Skip to main content

HighLvl

Privacy Policy

Effective date: May 28, 2026  ·  Last updated: May 28, 2026

HighLvl is an AI nutrition coach. This policy explains exactly what data the app touches, where it goes, and the controls you have over it. We have written it to be specific rather than generic, because health data deserves that.

This policy applies to the HighLvl iOS application (“HighLvl,” “the app”) published by Raven Studio (“we,” “us,” “our”). By using the app you agree to the practices described here.

The short version. Apple Health data is read only — never written back, never used for advertising, never sold. Your data lives on your device. To generate coaching, the text and photos you choose to send, plus the health context you have connected, are transmitted to an AI inference provider. You can delete everything at any time.

1. What we collect

Information you provide

  • Meals you log — the text you type or dictate, and any food photos you attach.
  • Profile and goals — details you enter during onboarding such as height, weight, body composition, age range, sex, activity level, and your nutrition or training goals.
  • Chat messages — anything you say to the coaching assistant.
  • API keys, if you choose to supply your own (see “AI inference,” below). These are stored in the iOS Keychain on your device and are never transmitted to us.

Apple Health (HealthKit) — read-only

If you grant permission, HighLvl reads the following from Apple Health to understand your energy balance and tailor coaching:

  • Active energy burned and basal (resting) energy burned
  • Workouts (type, time, and the energy attributed to each)
  • Dietary energy you have logged elsewhere, step count, body mass, height, sleep analysis, date of birth, and biological sex
HighLvl never writes to Apple Health. The app requests read access only. We do not modify, add, or delete any data in Health. HealthKit data is never used for advertising or marketing, never sold, and never disclosed to anyone except the AI inference provider you have configured, solely to generate your coaching — and never to data brokers.

Whoop (optional)

If you connect Whoop, HighLvl uses Whoop’s OAuth flow (authorization-code with PKCE) to obtain access on your behalf. We read recovery, daily strain, calories, and workout summaries to refine coaching. Whoop access and refresh tokens are stored in the iOS Keychain on your device. You can disconnect Whoop at any time, which deletes those tokens.

Voice

When you dictate a meal or message, transcription is performed using Apple’s on-device speech recognition. Apple’s processing is governed by Apple’s own privacy terms; the resulting text is then treated like any text you typed.

What we do not collect

  • We do not run our own analytics, advertising, or tracking SDKs.
  • We do not collect precise location.
  • We do not sell, rent, or share your personal data with data brokers for any purpose.

2. How we use your information

  • To generate coaching. Your meals, photos, goals, and connected health context are used to estimate nutrition, track progress, and produce personalized guidance and a daily briefing.
  • To operate the app — to remember your logs, targets, and preferences across sessions.
  • To process payments for subscriptions, via Apple (see below).

We do not use your health data, meals, or photos to train our own models, to advertise, or for any purpose unrelated to providing you the service.

3. AI inference and how your data is transmitted

HighLvl’s coaching is produced by large language models. To generate a response, the relevant context — your message, attached photos, recent meals, and connected health metrics — is sent to an AI inference provider. Which provider receives the data depends on your configuration:

  • Anthropic (Claude) — the default provider for coaching, image understanding, and the daily briefing. Requests go either directly to Anthropic’s API or through our hosted proxy, which forwards the request to Anthropic on our behalf. The hosted proxy lets us run the service on managed subscription tiers; it transmits your request to Anthropic and returns the response, and does not retain your content for any other purpose.
  • Your own provider key (optional) — if you supply your own API key, your data is sent directly from your device to that provider instead. Supported options include OpenAI, Google Gemini, and a self-hosted Ollama endpoint. When you use your own key, your data is governed by that provider’s terms, and the request does not pass through us.

AI inference providers process the content we send to generate a response. Anthropic does not use data submitted through its API to train its models. Each provider’s handling is governed by its own privacy policy and data-processing terms.

4. Third parties and sub-processors

We keep this list short and specific. Depending on the features you use and the configuration you choose, the following may process your data:

PartyRoleData they may receive
AppleHealthKit source; on-device speech; App Store subscription billingHealth data stays on device (read by the app, not sent to Apple by us). For billing, Apple processes your purchase; we receive only subscription status, never your payment details.
AnthropicDefault AI inference provider (direct or via our hosted proxy)The message, photos, and health context needed to generate a response
Our hosted proxy
operated by Raven Studio		Forwards default-tier requests to AnthropicThe request payload in transit, forwarded to Anthropic; not retained for other purposes
Whoop (optional)Source of recovery / strain / workout data, via OAuth you authorizeWe receive data from Whoop; we do not send your data to Whoop beyond the OAuth handshake
OpenAI / Google Gemini / Ollama (optional, only if you supply a key)Alternative AI inference providers you chooseThe message, photos, and health context needed to generate a response, sent directly from your device

We do not use third-party advertising networks, and we do not share data with data brokers.

5. Where your data is stored

Your logs, profile, goals, and coaching history are stored locally on your device using Apple’s Core Data framework. Any API keys you supply and any Whoop tokens are stored in the iOS Keychain on your device. We do not maintain a central database of your meals, photos, or health data. Data is transmitted to AI inference providers only at the moment a coaching response is generated, as described above.

If you have enabled iCloud backup for your device, your local app data may be included in your encrypted Apple backup under Apple’s terms.

6. Data retention

  • On-device data persists until you delete it in the app or uninstall the app. Uninstalling HighLvl removes its local Core Data store and Keychain entries.
  • AI inference providers retain data per their own policies. Anthropic does not train on API data; transient logs (e.g. for abuse monitoring) are governed by Anthropic’s terms. If you use your own provider key, retention is governed by that provider.
  • Subscription records are retained by Apple per Apple’s policies; we retain only the minimal status needed to provide your plan.

7. Your controls and how to delete your data

  • Apple Health: revoke or change HighLvl’s read access any time in Settings → Privacy & Security → Health → HighLvl on your device.
  • Whoop: disconnect inside HighLvl, which deletes the stored tokens.
  • API keys: remove any key you supplied in the app’s settings.
  • Your logs and history: delete entries in the app, or delete all app data by uninstalling HighLvl, which removes the local Core Data store and Keychain items.
  • Requests to us: because your content is stored on your device and not in a central account, the most complete deletion is performed by you on-device. For any additional request, contact us at support@highlvl.fit and we will respond consistent with applicable law.

Depending on where you live, you may have rights to access, correct, delete, or restrict processing of your personal data, and to object or withdraw consent. To exercise any of these, email support@highlvl.fit.

8. Subscriptions and payments

HighLvl offers a free experience and paid subscription tiers. All purchases are processed by Apple through the App Store. We never see or store your payment card or billing details; Apple shares with us only the subscription status required to enable your plan. Subscription management, cancellation, and refunds are handled through your Apple account settings.

9. Children

HighLvl is rated 17+ and is not directed to children. We do not knowingly collect personal data from anyone under 17. If you believe a child has provided us data, contact support@highlvl.fit and we will take appropriate steps.

10. Security

API keys and OAuth tokens are stored in the iOS Keychain. Data sent to AI inference providers is transmitted over encrypted HTTPS connections. No method of transmission or storage is perfectly secure, but we design the app to keep your data on your device and to minimize what leaves it.

11. International transfers

The AI inference providers and our hosted proxy may process data in the United States or other countries. Where required, we rely on appropriate safeguards for cross-border transfers. By using the app you understand that data sent to generate coaching may be processed outside your country of residence.

12. Changes to this policy

We may update this policy as the app evolves. Material changes will be reflected by updating the effective date above and, where appropriate, by an in-app notice. Continued use after an update constitutes acceptance of the revised policy.

13. Contact

Questions, requests, or concerns about privacy:

Raven Studio
support@highlvl.fit