Mustafa Evleksiz
Privacy

Privacy policy — MotiveX

Last updated: May 30, 2026

This policy explains what MotiveX collects, why, and your choices. Operated by Mustafa Evleksiz — contact mustafa@mustafaevleksiz.com.

1. Summary

MotiveX is an iOS fitness and habit app — HealthKit-powered stats, XP/streaks/levels gamification, and an AI coach (MotiveKoç) that motivates against your actual numbers and your reason for starting. We process activity data, account info, and AI conversations. We do not sell personal data, do not use your health data for advertising, and never use your data for AI model training.

2. Data we collect

We collect only what's needed to run the service:

  • Account: email (if you sign up with email), Apple/Google Sign-In identifiers.
  • HealthKit data — steps, active energy, distance, floors, heart rate, sleep. Activity metrics and achievements are written back to HealthKit on your device.
  • Activity, streaks, XP and mood records (synced to Firestore).
  • AI coach (MotiveKoç) conversations (synced to Firestore + sent to Gemini for response generation).
  • Profile and social: display name, friends, duels, leaderboard position.
  • Route / GPS data — stored only on your device; never uploaded to the cloud.
  • Subscription status (Apple / RevenueCat).
  • Usage analytics events (Firebase Analytics).
  • Crash and diagnostic data.
  • Local device data (UserDefaults, App Group, route files).

3. How we use your data

Your data powers the core service:

  • Track activity, calculate streaks/XP/levels and surface progress in real time.
  • Generate MotiveKoç responses tailored to your own numbers and goals.
  • Maintain your account, profile, friends and subscription.
  • Detect errors and improve performance and features.
  • Comply with legal obligations.

4. Legal bases (GDPR)

Performance of a contract (Art. 6(1)(b)), legitimate interests (Art. 6(1)(f)), explicit consent for health data (Art. 9(2)(a)) given by granting HealthKit permission, and legal obligations (Art. 6(1)(c)).

5. Who we share data with

Sub-processors act under our instructions — we do not sell personal data:

  • Google Firebase (Firestore, Authentication, App Check, Remote Config) — backend, sync, auth, remote config (email, account ID, activity/streak/XP/mood records, coach chat history).
  • Google Analytics for Firebase — anonymised usage analytics and app performance.
  • Google (Gemini API) — generates MotiveKoç responses (coach messages + minimal activity context like step count, streak, goal).
  • Google Sign-In — authentication provider (Google account ID, name, email).
  • RevenueCat — subscription management (anonymous user ID, purchase/subscription status).
  • Upstash (Redis) — cache layer for metric history and profile summaries (cached under user-scoped namespace).
  • Apple (Sign in with Apple, StoreKit, HealthKit) — auth, App Store subscriptions, on-device health data access.

6. HealthKit and your health data

MotiveX reads health and fitness data from HealthKit (steps, active energy, distance, heart rate, sleep) only for daily progress tracking, XP/badge calculation and recovery scoring. This data is processed on your device wherever possible; only aggregated activity metrics may sync to Firestore. We do not use HealthKit data for advertising, do not sell it, and do not use it for AI model training. MotiveX is not a medical device — its information is for general fitness motivation only.

7. MotiveKoç (AI coach) and your data

When MotiveKoç generates a response, we send your message plus a minimal context summary (today's steps, streak, goal, etc.) to Google's Gemini API. We do not include personally identifying information in the prompt payload. Your data is not used to train AI models. Coach responses are informational only — they do not replace medical, nutritional or training advice from professionals.

8. Location and routes

If you start a walk, MotiveX may use your location to update the Live Activity step ring and route preview. Route (GPS) traces are stored only on your device and are never uploaded to the cloud.

9. Data retention

How long different data lives:

  • HealthKit data: read on-demand from Apple Health; not stored on our servers in raw form.
  • Activity, XP, streak records: kept while your account is active.
  • AI conversations: kept while your account is active for context.
  • Routes: stored locally on your device until you delete them.
  • Analytics and diagnostics: retained per provider defaults.

10. International transfers

Most providers (Google, RevenueCat, Upstash, Apple) process data outside Turkey, including the United States. Transfers rely on appropriate safeguards (Standard Contractual Clauses) and, where required, your explicit consent.

11. Your rights and account deletion

Under GDPR/KVKK you may request access, correction, deletion, restriction, portability, and objection. To exercise them:

  • In-app full deletion: Settings → Data & Privacy / Danger Zone → Reset App → Delete All (account + cloud data).
  • Local data only: Settings → Danger Zone → Reset App → Reset Local.
  • Email: mustafa@mustafaevleksiz.com.

12. Children

The app is not directed to children under 13. We do not knowingly collect their data.

13. Security

We use industry-standard measures — encryption in transit, Firebase App Check, role-based rules. No method is 100% secure; we cannot guarantee absolute security.

14. Changes

We may update this policy; material changes will be notified in-app or by updating this page's date.

15. Contact

Mustafa Evleksiz — mustafa@mustafaevleksiz.com.

Back to project
Mustafa Evleksiz — Product Engineer · Mustafa Evleksiz