We sell an app, not your attention. Everything we collect is in service of one thing — helping you finish the challenge you started — and we wrote this policy to make that boundary easy to police.
Who we are.
"LifeShift 360," "we," "us," and "our" refer to LifeShift 360, Inc., a Delaware corporation operating the LifeShift 360 mobile application, the website at lifeshift360.com, and the AI coaching service known as Coach Iron (collectively, the "Service").
This Privacy Policy explains what information we collect from you when you use the Service, what we do with it, who we share it with, and the rights you have over it. It applies to everyone using the Service — Free, PRO, and PRO Couple subscribers — regardless of where you live.
For questions, takedowns, or formal data requests, contact our Data Protection Lead at contact@lifeshift360.com. We respond within 30 days, usually faster.
What we collect.
We collect three categories of information: what you give us directly, what your device and the app report, and what our partners hand back to us. The table below is the whole picture — if it isn't here, we don't collect it.
| Category | Examples | Why we have it |
|---|---|---|
| Account | Email, password hash, display name, profile photo, date of birth | Sign-in, age verification, and basic account recovery. |
| Profile & goals | Height, weight, sex, activity level, dietary preferences, goals quiz answers | Personalize challenges and Coach Iron's recommendations. |
| Challenge data | Active challenges, check-ins, streaks, photos you log, notes | Make the product work. Nothing leaves your account unless you opt to share. |
| Health & fitness | Apple Health metrics you choose to sync, workouts, steps, sleep, heart rate | Coach Iron uses these to tailor plans. See §06 for the strict rules around this data. |
| Finance | Categorized transactions, budgets, SMS expense parses (on-device first) | Power the finance dashboard. Parsing happens locally on your phone; only categorized summaries hit our servers. |
| Coach Iron transcripts | Your messages to Iron, voice clips (when you grant mic access), Iron's responses | Run the AI session and let you scroll back. See §04 for AI-specific rules. |
| Device & usage | iOS version, device model, anonymized IP, app screens visited, crash logs | Reliability, debugging, and product analytics. Aggregated and de-identified within 30 days. |
| Billing | Apple receipt token, plan, renewal date | Manage subscriptions. We never see your card details — Apple handles that. |
What we don't collect
- Your precise location (we don't ask for it, and the app doesn't request the permission).
- Your contacts or address book.
- The contents of messages outside the app.
- Bank credentials. The SMS expense parser reads transaction notifications on-device; raw SMS never leaves your phone.
- Advertising identifiers. We don't run ads, full stop.
How we use it.
Every piece of data we hold maps to one of the legal bases below. If we ever want to use your data for a purpose not listed here, we'll ask you first.
- Performance of contract. Operating the Service you paid for — Coach Iron sessions, challenge tracking, the Couple Plan, in-app reminders.
- Legitimate interest. Crash reporting, fraud prevention, abuse detection, and product improvement. We pseudonymize this data before anyone on the team queries it.
- Consent. Anything sensitive — Apple Health sync, voice recording, marketing email, push notifications. You can revoke at any time in Settings → Privacy.
- Legal obligation. Tax records, lawful subpoenas, and child-safety reporting.
We do not sell personal information, share it with data brokers, or use it to train third-party advertising models. If California, Colorado, or any other regulator considers Coach Iron-related transfers to model providers a "sale" or "share," see §07 — you can disable AI features and we'll delete prior transcripts.
Coach Iron & the model.
Coach Iron is powered by a combination of our own fine-tuned models and large language models operated by trusted providers (currently Anthropic and OpenAI, listed in §07). Here's how that interaction is structured:
- Each Iron session sends a short, redacted context window — your active goals, recent check-ins, and the message you typed. We strip name, email, and any free-text you've marked sensitive before the request leaves our servers.
- Model providers process the request without retention under enterprise zero-retention agreements. They cannot use your data to train their public models.
- Voice clips are transcribed on-device when possible. If we fall back to a server transcription, the audio file is deleted within 24 hours of transcription.
- You can purge your Coach Iron history at any time in Settings → Coach Iron → Delete history. This is irreversible and removes the data from our servers within 7 days.
Coach Iron is a wellness coach, not a doctor. It does not diagnose, treat, or prescribe. If a conversation drifts into clinical territory, Iron is trained to refer you to a licensed professional. We log that referral pattern internally to keep refining the rule.
Shared data, two people.
When you join a Couple Plan via the 8-character invite code, you and your partner each retain a separate account. We create a third "shared workspace" that holds the data you both explicitly opt to merge.
- Always private: Coach Iron transcripts, journal entries, mood ratings, body composition photos, sleep metrics.
- Shared by default: The challenges you accepted as a couple, finance dashboard (joint accounts only), shared meal plans, couple streaks.
- Opt-in only: Individual workout logs, individual nutrition, mindfulness streaks.
If your relationship ends, either partner can dissolve the shared workspace from Settings → Couple Hub → End plan. Each partner walks away with a clean export of the data attributable to them. The shared workspace is purged within 30 days.
Health & sensitive data.
Health and biometric data are held to a higher standard than the rest of the categories in §02:
- Stored encrypted at rest (AES-256) and segmented from your account row, addressable only via a per-user key derived in our HSM.
- Never used for marketing, product analytics, or any form of cohort export. Only Coach Iron, the workout planner, and the meal planner touch it, and only on your active session.
- Not sold or shared. Not visible to LifeShift 360 staff except where you grant a support agent temporary access during a support ticket (and we log every grant).
You can revoke Apple Health access in iOS Settings at any time. We treat the revocation as a deletion event and purge synced metrics within 30 days.
Who we share with.
The Service runs on a small list of vetted subprocessors, each governed by a Data Processing Agreement that mirrors this policy. The current list:
The live subprocessor registry, complete with sub-region details and certifications, is published at lifeshift360.com/subprocessors and is updated within 14 days of any change.
Cookies & analytics.
The marketing site (lifeshift360.com) uses two first-party cookies — a session cookie and a CSRF cookie — both strictly necessary. We do not use Google Analytics, Meta Pixel, or any third-party cookies on the site.
Inside the app, we use a first-party event stream (powered by our own backend) to measure features. Events are pseudonymized at the boundary; the original user ID never reaches the analytics warehouse. You can opt out in Settings → Privacy → Product analytics.
Your rights.
Regardless of where you live, you have the following rights over your data:
- Access. Download a structured export of everything we hold — including Coach Iron transcripts — from Settings → Data → Export.
- Correct. Fix anything inaccurate. Most fields are editable in-app; for the rest, email contact@lifeshift360.com.
- Delete. Wipe your account and all associated data with one tap in Settings → Account → Delete. Backups expire within 30 days.
- Object & restrict. Tell us to stop a specific processing activity (e.g., crash reporting).
- Portability. Your export is JSON + CSV, schema-documented.
- Complain. Lodge a complaint with your local DPA (in the EU/UK) or your state Attorney General. We'd rather you wrote to us first — but you don't have to.
Children & teens.
The Service is not intended for users under 16. We do not knowingly collect personal information from anyone under 16. If you believe a child has provided us with personal information, please contact us and we will delete the account.
For users between 16 and 18, we apply tighter defaults: Couple Plan, finance features, and body-composition photos are disabled until age verification on the 18th birthday.
How we protect it.
We treat security as a product feature, not a compliance line item.
- TLS 1.3 in transit, AES-256 at rest, and per-user encryption keys for health and finance categories.
- SOC 2 Type II audited annually (report available under NDA).
- Hardware-backed admin authentication. No backdoor accounts.
- Quarterly third-party penetration tests and a public security disclosure program at security@lifeshift360.com.
- Breach notification within 72 hours of confirmed unauthorized access, regardless of jurisdictional requirements.
Changes & contact.
We update this policy when our practices change. Material changes — anything that broadens the scope of collection, sharing, or retention — are announced 30 days in advance via in-app notice and email. Stylistic or clarifying edits are published immediately, with the revision number bumped on the masthead.
The current and prior versions are diffable on our public changelog.
Get in touch: contact@lifeshift360.com for data requests, legal notices, and everything else.