RGL Loans

Privacy Policy

Last updated: 12 June 2026

Tovu Health ("the app") is operated by RGL Loans Pty Ltd (ABN 32 611 969 138), PO Box 391, Fortitude Valley QLD 4006, Australia ("we", "us", "our"). We take your privacy seriously, particularly because the app handles sensitive health information. This policy explains what we collect, how it's stored, and who it's shared with. We handle personal information in accordance with the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles.

Information we collect

  • Account details: your email address, used to create and sign in to your account.
  • Health and lifestyle data you choose to enter — the core of the app. This may include food and drink, hydration, medications and supplements, weight and body measurements, vital signs, glucose, menstrual cycle information, symptoms, pain, mood, sleep, meditation, dental notes, exercise, steps, bowel movements, alcohol, nicotine, other substances, and intimate activity.
  • Data from Apple Health (HealthKit): if you grant permission, the app can import data such as steps, weight, and workouts from Apple Health, and write data you log back to Apple Health.
  • Photos you attach when chatting with the AI coach.
  • The content of your messages to the AI coach.
  • Subscription status: which subscription tier you hold. Payments themselves are handled by Apple.

We only collect this information when you provide it or grant permission. We do not buy it or collect it from third parties.

How and where your data is stored

Your data is stored with our database provider, Supabase, in their Sydney, Australia region (ap-southeast-2), and protected by row-level security so each account can only access its own records. The app on your device uses only a public, client-safe key — it cannot read other users' data.

Apple Health (HealthKit)

With your explicit permission, the app reads from and writes to Apple Health for the specific data types you approve (such as steps, weight, and workouts). You control this in the iOS Health permission screen and can change it at any time. We use HealthKit data only to provide the app's features — we never use it for advertising or marketing, and we never sell it or share it with third parties for their own purposes.

The AI coach

When you use the AI coach, your messages, any photos you attach, and relevant health context are sent through our backend (hosted on Vercel) to Anthropic's API, which generates the coach's responses. Your health information is processed by these providers to deliver this feature.

Payments and subscriptions

Paid subscriptions are purchased and processed through Apple's App Store. We never receive or store your payment card details — we only receive your subscription status and tier from Apple so we can unlock the right features.

Who we share data with

We do not sell your data or use it for advertising. We share it only with the service providers needed to run the app:

  • Supabase — database and authentication (Sydney, Australia).
  • Vercel — hosting our backend services.
  • Anthropic — generating AI coach responses.
  • Apple — processing subscription payments.

Your data is stored in Australia. However, when you use the AI coach the relevant data is sent to Anthropic's servers in the United States to generate responses, and some backend processing via Vercel may also occur overseas.

How we use your data

Only to provide the app's features: storing your records, powering the AI coach, generating your targets and reports, managing your subscription, and maintaining your account. We don't use your data for marketing.

Your choices and rights

  • View and edit your data in the app at any time.
  • Delete individual records, and delete your account and all associated data.
  • Control Apple Health access in the iOS Health settings at any time.
  • Request access to or correction of your personal information by emailing us.
  • Lodge a complaint with the Office of the Australian Information Commissioner (OAIC) if you believe we've mishandled your information.

On-device privacy PIN

The app offers a per-tracker PIN to lock sensitive sections on your device. It's an on-device convenience feature, not a substitute for your device passcode.

Children

The app is not directed at, and not intended for, anyone under 16.

Security

We use reputable providers and access controls to protect your data. No system is completely secure, but we take reasonable steps to safeguard it.

Changes

We may update this policy and will post changes here with a new "last updated" date.

Contact

RGL Loans Pty Ltd — roberto@rglloans.com.au