// Privacy

Privacy Policy

Effective Date: June 1, 2026

NOWISLIFE ("we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use the NOWISLIFE fitness application and related services (the "Service").

What We Collect

When you use NOWISLIFE we may collect:

  • Account information — first name, last name, email address, phone number, and password hash (or passkey credential ID)
  • Profile data — optional profile photo
  • Fitness data — exercises, workout logs, completion history, and team challenge contributions
  • Health data — heart rate, daily steps, and active calories from Apple HealthKit (only when you explicitly authorize access on your device)
  • Device & session data — login IP address, browser user agent, push notification token, and session timestamps (for security monitoring)
  • Analytics data — pseudonymous usage events and interactions (see Analytics & Tracking below)
  • Communications — support tickets and contact messages you send us, including any screenshots you attach

We do not collect biometric data. Passkey biometrics (Face ID, Touch ID, etc.) are processed entirely on your device and are never transmitted to our servers.

How We Use Your Data

We use your data to:

  • Operate and improve the NOWISLIFE service
  • Verify your identity and secure your account
  • Send transactional communications (email verification, password reset, team invites)
  • Power optional features such as the AI Coach and AI support triage
  • Send push notifications for workout reminders and team activity (configurable in Settings)
  • Detect and prevent fraud or abuse
  • Comply with legal obligations

AI Coach

NOWISLIFE includes an optional AI Coach you can chat with, plus a short daily message on your Today page.

The interactive chat is powered by Anthropic. To respond, Coach is given your first name, any facts you have asked it to remember (such as your equipment, goals, or injuries/limitations), notes Coach keeps from earlier messages, a summary of your current routine, your streak, your most recent completed workout, your most-trained exercises, today's scheduled workout, and the messages you send — including any photos you attach (for example, a whiteboard or program you want parsed into a workout). If you ask Coach about your history, your progress, or a team challenge, the relevant records are shared for that request as well. Attached images are sent to Anthropic for parsing and are not stored by NOWISLIFE — they are used only for that chat turn.

The short daily Today message is generated using Cloudflare Workers AI, with Anthropic as a fallback, from a summary of your recent workout activity.

Your email, password, phone number, and account credentials are never shared with the AI provider, and Coach never changes your data without your explicit confirmation. You can disable the daily Coach message in Settings and clear your chat history from the Coach menu.

AI Support Triage

When you submit a support ticket or contact message, the text of your message, your name, and any screenshot you attach may be processed by an AI model to help our support team triage and respond faster. No payment information or passwords are ever included.

SMS Verification

We use Twilio to send one-time SMS verification codes to the phone number you provide during account registration. These codes are used solely to verify your identity and secure your account.

  • Message content: One-time numeric verification codes only
  • Frequency: One message per verification request (registration and password reset)
  • Opt-out: Reply STOP to any message to stop receiving SMS. You may also contact us at nowislife.com/contact
  • Opt-in: Reply START to resume receiving verification messages
  • Message and data rates may apply depending on your carrier and plan
  • We do not send marketing, promotional, or recurring messages via SMS

For more details, visit our SMS Consent & Disclosure page.

Apple Health Integration

NOWISLIFE offers an optional integration with Apple HealthKit on iOS devices. This integration requires your explicit, separate consent before any health data is accessed.

When authorized, NOWISLIFE may:

  • Read from HealthKit: heart rate samples, daily step count, and active calories burned
  • Write to HealthKit: completed workout sessions (workout type, duration, total volume, and session name)

Important:

  • HealthKit data is processed on your device and is not transmitted to our servers unless you explicitly enable server-side features that require it
  • Health data is never used for advertising, data mining, or marketing purposes
  • Health data is never sold to or shared with third parties
  • Health data is not stored in iCloud by NOWISLIFE
  • You can revoke HealthKit access at any time through your device Settings or within the NOWISLIFE app
  • You must provide separate, affirmative consent before any health data is collected (see Washington State Health Data Rights below)

Push Notifications

NOWISLIFE collects and stores a push notification token from your device to deliver notifications. Notification categories include:

  • Routine reminders — scheduled alerts for your daily exercises
  • Follow-up reminders — check-ins after a workout window
  • Team updates — activity from your teams
  • Challenge alerts — team challenge notifications
  • Goal milestones — personal achievement celebrations

You can enable or disable each category individually in Settings. Routine reminders are scheduled locally on your device. Push tokens are stored securely and used solely for delivering notifications.

Workout Sharing

You may share workout templates via a link. Anyone with the link can view the shared workout data (exercise names, sets, reps, and targets). You control what you share — sharing is always initiated by you and can be revoked.

Analytics & Tracking

We use the following analytics services to understand how the app is used and to improve the experience:

  • Google Analytics 4 — pseudonymous event tracking to understand feature usage (website only). A pseudonymous user ID (not your name or email) is associated with events. No personally identifiable information (name, email, phone) is sent to Google.
  • PostHog — product analytics, feature flags, and session replay to identify usability issues. On our website, PostHog records interactions such as clicks and scrolls; all input fields are masked, so the text you type is excluded from recordings. The mobile app sends product-analytics events only — no session replay. PostHog uses cookies and session storage.
  • Sentry — error and performance monitoring. On our website, when an error occurs Sentry may capture a short diagnostic session replay; all text is masked and all media is blocked, and replays are recorded only on errors, never during normal use. In the mobile app, Sentry captures only error and crash diagnostics, with personal data scrubbed before transmission — no session replay is recorded.

We do not respond to browser Do Not Track (DNT) signals. We honor Global Privacy Control (GPC) browser signals as a valid opt-out request under the CCPA. We do not sell, rent, or share your personal data with third-party advertisers.

We use strictly necessary session cookies (HttpOnly, Secure) to maintain your authenticated session. We do not use third-party advertising cookies.

Service Providers

We share data with the following service providers solely to operate the NOWISLIFE service, under data processing agreements:

| Provider | Purpose | |----------|---------| | Neon | Database hosting (PostgreSQL) | | Anthropic | AI Coach chat and daily messages, AI support triage | | Cloudflare | AI generation/fallback (Workers AI), file storage (R2/CDN), bot protection (Turnstile) | | Twilio | SMS verification | | Resend | Email delivery | | Upstash | Distributed rate limiting | | Google | Analytics (GA4) | | PostHog | Product analytics, feature flags, session replay | | Sentry | Error monitoring, crash reporting, and (website only) diagnostic replay | | Expo (EAS) | Push notifications, over-the-air app updates |

We do not sell your personal data. Beyond these service providers, we share data only:

  • When required by law, court order, or to protect the rights and safety of NOWISLIFE or its users
  • In connection with a merger, acquisition, or sale of assets (users will be notified)

Data Retention & Deletion

You may delete your account at any time from within the app. Account data is permanently deleted after a 7-day grace period. Aggregated or anonymized data may be retained longer for analytics purposes.

Security

We implement industry-standard safeguards including encrypted connections (HTTPS), hashed passwords (bcrypt), access controls, Cloudflare Turnstile bot protection during registration and login, and rate limiting on authentication endpoints. No method of transmission or storage is 100% secure. We encourage you to use a strong, unique password and enable passkey authentication.

Data Breach Notification

In the event of a data breach affecting your personal information, we will notify affected users within 60 days via email and in-app notification, in accordance with the FTC Health Breach Notification Rule and applicable state laws. If 500 or more individuals are affected, we will also notify prominent media outlets as required by law.

Children

NOWISLIFE is intended for users 18 years of age and older. During registration, you must separately confirm that you meet this age requirement. We do not knowingly collect personal information from anyone under 18. If we become aware that a user is under 18, we will terminate the account and delete the associated data.

App Updates

NOWISLIFE may receive over-the-air updates via Expo EAS without requiring a new download from the App Store. These updates may include bug fixes, performance improvements, and minor feature enhancements. Major feature changes will be communicated through the app.

California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have the right to:

  • Know what personal information we collect, use, disclose, or sell
  • Delete your personal information (subject to certain exceptions)
  • Correct inaccurate personal information
  • Opt out of the sale or sharing of personal information (we do not sell or share personal data)
  • Limit the use of sensitive personal information (including health and fitness data)
  • Non-discrimination for exercising your privacy rights

We honor Global Privacy Control (GPC) browser signals as a valid opt-out request.

To exercise any of these rights, submit a request through nowislife.com/contact. We will respond within 45 days.

Washington State Health Data Rights

If you are a Washington state resident, or if you use NOWISLIFE's health data features, you have rights under the Washington My Health My Data Act:

  • Health data collection requires your separate, affirmative consent before any health data is accessed
  • You may withdraw your consent to health data collection at any time through the app
  • You may request deletion of your health data
  • Your health data is never sold

Health data under this section includes any data derived from Apple HealthKit (heart rate, steps, calories, workout sessions) as well as fitness tracking data collected through the app.

Privacy Requests

To submit any privacy request — including data access, correction, deletion, a CCPA request, or a Washington MHMDA request — contact us through nowislife.com/contact. Please include your name and the email address associated with your account so we can verify your identity.

Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the effective date above and notify you through the app. Continued use of NOWISLIFE after the effective date constitutes acceptance of the updated policy.

Contact

Questions about this Privacy Policy? Contact us at nowislife.com/contact.

NOWISLIFE is currently available to U.S. users only.