Privacy Policy

Effective: April 7, 2026 · Last updated: April 7, 2026

1. Who We Are

PFFT ("Private Fucking Fitness Tracker") is developed and published by Bryan Sanchez ("we," "us," "our"). PFFT is a fitness tracking application available on Google Play and (in the future) the Apple App Store. Our website is pfft.app.

For privacy questions: privacy@pfft.app

2. Our Core Principle

Your data belongs to you. Period.

PFFT is designed from the ground up so that we never have access to your personal data. This is not a marketing claim — it is an architectural decision enforced by code. The app has no server component, no cloud sync, no user accounts, and no network calls that transmit your data.

3. Data We Do NOT Collect

PFFT does not collect, transmit, store on any server, sell, share, or process any of the following:

• GPS coordinates or workout routes
• Fitness data (distance, speed, duration, calories, elevation)
• Health data (weight, active minutes, heart rate)
• Location data (your position, movement patterns, places visited)
• Device identifiers (IMEI, advertising ID, hardware ID)
• Usage analytics or behavioral data
• Crash reports or diagnostics (stored locally only)
• Contacts, photos, files, or any other personal information
• Your name, email address, or any identity information

4. Data Stored on Your Device

PFFT stores data exclusively on your device using Android's hardware-backed keystore (via expo-secure-store) and local storage (AsyncStorage). This data includes:

4.1 Workout Data

GPS coordinates, distance, duration, speed, calories burned, elevation, and route data for each workout. Stored in AES-256 encrypted secure storage. This data never leaves your device.

4.2 App Settings

Your preferences: units (metric/imperial), theme, auto-pause settings, language, activity order. Stored in local AsyncStorage on your device.

4.3 Health Data

If you enter your weight (optional), it is stored in encrypted secure storage on your device. If you enable Health Connect integration (optional), PFFT reads step and activity data from Android Health Connect. This data is processed locally and never transmitted.

4.4 Crash Logs

If the app crashes, a local crash report is saved to your device only. These logs contain error messages and stack traces — no personal data, no GPS coordinates, no workout details. Logs are automatically deleted after 7 days. You can view and delete them in Settings → About.

4.5 Debug Logs

During active workouts, PFFT may write GPS accuracy and motion data to temporary log files on your device for debugging purposes. These files are stored in the app's private directory, are automatically cleaned up after 7 days, and are deleted when you use "Delete All Data" in Settings.

5. Encryption

All workout data is encrypted using AES-256-GCM via Android's hardware-backed keystore (Keymaster/StrongBox where available). The encryption keys are generated and managed by your device's secure hardware — PFFT never has access to the raw keys. Biometric authentication (fingerprint or face) can be required to access the app.

Encrypted backups use PBKDF2-SHA256 with 200,000 iterations, a random salt, and a random IV. The backup password is never stored — only you know it.

6. Network Connections

PFFT makes no network calls that transmit your personal data. The only network activity is:

• Map tiles: When viewing your workout route on the map, PFFT loads map imagery from Google Maps. This is a standard map tile request — it does not include your workout data, identity, or any PFFT-specific information. Google's privacy policy applies to map tile requests: policies.google.com/privacy
• Font loading: The app's web presence (pfft.app) loads the JetBrains Mono font from Google Fonts. No user data is transmitted.

The PFFT app itself contains zero analytics SDKs, zero tracking pixels, zero telemetry endpoints, and zero Firebase or similar services.

7. Waitlist & Newsletter

If you voluntarily sign up for our waitlist at pfft.app, your email address and platform preference are sent to Buttondown (our newsletter provider) via a Cloudflare Worker. Buttondown stores your email for the sole purpose of sending you launch notifications. We do not use your email for any other purpose. You can unsubscribe at any time via the link in any email. Buttondown's privacy policy: buttondown.com/legal/privacy

8. Third-Party Services

PFFT integrates with the following third-party services, none of which receive your workout or personal data:

• Google Maps (map tiles only): Displays workout routes. No PFFT data transmitted.
• Google Play Billing: Processes Pro subscription payments. Google handles all payment data — PFFT never sees your payment information.
• Android Health Connect (optional, user-initiated): PFFT can read activity data from Health Connect if you explicitly grant permission. Data is processed locally and never uploaded.

9. Children's Privacy

PFFT is not directed at children under 13 (or under 16 in the EEA). We do not knowingly collect data from children — because we do not collect data from anyone.

10. Data Retention & Deletion

All data is stored on your device. You control it completely:

• Delete individual workouts: Settings → Data → select workout → Delete
• Delete all data: Settings → Data → Delete All Data (requires biometric authentication)
• Uninstall the app: All PFFT data is automatically removed from your device when you uninstall the app
• Debug logs: Automatically deleted after 7 days, or manually via Settings → About

Because we never receive your data, there is nothing for us to delete on our end. Your data dies with the app.

11. Data Sharing

We do not share your data with anyone. We cannot share your data with anyone. Your data exists only on your device in encrypted form. We have no server, no database, and no mechanism to access it.

12. International Users

Because PFFT processes all data locally on your device, no data crosses international borders. Your data stays on your phone, in your country, under your control. PFFT complies with GDPR, CCPA, PIPEDA, and all other applicable privacy regulations by design — we collect nothing, so there is nothing to regulate.

13. PFFT Circles (Future Feature)

PFFT Circles is a planned feature that will allow private workout sharing between 2–12 people using end-to-end encryption (AES-256-GCM). If implemented, circle data will be encrypted before leaving your device. A relay server (if used) will be zero-knowledge — it will route encrypted blobs without the ability to read them. Only circle members with the shared encryption key can decrypt the data. This privacy policy will be updated before Circles launches.

14. Google Play Data Safety

For the Google Play Data Safety section, PFFT declares:

• Data collected: None
• Data shared: None
• Security practices: Data is encrypted in transit (map tiles via HTTPS) and at rest (AES-256)
• Data deletion: Users can delete all data via the app or by uninstalling

15. Apple App Privacy (Future)

When PFFT launches on iOS, our App Store Privacy Nutrition Label will declare:

• Data Not Collected: PFFT does not collect any data
• Data Not Linked to You: No data is linked to your identity
• Data Used to Track You: None — PFFT contains no tracking

16. Open Audit

PFFT's privacy claims are verifiable. The app contains no analytics SDKs, no tracking code, no server communication for user data, and no telemetry. We encourage independent security researchers to verify these claims. Contact security@pfft.app for responsible disclosure.

17. Changes to This Policy

If we ever change this privacy policy in a material way, we will notify users via in-app notification and update this page at least 30 days before changes take effect. The "Last updated" date at the top reflects the most recent revision.

Given PFFT's architecture, any change that introduces data collection would require a fundamental rewrite of the app — which we have no plans or incentive to do.

18. Contact

For privacy questions, concerns, or data requests:

• Email: privacy@pfft.app
• General: contact@pfft.app
• Website: pfft.app