TestMaxxer LogoTestMaxxer

Privacy Policy

Last Updated: December 9, 2025

TestMaxxer is committed to protecting your privacy. This policy explains how we collect, use, and safeguard your personal information.

Data Collection Summary

CategoryExamplesPurposeRetention
Account DataEmail, display name, Firebase UIDAuthentication, account managementUntil account deletion
Health DataAge, height, weight, BMI, face photoAI testosterone assessmentFace photos NOT stored; biometrics until deletion
Lifestyle DataSleep, stress, energy, diet, training, supplementsPersonalized recommendationsUntil assessment deletion
Daily LogsSleep quality, energy, stress ratings, notesProgress trackingUntil log deletion
HabitsHabit titles, completion dates, streaksBehavior trackingUntil habit deletion
SubscriptionSubscription status, purchase historyPayment processing, access controlLegal requirement (7 years for transactions)

1. Introduction

TestMaxxer ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use our iOS mobile application ("App"). By using TestMaxxer, you agree to the collection and use of information in accordance with this policy. TestMaxxer is age-restricted to users 18 years and older.

2. Information We Collect

We collect several types of information to provide and improve our services:

2.1 Account Information

  • Email address (required for non-anonymous accounts)
  • Display name (from Apple or Google OAuth providers)
  • Firebase UID (unique technical identifier)
  • Authentication method (Apple Sign-In, Google Sign-In, Email/Password, or Anonymous)

2.2 Health & Biometric Data

  • Age (18-55 range)
  • Height and weight measurements
  • BMI (calculated automatically)
  • Face photograph (captured via camera for AI analysis)
  • Lifestyle factors: resistance training frequency, diet quality, sleep hours, stress level, energy level
  • Supplement usage (user-reported list)

2.3 Daily Tracking Data

  • Sleep quality ratings (0-10 scale)
  • Energy level ratings (0-10 scale)
  • Stress level ratings (0-10 scale)
  • Optional personal notes (free text)

2.4 Habit Tracking Data

  • Custom habits created by you
  • Habit categories (Diet, Workout, Lifestyle, Custom)
  • Completion dates and streak history
  • Reminder times and duration estimates

2.5 AI-Generated Results

  • T-Score (0-100) and percentile rank
  • Category classification (e.g., "Average," "Above Average")
  • AI-generated recommendations for diet, workout, and lifestyle
  • Facial analysis notes based on uploaded photos
  • Testosterone blocker analysis

2.6 Subscription Data

  • Subscription status (active, inactive, unknown)
  • Product ID, price, and billing period
  • Transaction history (via Apple StoreKit)
  • Entitlements (managed via Superwall)

3. How We Use Your Information

We use collected information for the following purposes:

3.1 Core Functionality

  • Provide AI-powered testosterone assessments via Google Gemini API
  • Generate personalized health and lifestyle recommendations
  • Track daily habits and progress over time
  • Manage user accounts and authentication

3.2 Service Improvement

  • Improve AI model accuracy through usage patterns
  • Optimize app performance and user experience
  • Develop new features based on aggregated usage data

3.3 Legal Compliance

  • Comply with applicable laws and regulations
  • Enforce our Terms of Service
  • Protect user safety, security, and rights

4. Third-Party Services & Data Sharing

We share your data with the following third-party services to provide app functionality:

4.1 Google Gemini API (AI Analysis)

We transmit your face photograph (base64-encoded JPEG, optimized to maximum 768x768 pixels), age, height, weight, BMI, and lifestyle data (resistance training frequency, diet quality, sleep hours, stress level, energy level, supplements) to Google Gemini API (ai.google.dev) for AI-powered testosterone assessment and facial feature analysis. IMPORTANT: Face photographs are NOT stored in our database; they are only transmitted to Google for analysis, then immediately deleted from our systems. Google may temporarily store images for up to 48 hours as part of API processing for abuse prevention and service improvement, after which they are automatically deleted. AI-generated text analysis results (observations about facial features) are stored in our Firebase Firestore database. Google Privacy Policy: https://policies.google.com/privacy | Google AI Terms: https://ai.google.dev/terms

4.2 Firebase (Google Cloud)

We use Firebase Authentication for user sign-in and Firebase Firestore for data storage. All user data except face images is stored in Firestore. Firebase Analytics is DISABLED. Data may be stored in Google Cloud data centers. Google Cloud Privacy: https://cloud.google.com/privacy

4.3 Superwall (Subscription Management)

We share subscription status and paywall interaction data with Superwall to manage in-app purchases and paywall presentation. Superwall Privacy Policy: https://superwall.com/privacy

4.4 Apple (StoreKit & Sign-In)

We use Apple StoreKit for in-app purchase processing and Apple Sign-In for authentication. Apple processes payment transactions securely. Apple Privacy: https://www.apple.com/privacy/

4.5 Google Sign-In SDK

We use Google Sign-In SDK for OAuth authentication. Google manages authentication credentials. Google Privacy: https://policies.google.com/privacy

5. Data Security

We implement industry-standard security measures to protect your data:

5.1 Security Measures

  • End-to-end encryption for data in transit (HTTPS/TLS)
  • Firebase security rules enforce user-level data isolation
  • Face images are NOT stored (privacy by design)
  • OAuth 2.0 for secure authentication
  • Regular security audits and updates

5.2 Data Isolation

Each user's data is stored in separate Firestore collections with strict access controls. Users can only access their own data via Firebase security rules.

6. Data Retention

We retain your data according to the following policies:

6.1 Active Accounts

  • Assessment history: Retained until you delete individual assessments or your account
  • Daily logs: Retained until you delete individual logs or your account
  • Habits: Retained until you delete individual habits or your account

6.2 Account Deletion

To request account deletion, email privacy@testmaxxer.app with subject "Account Deletion Request." We will delete all your data within 30 days of your request. Note: Transaction records may be retained for legal compliance (up to 7 years).

6.3 Backup Retention

Firebase backups may retain deleted data for up to 30 days after deletion for disaster recovery purposes.

7. Your Privacy Rights

You have the following rights regarding your personal data:

7.1 All Users

  • Access: Request a copy of your data by emailing privacy@testmaxxer.app
  • Correction: Update profile information within the app
  • Deletion: Delete individual assessments, logs, and habits in-app
  • Account Deletion: Email privacy@testmaxxer.app to request full account and data deletion

7.2 GDPR Rights (EU/EEA Users)

  • Right to Access (Article 15): Request all personal data we hold about you
  • Right to Rectification (Article 16): Correct inaccurate data
  • Right to Erasure (Article 17): Request deletion of your account and all data
  • Right to Data Portability (Article 20): Request data export in machine-readable format (email privacy@testmaxxer.app)
  • Right to Restrict Processing (Article 18): Limit how we use your data
  • Right to Object (Article 21): Object to certain data processing activities
  • Right to Withdraw Consent (Article 7): Revoke consent at any time
  • To exercise GDPR rights, email privacy@testmaxxer.app with subject "GDPR Request"

7.3 CCPA Rights (California Residents)

  • Right to Know: Request disclosure of categories and specific pieces of personal information collected
  • Right to Delete: Request deletion of personal information
  • Right to Opt-Out of Sale: We do NOT sell personal information
  • Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights
  • To exercise CCPA rights, email privacy@testmaxxer.app with subject "CCPA Request"

8. Children's Privacy

TestMaxxer is age-restricted to users 18 years and older. We do not knowingly collect personal information from individuals under 18. If we discover that a user is under 18, we will immediately delete their account and all associated data. If you believe we have inadvertently collected data from someone under 18, please contact us at privacy@testmaxxer.app.

9. International Data Transfers

Your data may be transferred to and processed in the United States and other countries where our service providers operate. We rely on Google Cloud's Standard Contractual Clauses (SCCs) and other legal mechanisms to ensure GDPR-compliant international data transfers. Google Gemini API may process face images in Google data centers globally.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or in-app notification. Continued use of the app after changes constitutes acceptance of the updated policy. You can view the policy version history by emailing privacy@testmaxxer.app.

11. Educational Disclaimer

TestMaxxer provides educational assessments based on AI analysis. Our results are estimates and NOT medical diagnoses. You must consult qualified healthcare providers for medical advice, diagnosis, or treatment. We are not liable for any health decisions you make based on app results. By using TestMaxxer, you acknowledge that you have read and understood this disclaimer.

12. Facial Data Collection, Use, and Retention (Important)

This section provides complete details about how TestMaxxer collects, uses, stores, shares, and retains facial photographs and facial analysis data.

12.1 What Facial Data We Collect

  • Facial photograph: A single front-facing photograph of your face captured using your device camera
  • Facial analysis results: AI-generated observations about facial characteristics that may correlate with testosterone levels (e.g., facial structure, skin quality, jawline definition)
  • Image metadata: Image dimensions (optimized to maximum 768x768 pixels), JPEG compression quality
  • NO biometric identifiers: We do NOT collect, store, or use facial recognition data, facial templates, or biometric identifiers for identity verification

12.2 How We Collect Facial Data

You capture a facial photograph using your device's front-facing camera within the TestMaxxer app. The photo is taken only after you grant camera permission and provide explicit consent on the consent screen. Camera access is requested via iOS permission prompt. You must affirmatively check consent boxes before the photo is transmitted for analysis.

12.3 Complete Explanation of Facial Data Usage

  • PRIMARY PURPOSE: Your facial photograph is transmitted to Google Gemini AI API for testosterone level estimation based on facial features
  • ANALYSIS PROCESS: Google Gemini analyzes facial characteristics including bone structure, skin quality, facial fat distribution, and jawline definition to estimate testosterone levels
  • RESULT GENERATION: The AI generates a T-Score (0-100), percentile rank, category classification, and personalized recommendations
  • EDUCATIONAL USE ONLY: Results are estimates for educational purposes and are NOT medical diagnoses
  • NO IDENTITY VERIFICATION: Facial data is NEVER used for identity verification, authentication, facial recognition, or tracking
  • NO ADVERTISING: Facial data is NEVER used for advertising, marketing, or profiling
  • CONSENT REQUIRED: All facial data processing requires your explicit consent via in-app consent checkboxes

12.4 Facial Data Sharing with Third Parties

  • GOOGLE GEMINI API (PRIMARY PROCESSOR): Your facial photograph (base64-encoded JPEG, optimized to 768x768 pixels) is transmitted to Google Gemini API (ai.google.dev) for AI-powered facial analysis
  • DATA TRANSMITTED TO GOOGLE: Facial photograph + age + height + weight + BMI + lifestyle factors (training, diet, sleep, stress, energy) + supplements
  • GOOGLE'S PRIVACY POLICY: https://policies.google.com/privacy
  • GOOGLE AI TERMS: https://ai.google.dev/terms
  • NO OTHER SHARING: Facial photographs are NOT shared with any other third parties, advertisers, data brokers, or partners
  • FIREBASE/FIRESTORE: Facial photographs are NOT stored in Firebase Firestore (only AI-generated text analysis results are stored)

12.5 Where Facial Data is Stored

  • TESTMAXXER STORAGE: Facial photographs are NOT stored in TestMaxxer's database (Firebase Firestore). Only the AI-generated text analysis results (facial feature observations) are stored.
  • DEVICE STORAGE: Facial photographs are temporarily held in device memory during camera capture and transmission, then immediately deleted after successful API transmission
  • GOOGLE STORAGE: Google may temporarily cache or store facial photographs as part of API processing. According to Google AI terms (https://ai.google.dev/terms), Google may retain data for up to 48 hours for abuse prevention and service improvement, then deletes it.
  • DATA LOCATION: Google processes data in Google Cloud data centers globally, which may include United States, Europe, and Asia-Pacific regions
  • NO PERMANENT STORAGE: TestMaxxer does NOT maintain any permanent storage of facial photographs

12.6 Facial Data Retention Period

  • TESTMAXXER RETENTION: Facial photographs are retained for 0 seconds (deleted immediately after transmission to Google Gemini API)
  • GOOGLE RETENTION: According to Google AI API terms (https://ai.google.dev/terms), Google may retain facial photographs for up to 48 hours for abuse prevention, service quality, and improvement purposes, after which they are automatically deleted
  • ANALYSIS RESULTS RETENTION: AI-generated text analysis results (observations about facial features) are stored in Firebase Firestore until you delete your assessment or account
  • ACCOUNT DELETION: When you delete your account, all AI-generated analysis results are permanently deleted within 30 days
  • NO LONG-TERM RETENTION: Neither TestMaxxer nor Google retains facial photographs for longer than 48 hours

12.7 Privacy Policy Sections Covering Facial Data

Facial data collection, use, disclosure, sharing, and retention are explained in the following privacy policy sections: Section 2.2 (Health & Biometric Data - face photograph collection), Section 3.1 (Core Functionality - AI-powered analysis), Section 4.1 (Google Gemini API sharing), Section 5.1 (Security Measures - face images not stored), Section 6 (Data Retention), Section 12 (This section - comprehensive facial data handling), Section 13 (Health Data & Consent - legal basis for processing)

12.8 User Control and Consent

  • EXPLICIT CONSENT REQUIRED: You must affirmatively check consent boxes on the ConsentView screen before any facial data is collected or transmitted
  • CAMERA PERMISSION: iOS camera permission must be granted before photo capture
  • WITHDRAWAL OF CONSENT: You can withdraw consent at any time by deleting your account (email privacy@testmaxxer.app)
  • NO AUTOMATED DECISIONS: Facial analysis does not result in automated decisions with legal or similarly significant effects
  • RIGHT TO DELETE: You can request deletion of all AI-generated analysis results by deleting individual assessments in-app or requesting account deletion

Questions or Concerns?

We're here to help with any privacy-related questions. Contact us at:

privacy@testmaxxer.app

We aim to respond to all privacy inquiries within 30 days.