Privacy Policy

Last updated: June 23, 2026Applies to AllTrain for iOS & Android

We built AllTrain to help you reach your fitness goals — not to profit from your data. We collect only what the app needs to work, we don't sell your information, and you can delete everything at any time.

01

Who We Are

AllTrain is a fitness tracking app developed and operated by Pradana. We are based in Indonesia. Questions about this policy can be sent to info@codefoundry.co.id.


02

Data We Collect

We collect only what is needed to run the app:

  • Account information — your email address and (optionally) a display name when you register.
  • Workout data — exercises, sets, reps, weights, training programs, and personal records you enter.
  • Nutrition data — meal names and calorie/macronutrient figures you log manually or via the AI meal estimate feature.
  • Food photos — only when you explicitly use the photo-based meal estimate feature. Photos are processed immediately and are not stored on our servers.
  • Session tokens — short-lived authentication tokens stored securely on your device to keep you logged in.

We do not collect location, contacts, payment information, biometrics, or any data from your device outside of the app.


03

How We Use Your Data

  • To create and authenticate your account.
  • To store and display your workout and nutrition history.
  • To power AI-assisted meal calorie estimates (see Section 4).
  • To sync your data across your devices when you are signed in.

We do not sell your data, use it for targeted advertising, or share it with third parties except as described in Sections 4 and 5.


04

AI & Large Language Model Features

AllTrain includes two optional AI-powered features that use large language models (LLMs): AI meal estimate and AI coaching.

What is sent to AI services: Only the content you explicitly submit for each feature — meal descriptions, food photos, or coaching messages. Your name, email, account ID, or any other personal information is never included in these requests.

AI Meal Estimate

  • You type a meal description (e.g. "chicken rice with vegetables") or submit a photo.
  • The text or image is sent from your device to our Vercel-hosted proxy server.
  • The proxy forwards the content to OpenRouter (openrouter.ai), which routes it to an OpenAI language model (GPT-4o Mini for text, GPT-4o for photos).
  • The model returns a structured calorie and macronutrient estimate, which is displayed in the app.
  • Photos are sent as base64 data and are not stored by our server after the response is returned.

AI Coaching

  • You send a message to the in-app AI coach (e.g. a fitness question or a request for a workout plan).
  • Your message is sent from your device to our Vercel-hosted proxy server.
  • The proxy forwards it to OpenRouter, which routes it to an AI language model.
  • The model returns a coaching response displayed in the app. Conversation history is stored only on your device and is not retained on our servers.

By using either AI feature, you agree that the content you submit will be processed by OpenRouter and OpenAI. Their data handling is governed by their respective privacy policies:

Both AI features are entirely opt-in. You can log meals manually and use the app without AI coaching at any time.


05

Third-Party Services

Neon (neon.tech)

Our cloud database provider. Account, session, workout, and nutrition data is stored in a Neon serverless PostgreSQL database in the AWS ap-southeast-1 (Singapore) region. Neon encrypts data at rest and in transit.

neon.tech/privacy

Better Auth

Our authentication framework, running on our own infrastructure backed by Neon. No authentication data is sent to Better Auth's servers — all auth logic runs within our deployment.

better-auth.com/legal/privacy

Vercel

Our meal estimate API runs on Vercel's serverless edge network. Only the meal content you submit (text or photo) passes through Vercel — no account identifiers are included.

vercel.com/legal/privacy-policy

OpenRouter / OpenAI

Used exclusively for the optional AI meal estimate feature. See Section 4 for full details on what is shared and when.


06

Data Storage & Security

  • Cloud — stored in Neon's managed PostgreSQL with encryption at rest (AES-256) and in transit (TLS 1.2+).
  • On-device — stored in a local SQLite database accessible only to the AllTrain app on your device.
  • Authentication tokens — stored in your device's secure keychain (iOS) or keystore (Android).
  • Retention — your data is retained for as long as your account is active. Account deletion permanently removes it.

07

Your Rights

You may exercise any of these rights at any time by contacting us at info@codefoundry.co.id:

  • Access — request a copy of the personal data we hold about you.
  • Correction — ask us to correct inaccurate or incomplete data.
  • Deletion — delete your account in-app via Profile → Delete Account, or contact us to request manual deletion. Both paths permanently and irreversibly remove your data from our servers.
  • Portability — request an export of your data in a machine-readable format.
  • Objection — object to any processing you believe is unlawful or that you have not consented to.

We will respond to all requests within 30 days.


08

Children

AllTrain is not directed at children under 13 years of age (or under 16 in the European Economic Area). We do not knowingly collect personal data from children. If you believe a child has created an account or provided us data, please contact us immediately at info@codefoundry.co.id and we will delete it promptly.


09

Changes to This Policy

We may update this policy as the app and our practices evolve. When we make material changes, we will update the "Last updated" date at the top of this page. For significant changes, we may also notify you within the app. Continued use of AllTrain after any update constitutes acceptance of the revised policy.


10

Contact

If you have any questions, concerns, or requests relating to this policy or your personal data, please contact us:

We will respond within 30 days.