Flojas ("we," "our," or "us"), a product of teJai Technologies LLC, operates the Flojas mobile application. This Privacy Policy explains how we collect, use, and protect your information when you use our app.
By using Flojas, you agree to the practices described here. If you have questions, contact us at support@flojas.app.
Account information
Name, email address, and authentication credentials collected when you create an account via email/password or Google Sign-In.
Health and fitness data
Metrics you manually enter or sync from Apple Health or Google Fit — including body composition, cardiovascular metrics, sleep, activity, nutrition, gut health, mental wellbeing assessments, and athletic performance data.
Location data
GPS coordinates collected only during active athletic session tracking, if you grant permission. Not collected in the background unless you explicitly enable background tracking for a session.
Camera and photos
Images captured only when you use the food photo logging feature. Photos are processed by our AI to extract nutritional information and are not stored permanently on our servers.
Voice data
Audio is captured only when you use the voice food logging feature and is processed locally on your device using speech-to-text. We do not store raw audio recordings.
Usage data
App interaction events (screens viewed, features used) collected via Firebase Analytics for product improvement. Health metric values are never included in analytics events.
We do not sell your data. We do not use health data for advertising.
Sensitive health data is encrypted on your device using AES-256-GCM with HKDF-SHA256 key derivation before being stored in our cloud database. This covers 16+ purpose-scoped data classes — including coach conversations, journal entries, GPS routes, raw metric events, daily metric rows, check-in sessions, athletic test results, health score snapshots, saved meals, plans, and more.
Your encryption keys are generated on your device at first launch, stored in device secure storage, and backed up in FIPS 140-2 Level 3 certified HSM hardware (Google Cloud KMS) — never stored in plaintext on our servers. This means we cannot read your encrypted health data — not because of a policy, but because we mathematically cannot.
Firebase (Google)
We use Firebase for authentication, cloud database, push notifications, and serverless functions. Firebase stores data in the United States. See policies.google.com/privacy.
Stripe / Dodo Payments
Premium subscriptions are billed via Stripe or Dodo Payments. We do not store full payment card information. These are the only payment processors we use.
Vertex AI (Google)
AI coaching responses are generated using Google Cloud's Vertex AI. Your coach messages are transmitted to this service to generate responses. Coach messages are end-to-end encrypted in our database but are decrypted transiently in server memory solely to generate responses — the plaintext is never stored. We do not use your messages to train Google's models.
Named sub-processors: Google LLC (Firebase, Vertex AI, Cloud KMS), Stripe, and Dodo Payments. We do not share your data with any other third parties.
Your account data is retained as long as your account is active. You can delete your account at any time from Settings → Account → Delete Account. A 7-day grace period begins immediately; you may cancel the deletion and restore your account within that window. After the grace period expires, all recoverable personal data is permanently and irreversibly deleted.
Because Flojas does not hold your decryption keys, deleted E2EE-encrypted data cannot be recovered by any party, including Flojas.
You have the right to:
California residents have additional rights under CCPA. EU/UK residents have additional rights under GDPR. For general support contact support@flojas.app. For privacy and data requests (access, deletion, GDPR/CCPA/TDPSA) contact support@flojas.app.
Flojas is not directed to children under 13. We do not knowingly collect data from children under 13. If you believe a child has provided us with personal information, please contact us immediately.
We implement industry-standard security including end-to-end encryption for sensitive data, TLS for data in transit, Firebase security rules, and regular security reviews. Flojas operates under FTC consumer privacy standards. If a confirmed data incident ever occurs, affected users will be notified within 60 days — no exceptions. No system can guarantee absolute security; please use a strong password and keep your device secure.
We will notify you of material changes via in-app notification or email before they take effect. Continued use of the app after changes constitutes acceptance of the updated policy.
You can delete your account and all associated data directly in the app:
Settings → Account → Delete Account
A 7-day grace period begins on deletion request. During this time you can cancel and restore your account. After the grace period, all recoverable data is permanently and irreversibly deleted — including all health metrics, coach chat history, plans, and profile data. Encrypted data cannot be recovered after deletion.
If you no longer have access to the app, email us at support@flojas.app with the subject line "Data Deletion Request" and we will process it manually.
Contact
Flojas — fitness intelligence unlocked
teJai Technologies LLC · 9191 Kyser Way, Suite 202, Frisco, TX 75033
General Support: support@flojas.app
Privacy & Data Requests: support@flojas.app