Effective May 16, 2026
This Privacy Policy describes how Cuodi Beltran, doing business as Ding! Fitness (“we,” “us”) collects, uses, and protects your information when you use the Ding! Fitness mobile and web application (the “App”).
We collect the information you enter into the App (account email, body metrics, food and workout logs) so the App can track your progress and personalize your targets. We do not sell your data, do not show ads, and do not use third-party analytics or advertising trackers. You can delete your account and all associated data from the Profile screen at any time.
Account information. Your email address and a hashed password (managed by Firebase Authentication; we never see your plain-text password).
Profile information. Your name, age, sex (used for calorie calculations), height, weight, body fat percentage (optional), activity level, fitness goal, and an optional profile picture.
Health and fitness data. Your weight history, InBody scans (if entered), nutrition logs (calories, protein, carbs, fat, fiber, water), workout logs (exercises, sets, reps, weight), sleep hours, and other metrics you choose to track.
Food images. If you photograph meals for AI analysis, the image is sent to Google’s Gemini API for nutritional estimation. We do not store these images on our servers after analysis completes.
Chat messages. Conversations with the in-app AI coach are processed by Google’s Gemini API to generate responses.
We do not collect: your precise location (GPS), your contacts, your browsing history, device identifiers for advertising purposes, biometric identifiers (Face ID / Touch ID are handled by your device’s operating system and never reach us), or data from other apps on your device. The App contains no third-party advertising SDKs and no third-party analytics SDKs.
We use the information you provide solely to operate the App: storing your data so you can view it across sessions, calculating personalized calorie and macro targets, generating AI-powered nutrition and coaching responses, displaying progress over time, and providing customer support when you contact us.
Firebase (Google LLC) — provides authentication, database (Firestore), serverless functions, and hosting. Your data is stored on Google Cloud infrastructure in the United States and is governed additionally by Google’s privacy practices.
Google Gemini API (Google LLC) — processes the text prompts, food images, and AI coach conversations you submit. Google may retain API inputs as described in their published API usage and privacy policies. Do not submit images containing sensitive personal information you would not want analyzed by an AI service.
Apple, Inc. and Google LLC (App Stores) — if you download the App from the Apple App Store or Google Play, the store provider may collect installation, purchase, and crash data per their respective policies. We do not control what the store collects.
Data in transit between your device and our servers is encrypted using TLS. Data at rest on Google Cloud is encrypted using Google’s standard server-side encryption. Each user’s data is stored under their unique Firebase user ID, and our security rules prevent users from reading or modifying other users’ data. No system is perfectly secure, and we cannot guarantee absolute security; if we become aware of a breach affecting your data we will notify you and applicable authorities as required by law.
We retain your data for as long as your account is active. You can delete your account and all associated data at any time from the Profile screen in the App. After you request deletion, your data is permanently removed from our active systems within thirty (30) days. Backups containing residual data may persist for up to ninety (90) days before being overwritten in normal rotation. To request deletion by email, contact [email protected].
Ding! Fitness is not directed at children under thirteen (13) years of age. We do not knowingly collect personal information from children under 13. Users aged 13 to 17 must have verifiable consent from a parent or legal guardian to create an account. If you believe a child under 13 has provided us information, please contact [email protected] and we will delete the account promptly.
Depending on your jurisdiction, you may have rights to access, correct, export, or delete your personal information, restrict or object to certain processing, and withdraw consent where processing is based on consent. Residents of California (CCPA/CPRA), the European Economic Area, the United Kingdom (GDPR/UK GDPR), and similar jurisdictions are entitled to these rights. We do not sell or share personal information for cross-context behavioral advertising. To exercise any right, email [email protected]. We will respond within the time required by applicable law.
The App is operated from the United States and all data is stored on Google Cloud infrastructure in the United States. If you use the App from outside the U.S., you consent to the transfer and processing of your information in the United States, which may have different data-protection laws than your jurisdiction.
We may update this Privacy Policy from time to time to reflect changes in our practices or for legal or operational reasons. Material changes will be communicated in-app and the “Effective” date above will be updated. Continued use of the App after changes take effect constitutes acceptance of the revised policy.
Questions about this Privacy Policy or your data? Email [email protected].