ByteFit ByteFit
RU Open bot

Privacy Policy

Last updated: June 7, 2026

This document explains, in plain language, what data Individual Entrepreneur Albert Akhmadiev (the "Operator", "we") processes when you use the ByteFit service: the Telegram bot, the Telegram Mini App, the iOS app, and the bytefit.ru website. We explain why we need this data, where it is stored, who receives it and how much of it, how to delete your account, and what rights you have.

The Operator is an individual entrepreneur (a natural person) and acts as the personal-data operator (and, where EU/EEA or UK data-protection law applies, as the data controller). This Policy has been prepared in accordance with Federal Law No. 152-FZ "On Personal Data", the data-localization requirement (242-FZ), other laws of the Russian Federation, and, where applicable, the EU General Data Protection Regulation (GDPR) and the UK GDPR. The most important thing to know up front: we do not sell your data and we do not use it for third-party ad targeting. By using the service, you agree to the terms of this Policy.

1. The personal-data operator

The operator that determines the purposes and the scope of the processed data is:

Operator

Individual Entrepreneur Albert Akhmadiev

Status

Individual entrepreneur (a natural person)

INN (tax ID)

165037062701

OGRNIP

323169000268140

Registration date

December 7, 2023

Location

Kazan, Republic of Tatarstan, Russia

Brand

ByteFit

Contact e-mail

bytefit.ai@gmail.com

Support hours

Mon-Fri, 10:00-19:00 (MSK)

For any questions about personal-data processing, and to exercise your rights, write to bytefit.ai@gmail.com. This is the main channel for such requests. We also accept and review requests received through our other official channels (in-bot support and the Support page).

The Operator processes personal data in accordance with Federal Law No. 152-FZ "On Personal Data" and takes the measures required by law, including those relating to notifying Roskomnadzor about the processing of personal data and about the cross-border transfer described in Section 5.

2. What data we process

We collect only the data needed to run the service and to comply with the law. The exact set of data depends on which channel you use (the bot and Mini App, the iOS app, or the website).

2.1. Data you provide yourself

  • Profile details: height, weight, age, activity level, nutrition goal, interface language.
  • Personalized targets: the calorie and macro goals calculated for you.
  • Food diary: meal entries and their nutritional value computed by AI; generated meal plans, saved recipes, and weekly recaps.
  • E-mail and/or phone for sending the fiscal receipt and for support contact.
  • Support requests: the text of your message and a contact for our reply.

2.2. Data collected automatically

  • Technical and log data: IP address, request time, error logs.
  • Feature-usage counters (for example, how many messages you sent to the AI coach in a day).

2.3. Data from integrations

  • Telegram: your user id, username, and first name.
  • Subscription and payment status: plan, status, dates, masked card number, transaction ids.

2.4. Website data

  • Anonymized analytics and cookies (the site shows a consent banner, see Section 11).

The service is not intended to collect health data or other special categories of personal data. We do not request and do not intentionally collect information about your health (diagnoses, test results, and the like), nor data about race, political views, or biometrics. Please do not enter such information into the service. Height, weight, age, and nutrition goal are used solely as parameters for calculating calorie and macro targets, not as medical data.

3. What we do NOT keep

We deliberately limit the storage of sensitive content. The following are not stored on our servers:

  • Food photos. A photo is processed to recognize the dish and estimate its calories, and is then discarded and not kept by us.
  • Voice recordings. Your voice is processed to convert it to text and estimate nutrition, and is then discarded.
  • AI-coach conversation text. The content of your messages to the coach is not stored. We keep only a usage counter (how many messages were sent in a day).

Only the result stays in your diary, for example the dish name and the calculated calorie and macro values that you see in your history.

4. Purposes and legal bases for processing

We process data only for specific, clear purposes:

Purpose What is needed for it Legal basis
Providing the service (profile, diary, targets, plans, and recipes) Profile details, diary entries, Telegram id Performance of the contract (offer) with you (GDPR Art. 6(1)(b))
AI food analysis and AI-coach answers The request content (photo/text/voice) and the necessary profile context Performance of the contract; separate consent for cross-border transfer (see Section 5) (GDPR Art. 6(1)(b) and Art. 6(1)(a))
Service notifications and reminders (for example, about subscription renewal and the end of the trial period) Telegram id, contact details Consent; performance of the contract (GDPR Art. 6(1)(a) and Art. 6(1)(b))
Security and protection against abuse and fraud Technical and log data (IP, time, errors) The Operator's legitimate interest; legal requirements (GDPR Art. 6(1)(f) and Art. 6(1)(c))
Accounting and fiscal receipts (54-FZ) E-mail/phone, payment amount and parameters Compliance with a legal obligation (GDPR Art. 6(1)(c))

Where the legal basis is consent, you can withdraw it at any time (see Section 10). Withdrawing consent does not affect processing that is necessary to perform the contract or that is required by law, and it does not affect the lawfulness of processing carried out before the withdrawal.

5. AI processing and cross-border transfer

To recognize your food and answer your nutrition questions, part of your data is sent to a third-party AI provider, OpenAI, whose servers are located outside the Russian Federation (in particular, in the USA). This is a cross-border transfer of data to a foreign country that may not provide an equivalent level of personal-data protection.

Only what is needed to produce an answer is sent to the AI provider:

  • the food content: the dish description, the text of the request, the voice transcript, and the AI-coach prompt;
  • the necessary profile and nutrition context, without which the feature could not give a meaningful answer.

We do not send direct personal identifiers to the AI provider, such as your name, e-mail, phone, or Telegram id. Only the food content and the minimum necessary context are sent, so the AI provider cannot directly identify you. Voice may be transcribed locally or by a third-party speech-to-text service.

5.1. Separate consent for cross-border transfer (Art. 12 of 152-FZ)

In accordance with Article 12 of Federal Law No. 152-FZ, the cross-border transfer of data to such a country is carried out on the basis of your separate, informed consent. By using the AI features, you give a separate consent to this transfer. You can withdraw this consent at any time (see Section 10), and it covers:

  • recipient: OpenAI (the AI-processing provider);
  • country: the USA (outside the Russian Federation);
  • purpose: food recognition and AI-coach answers to nutrition questions;
  • data categories: food content and the minimum necessary nutrition context (without your name, e-mail, phone, or Telegram id).

The cross-border transfer is carried out in compliance with Article 12 of 152-FZ, including the Operator's duty to notify Roskomnadzor about the cross-border transfer of personal data. If you do not give this consent, the features that require AI processing stay unavailable, while the rest of the service keeps working. You can withdraw your consent at any time (see Section 10); once withdrawn, the transfer stops.

5.2. International transfers and GDPR safeguards

If you are in the EU, the EEA, or the UK, this transfer to the USA is an international transfer under the GDPR and the UK GDPR. We rely on your explicit consent for it and, where applicable, on appropriate safeguards such as Standard Contractual Clauses or equivalent contractual measures, to the extent these are in place with the relevant provider. You can ask us for more information about these safeguards by writing to bytefit.ai@gmail.com.

6. Payment data

Purchases are made inside the Telegram bot. Payments in rubles are accepted through T-Bank internet acquiring (JSC "TBank"). Card payment happens on the bank's secure payment page: you enter your card details there, not with us.

  • The Operator never receives or stores your full card number or CVV.
  • For display only, we store the masked card number and the card brand, plus transaction ids and a token for recurring charges (RebillId).
  • Payment notifications reach our server through a cryptographically signed request (verified with SHA-256); forged callbacks are rejected.

Purchases in the iOS app are handled by the App Store (Apple) under Apple's rules; Telegram Stars payments go through Telegram. In these cases, the payment data is processed by the relevant platform.

7. Who we share data with

We use trusted service providers (processors) strictly to the extent needed to run the service. We do not sell personal data and we do not pass it to ad brokers for targeting.

Recipient Why What is shared
JSC "TBank" Payment processing and fiscal receipts (54-FZ) Amount, e-mail/phone for the receipt; full card data does not reach us
Telegram Message delivery, Telegram Stars payments Your id and messages within the bot's operation
OpenAI (USA) AI food analysis and coach answers (cross-border transfer) Food content and the necessary context; without your name, e-mail, phone, or Telegram id
Speech-to-text service Converting voice to text (where used) The audio request for transcription
App Store (Apple) Processing purchases in the iOS app Payment data on the platform's side
Secure cloud hosting (Russia) Hosting servers and the database Service data stored in Russia
Analytics and crash monitoring Stability of the website and app Anonymized technical data

In addition to the above, data may be disclosed to authorized government bodies where the law requires it.

8. Where data is stored and how it is protected

The core data of bot and Mini App users is stored in our database on secure cloud infrastructure located in the Russian Federation. This ensures compliance with the requirement to localize the personal data of Russian citizens (242-FZ).

An important difference between channels: in the iOS app, diary entries are stored on the device itself; in the bot and Mini App, entries are stored on the Operator's secure servers.

  • Data is transmitted over secure, encrypted channels (TLS/HTTPS).
  • We apply organizational and technical protection measures, and access to data is restricted.
  • For recurring charges we use a bank token (RebillId), not the card number.

We do everything reasonably possible to protect data; however, no method of transmitting or storing information can guarantee absolute security. If, despite our measures, a personal-data breach occurs, we will take steps to mitigate the consequences and will notify Roskomnadzor and the affected users (and, where the GDPR applies, the competent supervisory authority) in the cases and within the time limits set by law.

9. Retention periods

We keep personal data no longer than necessary for the purposes of processing or to comply with the law. The specific periods are:

  • Profile and food diary: while your account is active. After a request to delete your account (see Section 10) or after a long period of inactivity (as a rule, after 12 months), this data is deleted or anonymized.
  • Food photos, voice recordings, and AI-coach message text: not stored (see Section 3).
  • Payment and accounting records (including data for fiscal receipts): for the periods set by accounting and tax laws (as a rule, at least 5 years). The basis is a legal requirement.
  • Technical logs (IP, request time, error logs): as a rule, up to 12 months, to the extent needed for security and diagnostics. The basis is the Operator's legitimate interest.

Once the processing purposes are met, or upon your request, data is deleted or anonymized, except for information we are required to keep by law (for example, accounting and fiscal records).

10. Your rights and account deletion

Under 152-FZ you have the right to:

  • obtain information about the processing of your personal data;
  • request that inaccurate or incomplete data be clarified (corrected);
  • request deletion or blocking of data if it is processed in breach of the law or is no longer needed for the purposes of processing;
  • withdraw consent you previously gave, including consent to cross-border transfer (Section 5);
  • appeal our actions to Roskomnadzor or in court.

10.1. Additional rights for EU/EEA/UK users (GDPR)

If the GDPR or the UK GDPR applies to you, you also have the right to: access your data and receive a copy of it; have inaccurate data rectified; have data erased ("right to be forgotten"); restrict or object to processing; data portability (receive your data in a structured, commonly used, machine-readable format); and to withdraw consent at any time without affecting processing carried out before the withdrawal. You also have the right to lodge a complaint with your local data-protection supervisory authority. We do not use your data for automated decision-making that produces legal or similarly significant effects on you.

10.2. How to delete your account and data

To fully delete your account, send a request to bytefit.ai@gmail.com from the contact linked to your account, or via in-bot support. After we confirm that the account is yours, we delete your profile, personalized targets, diary entries, plans, recipes, recaps, and the saved payment details for recurring charges. This is normally done within 30 days.

Deleting your account ends access to the paid features. We do not delete information that we are required to keep by law, first of all the accounting and fiscal records of completed payments (for the periods set by law). Such records are stored separately and are not used for any other purpose.

To exercise any of these rights, send a request to bytefit.ai@gmail.com. We will review the request and respond within the period set by law (as a rule, within 30 days). For your own safety, we may ask you to confirm your identity or your ownership of the account.

11. Cookies on the website

The bytefit.ru website uses cookies:

  • necessary cookies, for the site to work correctly;
  • analytics cookies, for anonymized visit statistics that help us improve the site.

On your first visit, a consent banner is shown. You can manage cookies through your browser settings; disabling some cookies may affect how certain site features work.

12. Minors

The service is intended for users aged 14 and over. For users under 18, we recommend using the service with the involvement of a parent or legal guardian. We do not knowingly collect data from people under 14. If you believe we have processed a child's data below the permitted age, please write to us and we will take action.

13. The service is not a medical service

ByteFit is informational and reference in nature and is not a medical service. It does not diagnose, prescribe treatment, or replace a consultation with a doctor or dietitian. The calorie and macro estimates are calculated by AI and are approximate, so they may contain errors. Please check them and adjust them if needed. If you have any illness, are pregnant, have allergies, or have other health considerations, be sure to consult a specialist.

14. Changes to this Policy

We may update this Policy. The current version is always published openly at /en/privacy.html, with the update date shown at the top of the page. We will try to announce material changes in advance. Continuing to use the service after a new version is published means you have reviewed it. Related documents: Public Offer, Terms of Use, Refund Policy, Support.

15. Contacts

Operator

Individual Entrepreneur Albert Akhmadiev

INN (tax ID)

165037062701

OGRNIP

323169000268140

Location

Kazan, Republic of Tatarstan, Russia

E-mail

bytefit.ai@gmail.com

Support hours

Mon-Fri, 10:00-19:00 (MSK)