PRIVACY POLICY

Last updated: April 10, 2026

Punch AI ("we," "our," or "us") is an iOS boxing training app built by Caleb, an independent developer operating as a sole proprietor in California. The app uses your iPhone's front camera and Apple's Vision framework to detect your punches and form in real time so you can train without a coach, a partner, or a gym.

This Privacy Policy explains exactly what the Punch AI iOS app (bundle ID app.punchai.PunchAI) and punchai.app collect, how we use it, and who we share it with. We've tried to write it in plain English. If anything is unclear, email support@punchai.app and we'll answer directly. By using Punch AI, you agree to the practices described here.

INFORMATION WE COLLECT

Account Information

When you sign up — using Sign in with Apple or email authentication — we collect the information you give us during onboarding:

  • Name you provide during the onboarding quiz
  • Email address (either the one you type, or the private relay address Apple generates when you use Sign in with Apple)
  • Age, height, weight, boxing experience level, and training goals from the onboarding quiz

You give us this information directly. We don't pull it from anywhere else.

Fitness & Session Data

Every time you train, Punch AI records statistics from that session:

  • Punch counts (total, by hand, and by punch type)
  • Accuracy scores
  • Session duration
  • Weak areas the coach identified (e.g. dropped guard, slow return, narrow stance)
  • Workout history and dates

This is classified as Fitnessdata under Apple's App Store privacy definitions. It's stored in our Supabase database, linked to your account, so you can see your progress over time.

Automatically Collected

When you use the app, a few things are collected automatically:

  • User ID — a Supabase user ID and a RevenueCat app user ID, used to tie your account to your session history and your subscription status.
  • Purchase history— the subscription tier you're on and whether you're in your 3-day free trial. Handled by Apple StoreKit and RevenueCat; we never see card numbers or payment details.
  • Product interaction — which screens you tap through, so we can understand how people use the app and remove friction.
  • Crash data and performance data — standard diagnostics from Apple App Store Connect and TestFlight, used only to find and fix bugs.

These eight data types — Name, Email Address, Fitness, User ID, Purchase History, Product Interaction, Crash Data, and Performance Data — match the declarations in our App Store Connect privacy disclosure, and all of them are marked "not used for tracking."

What We Do Not Collect

To be explicit, Punch AI does not collect:

  • Precise or coarse location
  • Your contacts or address book
  • HealthKit data (we do not integrate HealthKit)
  • Advertising identifiers (IDFA) — there are no ads in the app and no ad network
  • Your photo library or any user-recorded videos
  • Browsing or search history from outside the app

HOW WE USE YOUR INFORMATION

We use the information we collect to:

  • Run the app and personalize your training sessions
  • Track your progress and adapt drills as your skill improves
  • Generate post-session AI coaching feedback (see "Third-Party Services" below)
  • Manage your account, trial, and subscription status
  • Send optional push notifications for trial reminders and training nudges — you can turn these off in iOS Settings
  • Diagnose crashes and fix bugs

We do not use your data to serve ads, build advertising profiles, or sell anything to anyone.

ON-DEVICE PROCESSING

This is the section we want you to understand clearly, because it's a real privacy boundary — not a marketing line.

When you train, Punch AI uses Apple's Vision framework to analyze the video feed from your iPhone's front camera. On-device, the app computes:

  • Hand landmarks — 21 points per hand, used to detect punch type, arm extension, and timing
  • Body pose landmarks — used to detect stance, guard position, rotation, and balance

None of this ever leaves your iPhone. The raw camera frames, the hand landmarks, the body pose coordinates, and every intermediate computation are all processed locally and discarded after each frame. We do not record, store, upload, or have any access to:

  • Video of you training
  • Photos or screenshots of your sessions
  • Raw landmark or coordinate data
  • The front camera feed at any point in time

What does get uploaded to our servers are the derived statistics from the session — punch counts, accuracy scores, session duration, and identified weak areas. Those numbers are how your progress dashboard works, and how the AI coaching feedback is generated.

For the technically curious: the app only requests the iOS Camera permission. It does not request Photo Library access and cannot read saved videos or photos.

THIRD-PARTY SERVICES

We rely on a small number of services so the app can function. Here's exactly what each one receives and why.

Supabase

Database and authentication provider.
Receives: your account information (name, email, onboarding responses), your session history, and your user ID.
Why: to store your profile, let you log in, and power your progress dashboard.
Supabase Privacy Policy

RevenueCat

Subscription management.
Receives: your user ID and Apple purchase status (trial, monthly at $6.99, yearly at $39.99, expired).
Why: to decide whether to unlock paid features and manage your subscription lifecycle across devices.
RevenueCat Privacy Policy

Anthropic (Claude API)

Post-session AI coaching feedback, generated by Anthropic's claude-sonnet-4-6 model.
Receives: summary statistics from a finished session (punch counts, accuracy, weak areas).
Does not receive: video, images, raw camera frames, hand landmarks, body pose coordinates, your name, or your email.
When: only for paid subscribers, only after a session ends.
Anthropic Privacy Policy

Apple

Sign in with Apple, StoreKit, and App Store Connect crash reporting.
Receives: authentication credentials (when you use Sign in with Apple), purchase and subscription transactions (via StoreKit — Apple handles all payment information end-to-end, so we never see card numbers), and aggregated crash and performance data through App Store Connect.
Why: account sign-in, billing, and diagnostics.
Apple Privacy Policy

We do not share your data with anyone else, and we do not sell it — not now, not ever.

DATA RETENTION

We keep your account information and session history for as long as your account exists. If you stop using the app, your data stays in our database until you delete your account.

When you delete your account, we delete all associated data from Supabase — profile info, session history, and user identifiers — within 30 days. RevenueCat's subscription records follow their own retention schedule, and Apple's records (purchase history, crash data) are governed by Apple's policies.

YOUR RIGHTS

You have the right to:

  • Access the personal information we hold about you
  • Correctinformation that's wrong or out of date — most of it is editable directly in the app's Settings screen
  • Delete your account and all associated data. You can do this from inside the app under Settings → Account → Delete Account, or by emailing support@punchai.app. Deletion requests are honored within 30 days.
  • Exporta copy of your data on request — email us and we'll send you what we have

To exercise any of these rights, email support@punchai.app from the address associated with your account.

CHILDREN'S PRIVACY

Punch AI is rated 9+ in the App Store but is not directed at children under 13, and we do not knowingly collect personal information from anyone under 13. If we learn that a child under 13 has created an account, we will delete that account and its data immediately. If you believe a child under 13 has provided us information, please email support@punchai.app.

CALIFORNIA PRIVACY RIGHTS

If you are a California resident, the California Consumer Privacy Act (CCPA), as amended by the CPRA, gives you specific rights:

  • Right to knowwhat personal information we collect, how it's used, and who we share it with. This entire Privacy Policy is designed to answer that.
  • Right to delete your personal information — use the in-app deletion option or email us.
  • Right to correct inaccurate personal information.
  • Right to opt out of the sale or sharing of personal information. We do not sell or share your personal information for cross-context behavioral advertising or any other purpose, so there is nothing to opt out of and no "Do Not Sell" toggle in the app.
  • Right to non-discrimination for exercising any of these rights.

To exercise a California privacy right, email support@punchai.app. We will respond within 45 days.

INTERNATIONAL USERS

Punch AI is operated from the United States. Our database (Supabase) and our third-party services are hosted on servers located primarily in the United States. If you use the app from outside the United States, your information will be transferred to, stored, and processed in the U.S. By using Punch AI from outside the U.S., you consent to that transfer.

We recognize that some jurisdictions — including the EU, UK, and others — have stricter data protection laws. If you'd like to exercise rights granted by GDPR or a similar framework, email support@punchai.app and we'll handle your request directly.

CHANGES TO THIS POLICY

We may update this Privacy Policy as the app evolves. When we make meaningful changes, we'll update the "Last updated" date at the top of this page and, for significant changes, notify you in the app or by email. Continued use of Punch AI after an update constitutes acceptance of the revised policy.

CONTACT US

Punch AI is built by Caleb, an independent developer based in California.

Questions, data requests, or privacy concerns: support@punchai.app