Legal

Privacy Policy

Last updated: 2026-06-26

This Privacy Policy explains what data BurnWeek collects, why, who we share it with, and the choices you have. It covers both the BurnWeek mobile/web app and the BurnWeek app for ChatGPT (an OpenAI Apps SDK / MCP integration hosted at mcp.burnweek.fit).

BurnWeek is an AI calorie tracker. You tell us what you ate in plain language; BurnWeek estimates the calories and protein as honest ranges (never false precision) and keeps a running daily and 7-day total. That food log is the only substantive data BurnWeek holds about you.

Who we are

BurnWeek is operated by Fit Labs OÜ ("BurnWeek", "we", "us"). You can reach us at support@maxfit.ee. Mailing address: Harju maakond, Tallinn, Mustamäe linnaosa, Pöörise tn 7-51, 13520, Estonia.

What we collect

We collect only what is needed to log your meals and show your totals. We practice data minimization: tool responses returned to ChatGPT contain only your food data and totals, not internal IDs, debug payloads, or session metadata.

CategoryExamplesSource
Account identity A stable account identifier (your WorkOS sub), your email address, and display name. Your identity provider (WorkOS AuthKit) when you sign in with Apple, Google, or an emailed one-time code.
Food & meal logs The text you write describing what you ate or drank, the AI-estimated calorie and protein ranges, portion weights you adjust, and the timestamp/date of each entry. You, via the app or ChatGPT.
Daily/weekly totals Aggregated calorie/protein totals, your daily calorie target, and 7-day sliding-window figures derived from your logs. Computed by BurnWeek from your logs.
Account linking codes A short-lived one-time code you generate in the app to link your existing app data to ChatGPT. You, when you choose to link.
Basic operational logs Standard server logs needed to run and secure the service (e.g. request timing, error traces). These are not used to profile you. Automatic.

What we do NOT collect

To keep BurnWeek safe for general audiences and compliant with OpenAI's app policies, we deliberately do not collect:

How we use your data

We do not sell your data, and we do not use your food logs to train third-party models or for advertising.

How estimation works (and what leaves BurnWeek)

When you log a meal, the text you wrote is sent to an AI estimation provider (currently OpenAI's API) so BurnWeek can produce a calorie/protein estimate. We send the food description; we do not send your identity to the estimation provider for this purpose beyond what is required to make the request. The estimate returned is stored against your account.

Separately, when you use BurnWeek inside ChatGPT, your prompts and the app's responses are processed by OpenAI / ChatGPT as the platform you are using, subject to OpenAI's own privacy policy.

Who we share data with (sub-processors)

We share data only with infrastructure providers that help us run BurnWeek, each acting on our instructions:

ProviderPurposeData involved
OpenAI (ChatGPT) The platform you interact with when using the BurnWeek ChatGPT app. Your prompts and the app's responses (your food data and totals).
OpenAI (API) AI calorie/protein estimation. The meal descriptions you log.
WorkOS (AuthKit) Identity / sign-in (Apple, Google, email one-time code) and OAuth. Your email and account identifier.
Amazon Web Services (AWS) Hosting, database (DynamoDB), and storage in the United States. All stored account and food-log data.

We may also disclose data if required by law, or to protect the rights, safety, and security of our users and service.

Where data is stored

Data is stored on AWS infrastructure in the United States. If you access BurnWeek from outside the US, you consent to processing in the US.

How long we keep it

When you delete your account, we delete your food logs and account record (see below), except where we must retain limited records to comply with law.

Your choices and rights

To exercise any of these, contact support@maxfit.ee. We respond within a reasonable time and in line with applicable law.

Children

BurnWeek is not directed to children under 13 and we do not knowingly collect data from anyone under 13. The BurnWeek ChatGPT app is designed to be suitable for users aged 13 and up: no ads, no medical advice, no profiling, and no collection of sensitive categories. If you believe a child under 13 has provided us data, contact us and we will delete it.

Security

We use industry-standard measures: encrypted transport (HTTPS/TLS), token-based authentication via WorkOS, per-user data isolation, and least-privilege access to our database. No system is perfectly secure, but we work to protect your data.

Changes to this policy

We may update this policy as BurnWeek evolves. We will update the "Last updated" date and, for material changes, provide a more prominent notice.

Contact

Questions or requests: support@maxfit.ee · Fit Labs OÜ, Harju maakond, Tallinn, Mustamäe linnaosa, Pöörise tn 7-51, 13520, Estonia.