your continued use of the App after changes constitutes acceptance of the updated policy.

Contact Us

If you have questions about this Privacy Policy or wish to exercise your privacy rights, please contact us:

Email: privacy@tenetlabs.io

Tenet Labs, LLC