Fasting Works

Privacy Policy

Last Updated: January 2, 2026

1. Introduction

Tab0, Inc. ("Company," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the Fasting Works mobile application, website, and related services (collectively, the "Services").

By using our Services, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with this Privacy Policy, please do not use our Services.

2. Information We Collect

2.1 Essential Information (Required for Service)

The following information is essential to provide the core functionality of our Services:

  • Account Information: Email address for account creation and authentication
  • Fasting Data: Fasting session start/end times and patterns (stored locally on your device)

2.2 Optional Information (Collected with Your Consent)

The following information is optional and collected only with your separate consent:

  • Nutrition Data: Food entries, calorie intake, macronutrient information, and meal photos
  • Profile Information: Name, profile picture, and personal preferences
  • User Preferences: App settings, notification preferences, and language settings

2.3 Health Data from Apple HealthKit (Requires Explicit Permission)

With your explicit permission granted through Apple's Health app, we may access the following specific HealthKit data types:

  • Active Energy Burned: For calculating net caloric balance
  • Dietary Energy: For calculating net caloric balance
  • Water: For displaying daily hydration levels
  • Body Mass (Weight): For tracking weight trends

Important: We only access HealthKit data with your explicit consent granted through Apple's Health app permissions. You can revoke this access at any time through your device's Health app settings.

2.4 Automatically Collected Information

  • Device Information: Device type, operating system version, unique device identifiers
  • Usage Data: App usage patterns, features accessed, session duration
  • Log Data: Error logs, crash reports, and performance data
  • General Location: Country or region (we do not collect precise GPS location)

3. How We Use Your Information

We use the collected information for the following purposes:

  • Service Provision: To provide, operate, and maintain the Services
  • Personalization: To personalize your experience and provide tailored insights
  • AI Analysis: To power AI-based nutrition analysis and recommendations
  • Service Improvement: To analyze usage patterns and improve the Services
  • Communication: To send service-related notifications and respond to inquiries
  • Security: To detect, prevent, and address technical issues and security threats
  • Legal Compliance: To comply with legal obligations and enforce our terms

4. AI-Powered Features and Cloud Processing

Our Services include AI-powered features for nutrition analysis and recommendations.

How AI Processes Your Data

When you use AI features, your nutrition and health data is transmitted to and processed by third-party cloud AI service providers (including but not limited to large language model providers based in the United States). This processing happens in real-time to generate personalized insights and recommendations.

Cross-Border Data Transfer: When you use AI features, your data may be transferred to servers located outside your country of residence, including to the United States. For users in the Republic of Korea, this constitutes a cross-border transfer of personal information under PIPA, and by using AI features, you explicitly consent to this transfer.

You acknowledge and understand that:

  • Your nutrition and health data may be processed by AI systems in the cloud to generate insights
  • We use third-party AI service providers located in the United States to power certain features
  • Data sent to AI providers is anonymized and de-identified where technically possible
  • AI-generated responses are for informational purposes only and should not be considered medical or professional nutritional advice
  • We may retain conversation history with AI features for up to 30 days for quality assurance, after which only anonymized conversation summaries are retained

5. Data Storage and Security

5.1 Where We Store Your Data

  • Local Storage: Most of your health and fasting data is stored locally on your device by default
  • Cloud Storage: Account information and synced data may be stored on secure cloud servers
  • Data Location: Our servers are primarily located in the United States and may also be in other countries

5.2 Security Measures

We implement appropriate technical and organizational security measures to protect your information, including:

  • Encryption of data in transit and at rest
  • Secure authentication mechanisms
  • Regular security assessments and updates
  • Access controls limiting data access to authorized personnel

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee its absolute security.

5.3 Data Breach Notification

In the event of a data breach that compromises your personal information, we will:

  • Notify affected users within 72 hours of becoming aware of the breach, as required by GDPR and Korean PIPA
  • Notify relevant regulatory authorities (including the Korean Personal Information Protection Commission for Korean users) as required by applicable law
  • Provide information about the nature of the breach, the data affected, and steps being taken to mitigate harm
  • Take immediate action to contain and remediate the security incident

6. Information Sharing

We do not sell your personal information. We do not sell, rent, or trade your personal information to third parties, and we do not transfer your data to third parties for their own marketing or advertising purposes. We may share your information only in the following limited circumstances:

  • Service Providers: With trusted third-party service providers who assist in operating our Services (cloud hosting, AI providers, analytics)
  • Legal Requirements: When required by law, court order, or governmental regulation
  • Business Transfers: In connection with a merger, acquisition, or sale of assets
  • With Your Consent: When you have given explicit consent to share specific information

Our Third-Party Service Providers

We work with the following categories of service providers:

  • Cloud infrastructure and hosting services
  • AI and machine learning service providers
  • Analytics and crash reporting services
  • Payment processors (for subscription services)

7. Apple HealthKit Data Policy

In compliance with Apple's requirements, we adhere to the following policies regarding HealthKit data:

  • We will NOT use HealthKit data for advertising or marketing purposes
  • We will NOT sell HealthKit data to third parties, including advertising platforms and data brokers
  • We will NOT share HealthKit data with third parties for their marketing or advertising purposes
  • HealthKit data is used solely to provide the core functionality of our Services

8. Your Rights and Choices

Depending on your location, you may have the following rights regarding your personal information:

  • Access: Request a copy of the personal information we hold about you
  • Correction: Request correction of inaccurate or incomplete information
  • Deletion: Request deletion of your personal information
  • Portability: Request transfer of your data in a portable format
  • Opt-Out: Opt out of certain data processing activities
  • Withdraw Consent: Withdraw previously given consent at any time

To exercise these rights, please contact us at taeho@tab0.ai.

9. Data Retention

We retain your personal information for as long as necessary to provide the Services and fulfill the purposes described in this Privacy Policy. Specifically:

  • Account Data: Retained while your account is active and for a reasonable period after deletion request (up to 90 days)
  • Health Data: Retained according to your preferences and deleted upon request
  • Usage Data: Typically retained for up to 24 months for analytics purposes
  • Legal Requirements: Some data may be retained longer if required by law

10. Children's Privacy

Our Services are not intended for children under the age of 18. We do not knowingly collect personal information from children under 18. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately at taeho@tab0.ai, and we will take steps to delete such information.

11. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence, including the United States. These countries may have data protection laws that are different from the laws of your country.

When we transfer your information internationally, we implement appropriate safeguards to ensure your information receives adequate protection, including standard contractual clauses where applicable.

12. California Privacy Rights (CCPA)

If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA):

  • Right to Know: You can request information about the categories and specific pieces of personal information we have collected
  • Right to Delete: You can request deletion of your personal information
  • Right to Opt-Out: You can opt out of the sale of personal information (note: we do not sell personal information)
  • Non-Discrimination: We will not discriminate against you for exercising your CCPA rights

To exercise these rights, please contact us at taeho@tab0.ai.

13. European Privacy Rights (GDPR)

If you are a resident of the European Economic Area (EEA), United Kingdom, or Switzerland, you have certain rights under the General Data Protection Regulation (GDPR):

  • Right to access your personal data
  • Right to rectification of inaccurate data
  • Right to erasure ("right to be forgotten")
  • Right to restriction of processing
  • Right to data portability
  • Right to object to processing
  • Rights related to automated decision-making and profiling

Our legal bases for processing your information include: your consent, performance of a contract, our legitimate interests, and compliance with legal obligations.

You also have the right to lodge a complaint with your local data protection authority.

14. Korean Privacy Rights (PIPA)

If you are a resident of the Republic of Korea, you have rights under the Personal Information Protection Act (PIPA):

  • Right to be informed about the processing of your personal information
  • Right to consent or refuse consent to the processing of personal information
  • Right to access and request copies of your personal information
  • Right to request correction, deletion, and suspension of processing
  • Right to receive compensation for damages caused by data breaches

To exercise these rights, please contact us at taeho@tab0.ai.

15. Do Not Track

Our Services do not currently respond to "Do Not Track" (DNT) signals. However, you can usually set your browser to remove or reject cookies, or you can adjust your device settings to limit tracking.

16. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. For significant changes, we may also provide additional notice (such as in-app notifications).

Your continued use of the Services after any changes to this Privacy Policy constitutes your acceptance of the updated policy.

17. Contact Us

If you have any questions about this Privacy Policy, or if you wish to exercise your privacy rights, please contact us at:

Tab0, Inc.
Email: taeho@tab0.ai

For data protection inquiries in the European Union, you may also contact your local data protection authority.