Privacy

Last updated 2026-06-22.

This is the privacy policy of LeanOS Inc., an Ontario corporation federally incorporated in Canada. Most of your data lives on your phone, and when you're signed in to iCloud it also syncs to your own private iCloud so it survives a reset or a new phone. Three external services see specific slices of data so the coach can generate replies, so crashes can be reported, and so anonymous analytics events can be counted. This policy describes what those services see and where your data lives. The leanos.me marketing site is covered separately at the end.

Where your data lives

When you use the Leanos app, your commitment contract, your check-ins, your calorie log entries, your lift history, step history from HealthKit, your chat history with the coach, your profile (gender, height, weight, ideal body composition, date of birth), and your settings all live in the app sandbox on your phone. When you're signed in to iCloud, the same data also syncs to your private iCloud, which is your own Apple account, so it's safe if you reset or replace your phone and stays in sync across your devices. None of this data is synced to our servers. Your private iCloud is your own account, not a company database. We cannot see it.

You can delete every category above at any time. Open the app, go to Settings, then Data, then Delete all data. The action wipes the local data and resets the app to its install state. There is no undo.

Data sent to third-party services

To make the app work, four external services see specific slices of data. Each is named below with what it sees and what it does.

Anthropic

The Leanos coach uses Anthropic's API to generate chat replies. When you send a message to the coach, the message content is sent to Anthropic's servers along with recent chat context, your profile fields, and the philosophy and encyclopedia text the coach reads. Anthropic generates a reply and returns it to your device.

When you take a plate photo for calorie logging, the photo is sent to Anthropic for vision analysis. Anthropic returns the calorie estimate to your device.

Your check-in and body progress photos go to Anthropic only when you ask the coach to look at or compare them, never on their own. The first time you ask, the coach confirms with you before sending. You can turn photo analysis off at any time in Settings, and turning it off stops any further photo from going to Anthropic. If you attach an image directly to a chat message, it goes to Anthropic when you send the message. The visual observations come back to your device and are stored locally.

The Leanos app calls the Anthropic API through our proxy. The proxy does not add user-identifying metadata to the request. Anthropic's commercial API terms state that customer content sent through the API is not used to train Anthropic models. Anthropic's full data handling is governed by Anthropic's privacy policy at https://www.anthropic.com/legal/privacy.

Before the coach starts, an onboarding consent gate asks you to consent to your chat messages being sent to Anthropic. If you decline, the coach is not available, and the rest of the app continues to function. Photos are handled separately. The first time you ask the coach to look at a photo, it confirms with you before anything is sent.

Sentry

Sentry receives diagnostic data when the Leanos app crashes or hits an error worth investigating. Stack traces, the iOS version, the device model, and the relevant app state are sent. The reports are not linked to your identity. The reports are used only for crash investigation, not for advertising or analytics.

Sentry's full data handling is governed by Sentry's privacy policy at https://sentry.io/privacy.

PostHog

PostHog receives anonymous device-level analytics events. Events include things like "paywall viewed," "subscription purchased," "first check-in committed." No user identifier is sent. The events are device-level only and are not linked to your identity. The data is used only to understand product usage in aggregate.

PostHog's full data handling is governed by PostHog's privacy policy at https://posthog.com/privacy.

Apple

When you purchase a subscription, Apple processes the transaction through StoreKit. Apple, not Leanos, holds your billing information, your Apple ID, and your subscription record. The Leanos app receives only the subscription status that StoreKit returns, not your billing details.

Apple's handling of your data is governed by Apple's privacy policy at https://www.apple.com/legal/privacy.

HealthKit data

The Leanos app reads step data from HealthKit on your device, with your permission, to show your daily step count and to confirm whether you met the step floor you committed to. The step data is read from HealthKit on each session and used in the app. It is not transmitted to our servers, not shared with Anthropic, Sentry, or PostHog, and not retained outside of what HealthKit itself holds on your device.

You can revoke HealthKit permission at any time in iOS Settings, under Privacy and Security, then Health.

What we do not collect

We do not collect your email at install. We do not collect your phone number. We do not collect your precise location. We do not collect your advertising identifier. We do not maintain a server-side user account or a server-side user record.

Children's privacy

The Leanos app is intended for adults and is rated 17+ in the App Store. We do not knowingly collect data from anyone under 13. If you believe a child has used the app, email support@leanos.me and we will help you delete any data on the device.

Your rights

You can delete every piece of data the app stores on your device at any time, from Settings, then Data, then Delete all data.

If you are a resident of the European Economic Area, the United Kingdom, or California, you have additional rights under GDPR, UK GDPR, or CCPA respectively. These include the right to access, correct, or delete your data, and the right to know how it is used. To exercise any of these rights, email support@leanos.me.

Because the app holds no server-side user account, most of your data is already under your direct control on the device. We will still respond to data requests for what does exist at the external services described above.

Data retention

We do not store user data on our own servers. Diagnostic data at Sentry, event data at PostHog, and request logs at Anthropic are retained per those services' standard policies, which is typically a short window measured in days.

If you delete data inside the app, the deletion is immediate on your device. The corresponding records at the external services age out per their retention policies. Sending a deletion request to support@leanos.me triggers our cleanup at the upstream services where applicable.

International users

Leanos is offered globally through the App Store. The app processes data in the United States via Anthropic, Sentry, PostHog, and our proxy infrastructure. By using the app, you consent to your data being processed in the United States.

Security

Data on your device is protected by the iOS sandbox model. Data sent to third parties travels over HTTPS. We do not maintain a server-side store of user data.

No system is perfectly secure. If you believe a security issue exists in Leanos, email support@leanos.me with the details.

The leanos.me marketing site

The leanos.me marketing site is the public website for Leanos. It does not collect your email, require an account, or store personal data on our servers. It uses anonymous usage analytics through PostHog to understand site traffic in aggregate, with no event linked to your identity.

Changes to this policy

We will update this policy when our data practices change. The "Last updated" date at the top reflects the latest revision. Material changes will be flagged on this page and in the app.

Contact

For questions about this policy or about your data, email support@leanos.me.