Privacy Policy for TestMax

Last Updated: January 23, 2026

Effective Date: January 23, 2026

Table of Contents

1. Introduction

2. Quick Privacy Overview

3. Information We Collect

4. How We Use Your Information

5. Third-Party Services

6. Data Storage and Security

7. Your Privacy Rights

8. Children's Privacy

9. Data Sharing and Disclosure

10. International Data Transfers

11. Changes to This Privacy Policy

12. California Privacy Rights (CCPA)

13. European Privacy Rights (GDPR)

14. Health Information Disclaimer

15. Data Breach Notification

16. Contact Us

17. Consent

18. Introduction

This Privacy Policy describes how TestMax ("we," "our," or "us") collects, uses, and shares your personal information when you use our mobile application (the "App"). We are committed to protecting your privacy and ensuring the security of your personal data.

By using TestMax, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with this policy, please do not use our App.

2. Quick Privacy Overview

What data do we collect?

• Account information (email, name)

• Facial images for health analysis

• Health and fitness data (testosterone-related information)

• Chat messages with AI Coach

• Usage data and analytics (onboarding events only)

• Device ID and identifiers

How do we use it?

• Provide personalized health analysis and recommendations

• Track your progress and habits

• Improve the app through analytics

• Manage your subscription

Do we share your data?

• Yes, with service providers (Supabase, Anthropic, Mixpanel, Superwall)

• No, we never sell your data

Your rights:

• Delete your account and all data anytime

• Access and export your data

• Opt out of analytics tracking

• Request corrections to your data

For complete details, please read the full policy below.

3. Information We Collect

3.1. Account Information

When you create an account using Apple Sign-In or Google Sign-In, we collect:

• Email address

• Full name (if provided by your authentication provider)

• Unique user identifier

• Authentication provider information (Apple or Google)

• Account creation date

3.2. Health and Fitness Information

During the onboarding process and app usage, you may provide:

• Birth date (to calculate age-related metrics)

• Ethnicity

• Workout frequency and exercise preferences

• Sleep hours and quality

• Stress levels

• Mood indicators

• Energy levels

• Confidence levels

• Personal health goals and concerns

• Testosterone-related information and health metrics

3.3. Facial Images and Scan Data

When you use our face scanning feature, we collect:

• Facial photographs that you upload

• Analysis results including:

  • Estimated testosterone levels

  • Biological age

  • Overall health score

  • Facial feature analysis (masculinity, cheekbones, jawline, facial hair)

  • Personalized health recommendations

Important: Your facial images are stored locally on your device in the app's Documents directory. Images are NOT uploaded to cloud storage or our database. Images are temporarily sent to Claude API (Anthropic) for analysis only. According to Anthropic's privacy policy, Claude API does not store or retain images after analysis is complete. Analysis results (scores, descriptions) are stored locally on your device. We do not share your facial images with any other third parties, data brokers, or advertising networks. Users can delete scans at any time through the app interface.

3.4. User Content (Messages and Communications)

When you use our AI Coach feature, we collect and store:

• Your chat messages and questions

• AI-generated responses

• Conversation history and timestamps

• Conversation titles and metadata

Note: Your conversations with the AI Coach are processed through Anthropic's Claude AI service. Your scan results may be shared with the AI to provide personalized advice. These conversations are linked to your user account.

3.5. Activity and Usage Data

We automatically collect information about how you use the app:

• Daily app usage and activity tracking

• Exercise completion data (types of exercises performed, duration)

• Daily habit completion and progress

• Streak information (consecutive days of app usage)

• Page views and navigation patterns within the app

• Feature usage statistics and interactions

• Error logs and crash reports

• Time spent on different features

• Button clicks and user interactions

This data is collected through Mixpanel analytics for onboarding funnel analysis only. We use this data to improve user experience and app functionality within our own app. We do NOT track users across apps or websites for advertising purposes.

3.6. Device and Technical Information

We may collect:

• Device type and model

• Operating system version

• App version and build number

• Device language and region settings

• Device ID (unique device identifier used for analytics only, not for cross-app tracking)

• IP address (automatically collected by our hosting provider)

• Network information

4. How We Use Your Information

4.1. To Provide Core Services (App Functionality)

• Generate personalized testosterone and health analysis from your facial scans

• Provide AI-powered coaching and personalized advice based on your health data

• Track your progress and maintain your activity streaks

• Save and sync your data across sessions

• Manage your user account and authentication

• Display your personalized dashboard and recommendations

• Enable exercise tracking and habit formation features

• Generate personalized health plans based on your onboarding answers

4.2. For Analytics and Product Improvement

• Analyze app usage patterns to improve user experience

• Track user engagement and feature adoption (via Mixpanel)

• Track users across sessions and events to understand behavior patterns

• Debug technical issues and fix bugs

• Develop new features and functionality based on user behavior

• Conduct research to enhance our health analysis algorithms

• Monitor app performance and stability

• Identify and resolve technical issues

Analytics Notice: We use your Device ID and User ID for analytics purposes within our app only. This helps us understand how users interact with the app and improve our services. We do NOT use this data to track you across other apps or websites for advertising purposes. We do NOT share this data with data brokers or advertising networks.

4.3. For Product Personalization

• Customize your app experience based on your preferences and goals

• Recommend relevant exercises, supplements, and lifestyle changes

• Tailor AI Coach responses to your specific health profile

• Adjust content and features based on your usage patterns

• Provide targeted health recommendations based on your scan results

4.4. To Communicate With You

• Send important service updates and notifications

• Respond to your support requests

• Provide customer service

• Send subscription-related communications

4.5. For Subscription Management

• Process and manage your subscription through Apple's in-app purchase system

• Provide access to premium features based on subscription status

• Display subscription offers and paywalls (via Superwall)

• Send renewal reminders and billing information

• Track subscription events and conversions

Third-Party Services

We use the following third-party services that may collect and process your data. By using TestMax, you agree that your data may be shared with these service providers as described below.

5.1. Anthropic (Claude AI)

Purpose:

• Powers our AI Coach feature to provide personalized health and fitness advice

• Analyzes facial images for health metrics (testosterone indicators, facial features, biological age)

Data Shared:

• Your chat messages and questions (for AI Coach feature)

• Your scan results (testosterone levels, biological age, health metrics) - when shared with AI Coach

• Your facial images (temporarily, for scan analysis only)

• Your onboarding information (when relevant to provide personalized advice)

• Conversation context and history (for AI Coach)

How It's Used:

• Facial images are sent temporarily for analysis - Claude API does not store or retain images after analysis

• Chat messages are processed to generate AI-powered responses and personalized recommendations

Data Retention: Images are not retained by Anthropic after analysis. Chat conversations are processed in real-time.

Privacy Policy: https://www.anthropic.com/privacy

5.2. Supabase

Purpose: Backend database and authentication (account data only)

Data Shared: Only account information is stored in Supabase:

• Account information (email, name, user ID)

• Authentication tokens

Note: Facial images, scan results, chat conversations, activity data, and onboarding answers are stored locally on your device and are NOT stored in Supabase database.

Location: Cloud servers (location may vary by region)

Privacy Policy: https://supabase.com/privacy

5.3. Mixpanel

Purpose: Analytics for onboarding funnel analysis only (to improve app functionality and user experience)

Data Shared:

• User ID (linked to your identity)

• Device ID (unique device identifier)

• Onboarding step completion events only

• Onboarding page views and progress

Tracking: No - Mixpanel is used for analytics within our app only. We do NOT use Mixpanel to track users across apps or websites for advertising purposes.

How It's Used: To analyze onboarding completion rates and improve the onboarding experience within our app

Privacy Policy: https://mixpanel.com/legal/privacy-policy

Opt-Out: Contact support@testmaxai.app to opt out of analytics tracking

5.4. Superwall

Purpose: Subscription paywall management and in-app purchase optimization

Data Shared:

• User ID

• Email address

• Subscription status and purchase history

• User attributes (onboarding data for paywall targeting)

How It's Used: To display subscription offers and manage access to premium features

Privacy Policy: https://superwall.com/privacy

5.5. Apple Sign-In / Google Sign-In

Purpose: Secure authentication services

Data Shared: As required by authentication providers (email, name, authentication tokens)

Privacy Policies:

• Apple: https://www.apple.com/legal/privacy

• Google: https://policies.google.com/privacy

5.6. Apple App Store (In-App Purchases)

Purpose: Process subscription payments

Data Shared: Purchase history and subscription status (processed by Apple)

Privacy Policy: https://www.apple.com/legal/privacy

Data Storage and Security

6.1. Security Measures

We implement industry-standard security measures to protect your personal information:

• Encryption in Transit: All data transmission uses secure HTTPS/TLS connections

• Encryption at Rest: Sensitive data is encrypted when stored on our servers

• Secure Authentication: Authentication tokens are stored securely in your device's Keychain

• Access Controls: Strict access controls limit who can access your data

• Regular Security Audits: We regularly review and update our security practices

• Secure API Keys: API keys and sensitive credentials are stored in device Keychain (not in code)

• Database Security: Row-level security policies in Supabase protect your data

6.2. Data Storage Location

Account Data: Stored in Supabase cloud servers (PostgreSQL database) - includes email, name, user ID only

Local Device Storage: Most app data is stored locally on your device:

• Facial images: Stored locally in app's Documents directory (NOT in cloud storage)

• Scan results and analysis: Stored locally in UserDefaults and JSON files

• Chat conversations: Stored locally on device

• Daily habit progress: Stored locally on device

• Activity and streak data: Stored locally on device

• Onboarding answers: Stored locally on device

Third-Party Processing:

• Facial images are temporarily sent to Claude API (Anthropic) for analysis only - images are not stored by Anthropic

• Analytics data (onboarding events only) stored by Mixpanel

• Subscription data managed by Superwall

Geographic Location: Account data may be stored in servers located in the United States or other countries. Local device storage remains on your device.

6.3. Data Retention

Account Data: Retained in Supabase database for as long as your account is active

Facial Images: Stored locally on your device until you delete individual scans or your account. Images are NOT stored in cloud storage. Images sent to Claude API are not retained by Anthropic after analysis.

Scan Results: Stored locally on your device until you delete individual scans or your account

Chat Conversations: Stored locally on your device until you delete them or your account

Activity Data: Stored locally on your device to maintain your streak and progress history

Analytics Data: Onboarding analytics data retained by Mixpanel according to their retention policies

Deleted Account Data: Account data in Supabase is deleted immediately upon account deletion. Local device data is removed when you delete your account. Some account data may remain in backup systems for up to 90 days before permanent deletion. Analytics data previously sent to Mixpanel may be retained according to their retention policies.

Your Privacy Rights

7.1. Access and Control

You have the right to:

• Access: View all your personal data stored in the app through your profile and data sections

• Update: Modify your profile information and onboarding answers at any time

• Delete: Remove individual scans, chat conversations, exercise data, or your entire account

• Export: Request a copy of your data in a portable format (contact support@testmaxai.app)

• Correct: Update or correct inaccurate information in your profile

7.2. Account Deletion

You can delete your account at any time through the app's Settings screen. When you delete your account, we will permanently delete:

• Your account information (email, name, user ID)

• All facial scans and analysis results (stored locally on device)

• All facial images (stored locally on device, not in cloud storage)

• Chat conversation history with the AI Coach

• Activity and habit tracking data

• Daily progress records and streaks

• Onboarding answers and health information

• Exercise completion data

Important Notes:

• Account deletion is permanent and cannot be undone

• You will lose all your data, including scans, chat history, and progress

• Active subscriptions must be cancelled separately through Apple App Store settings

• Some data may be retained in backup systems for up to 90 days before permanent deletion

• Analytics data previously sent to Mixpanel may be retained according to their retention policies

7.3. Opt-Out Options

• Analytics Tracking: Contact support@testmaxai.app to opt out of Mixpanel analytics (this may limit app functionality)

• AI Coach: You can choose not to use the AI Coach feature to avoid sharing data with Anthropic

• Subscription Offers: Subscription to premium features is optional; you can use basic features without subscribing

8. Children's Privacy

TestMax is not intended for users under the age of 16. We do not knowingly collect personal information from children under 16.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately at support@testmaxai.app, and we will take steps to delete such information promptly.

9. Data Sharing and Disclosure

9.1. We Do NOT Sell Your Data

We do not sell, rent, or trade your personal information to third parties for marketing purposes. We have never sold user data and have no plans to do so.

9.2. How We Share Your Data

We may share your information in the following circumstances:

1. Service Providers (as detailed in Third-Party Services section):

   • Supabase (database and storage)

   • Anthropic (AI processing)

   • Mixpanel (analytics)

   • Superwall (subscription management)

   • Apple/Google (authentication)

2. With Your Consent: When you explicitly authorize us to share specific information

3. Legal Requirements: When required by law, court order, subpoena, or government regulation

4. Safety and Security: To protect the rights, property, or safety of TestMax, our users, or others; to prevent fraud or abuse

5. Business Transfers: In connection with a merger, acquisition, bankruptcy, or sale of assets (you will be notified via email and/or prominent notice in the app)

9.3. Analytics and Data Use

We use analytics to understand how users interact with our app for product improvement purposes. Specifically:

• We use Mixpanel to track onboarding events only (onboarding step completion)

• We link your activity within our app using your User ID for analytics purposes

• This data is used to improve the app and understand user behavior within our own app only

• We do NOT track users across apps or websites

• We do NOT use your data for cross-context behavioral advertising

• We do NOT share your data with data brokers or advertising networks

• We do NOT link data collected from our app with third-party data for advertising purposes

Important: Our app does NOT perform tracking as defined by Apple (linking data across apps/websites for advertising). All analytics are for understanding usage within our own app only.

9.4. Data Accessible to Third Parties

The following third parties have access to your data:

• Anthropic: Can see your chat messages and scan results you share with the AI

• Mixpanel: Can see your onboarding completion events, identity, and device information

• Supabase: Stores your account data (email, name, user ID) only

• Superwall: Can see your subscription status and basic profile information

10. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence, including the United States, where our servers and third-party service providers are located. These countries may have different data protection laws than your jurisdiction.

Safeguards:

• We use third-party services (Supabase, Mixpanel, Anthropic, Superwall) that comply with applicable data protection regulations

• Data transfers are protected by encryption in transit and at rest

• We ensure contractual obligations are in place with service providers to protect your data

• For EEA residents, we rely on Standard Contractual Clauses or adequacy decisions where applicable

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or for operational reasons.

How We Notify You:

• We will update the "Last Updated" date at the top of this policy

• For material changes, we will provide prominent notice in the app or send you an email notification

• The updated policy will be posted within the app and on our website

Your Options:

• Your continued use of TestMax after changes are made constitutes acceptance of the updated Privacy Policy

• If you do not agree with the updated policy, you should stop using the app and delete your account

12. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

12.1. Your California Rights

1. Right to Know: Request disclosure of the categories and specific pieces of personal information we have collected about you

2. Right to Delete: Request deletion of your personal information (subject to certain exceptions)

3. Right to Correct: Request correction of inaccurate personal information

4. Right to Opt-Out of Sale/Sharing: We do NOT sell your personal information. We share data with service providers for analytics purposes.

5. Right to Limit Use of Sensitive Personal Information: We use your health data only for app functionality purposes

6. Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights

12.2. Categories of Personal Information We Collect

• Identifiers (name, email, user ID, device ID)

• Commercial information (purchase history)

• Internet activity (usage data, onboarding events)

• Biometric information (facial images and analysis)

• Health information (testosterone levels, fitness data)

• Inferences (health predictions, recommendations)

12.3. How to Exercise Your Rights

To exercise any of these rights, please contact us at:

• Email: support@testmaxai.app

• Subject Line: "California Privacy Rights Request"

• We will respond within 45 days of receiving your verified request

12.4. Verification Process

We will verify your identity by asking you to:

1. Provide your email address associated with your account

2. Confirm your account details

3. Log in to your account (if applicable)

4. European Privacy Rights (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have rights under the General Data Protection Regulation (GDPR):

13.1. Your GDPR Rights

1. Right to Access: Obtain confirmation of whether we process your personal data and receive a copy

2. Right to Rectification: Correct inaccurate or incomplete data

3. Right to Erasure: Request deletion of your personal data ("right to be forgotten")

4. Right to Restriction: Request limitation of processing in certain circumstances

5. Right to Data Portability: Receive your data in a structured, commonly used, machine-readable format

6. Right to Object: Object to processing based on legitimate interests or for direct marketing

7. Right to Withdraw Consent: Withdraw consent at any time (without affecting prior processing)

8. Right to Lodge a Complaint: File a complaint with your local supervisory authority

13.2. Legal Basis for Processing

We process your personal data based on:

• Consent: For facial image analysis, AI chat processing, and analytics tracking

• Contract Performance: To provide app services you've requested

• Legitimate Interests: To improve our services, prevent fraud, and ensure security

13.3. Data Controller

TestMax is the data controller responsible for your personal information.

13.4. How to Exercise Your Rights

Contact us at support@testmaxai.app with:

• Subject Line: "GDPR Rights Request"

• Specify: Which right you wish to exercise and what data is involved

• Response Time: We will respond within 30 days

13.5. Data Protection Officer

For questions about data protection, contact: support@testmaxai.app

14. Health Information Disclaimer

14.1. Not Medical Advice

IMPORTANT: TestMax provides estimated health metrics based on facial analysis and AI algorithms. These estimates should NOT be considered medical advice, diagnosis, or treatment.

14.2. Our services are for informational and motivational purposes only

• Testosterone estimates are predictions based on facial features, not clinical blood tests

• Biological age calculations are estimates, not medical determinations

• Health scores and recommendations are general wellness guidance

• The AI Coach provides general fitness and lifestyle advice, not medical diagnosis or treatment

14.3. Medical Disclaimer

• Do NOT use our app as a substitute for professional medical advice, diagnosis, or treatment

• Do NOT make medical decisions based solely on our app's recommendations

• Always consult with a qualified healthcare provider for medical concerns

• Seek professional medical testing for accurate testosterone and health measurements

• Inform your doctor about any lifestyle changes you make based on our recommendations

14.4. HIPAA Compliance

We do NOT claim compliance with HIPAA (Health Insurance Portability and Accountability Act) as we are not a covered healthcare provider, health plan, or healthcare clearinghouse. We are a wellness and fitness application.

14.5. Accuracy Disclaimer

While we strive for accuracy, our health predictions are estimates based on algorithms and may not reflect your actual health status. Actual results may vary. For medical-grade testing, consult a healthcare provider.

15. Data Breach Notification

In the unlikely event of a data breach that affects your personal information, we will:

• Notify affected users via email within 72 hours of discovering the breach (where required by law)

• Provide details about what information was affected

• Explain the steps we are taking to address the breach

• Advise you on steps you can take to protect yourself

• Notify relevant authorities as required by applicable law

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email: support@testmaxai.app

Response Time: We will respond to your inquiry within 30 days (or sooner as required by law)

For Privacy Rights Requests:

• California (CCPA) requests: Use subject line "California Privacy Rights Request"

• European (GDPR) requests: Use subject line "GDPR Rights Request"

• General privacy inquiries: Use subject line "Privacy Inquiry"

Mailing Address: (If you prefer to contact us by mail, email us for our postal address)

17. Consent

By using TestMax, you acknowledge that you have:

• Read and understood this Privacy Policy in its entirety

• Agreed to the collection, use, and sharing of your information as described herein

• Consented to the processing of your health and biometric data (facial images)

• Understood that the app is not a medical device and does not provide medical advice

• Confirmed that you are 16 years of age or older

You can withdraw your consent at any time by:

• Deleting your account through the app's Settings

• Contacting us at support@testmaxai.app to request account deletion

• Ceasing to use the app

Summary of Key Privacy Practices

Practice Details

Do we sell your data? No, we never sell your personal information

Do we track you? No - we use analytics within our app only, not cross-app/website tracking

Is data linked to you? Yes, most data is linked to your identity

Can you delete your data? Yes, delete your account anytime

Do we use your data for ads? No cross-context behavioral advertising

Is your data encrypted? Yes, in transit and at rest

Third parties with access? Supabase, Anthropic, Mixpanel, Superwall

Minimum age? 16 years old

Medical device? No, not medical advice

TestMax Team

Committed to your privacy and helping you maximize your potential

Last Updated: January 23, 2026

For the most current version of this Privacy Policy, please check within the app or visit our website.