Fittality
Fittality

Privacy Policy

Effective Date: May 3, 2025

Last Updated: May 3, 2025

Welcome to Fittalty! Your privacy is important to us. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our app.

End-User License Agreement: https://www.apple.com/legal/internet-services/itunes/dev/stdeula/

1. Information We Collect

We collect the following data to provide, personalize, and improve your experience. For each category, we explain the purpose of collection and, where applicable, the legal basis under GDPR:

Personal Information:

  • Full name, email address, age, weight, height, gender.
  • Purpose: To create and manage your user profile, personalize workout plans, and enable account recovery.
  • Legal Basis: User consent and the performance of our contract with you.

Fitness Data:

  • Pulled on-device from Apple Health Kit; we store only BMI, age, weight, and height. All other health metrics remain solely on your device.
  • Purpose: To calculate fitness analytics and personalize health insights (e.g., tailor workout intensity and progress tracking).
  • Legal Basis: User consent via HealthKit permission.
  • HealthKit Usage Descriptions: We request the following permissions in your device's HealthKit settings and Info.plist keys:
    • 'NSHealthShareUsageDescription': To read age, weight, height, and body mass index for analytics and personalization.
    • 'NSHealthUpdateUsageDescription': We do not write any data to your HealthKit unless you explicitly enable that functionality in the app settings.

Authentication Data:

  • Supabase Auth: Credentials for account creation and login.
  • Sign in with Apple: Email and name as consented by you.
  • Purpose: To securely authenticate you and protect your account.
  • Legal Basis: Performance of our contract and user consent (for Sign in with Apple).

Usage & Analytics Data:

  • Event data for Create/Read/Update/Delete (CRUD) actions, feature usage, and app navigation tracked via Amplitude (Amplitude Privacy Policy).
  • Purpose: To understand user behavior, improve features, and optimize app performance.
  • Legal Basis: Legitimate interest in optimizing our service (with opt‑out available) and user consent where required.

Crash Reporting & Error Logs:

  • Collected and monitored by Sentry for app stability and debugging (Sentry Privacy Policy).
  • Purpose: To detect and fix errors, enhance reliability, and ensure a smooth user experience.
  • Legal Basis: Legitimate interest in maintaining app stability and providing reliable services.

AI Workout Generation Data (PRO users only):

  • Selections from a multi-step tailored process (no free-text), including share personal info preference, goal, experience level, plan duration and days, equipment, workout types, and review confirmation.
  • Purpose: To generate a customized workout program via the OpenAI Responses API based on your selected options.
  • Legal Basis: User consent when opting into the PRO AI feature.

2. How We Use Your Data

We use your information to:

  • Provide and personalize workout plans, progress tracking, and health insights.
  • Send push notifications (daily reminders, streak preservation, re-engagement after inactivity). You can toggle each notification on/off in Settings > Notifications.
  • Store and manage authentication credentials securely via Supabase Auth or Sign in with Apple.
  • Analyze app performance and improve features using Amplitude and Sentry.
  • Generate Custom AI Workouts (PRO users only): When you opt to create a personalized workout program using our AI feature, you may choose whether to share your personal information. We collect your selections from a multi-step tailoring process (no free-text input) to call the OpenAI Responses API and generate your program. These steps include:
    1. Share personal info (yes/no)
    2. Goal: What's your primary fitness goal?
    3. Experience: How would you describe your experience level?
    4. Plan: Duration of plan and workout days
    5. Equipment: Available workout equipment
    6. Workouts: Preferred workout types
    7. Overview of selected options before generation
  • Ensure compliance with privacy laws and maintain security standards.

3. Data Storage & Security

  • Supabase Database: Stores personal details (name, email, age, weight, height, gender) and anonymized fitness analytics on our primary database instance hosted in West EU (Ireland) on AWS (t4g.nano). Supabase provides encryption at rest, row-level security, and database access is restricted to authorized administrators protected by two-factor authentication (2FA). Data transfers to non-EU regions are governed by Standard Contractual Clauses (SCCs) to ensure compliance with international data protection laws.
  • Authentication: Credentials and OAuth tokens are managed by Supabase Auth or Apple; we never see raw passwords.
  • On-Device Health Data: Raw Apple Health metrics are never uploaded to our servers—only BMI, age, weight, and height are stored.
  • Crash Logs: Securely transmitted to Sentry; access restricted to authorized personnel.

4. Third-Party Services & Links

We use and link to the following third parties strictly as data processors. We do not sell or share your personal information to any third parties except for logging and analytics purposes:

  • Supabase Auth (Privacy Policy): Manages account authentication; acts solely on our behalf as a processor and does not sell or share data.
  • Sign in with Apple (Apple Privacy): Handles OAuth login; only processes the email and name you consent to share.
  • Amplitude (Privacy Policy): Tracks usage and analytics; acts solely as a processor and does not sell or share individual user data.
  • Sentry (Privacy Policy): Collects crash reports and error logs; acts solely as a processor and does not sell or share individual user data.

We do not sell, rent, or share your personal information beyond these processing relationships.

5. Cookies & Session Tracking

  • Supabase may use cookies or local storage for session management.
  • Amplitude sets cookies for analytics.
  • No third-party advertising cookies are used.

6. Push Notifications

We send push notifications only for service-related purposes—no marketing messages or promotions. Notifications include:

  • Daily workout reminders
  • Streak preservation alerts
  • Re-engagement after periods of inactivity

Users can enable or disable each category under Settings > Notifications.

7. Account Deletion & Data Anonymization

To delete your account, go to Settings > Advanced Settings > Delete Account. Deletion is:

  • Permanent & Irreversible: You cannot recover your account afterward.
  • Anonymization: Your name and email are replaced with a randomly generated UUID.
  • Retained Data: Fitness analytics remain for up to 5 years in anonymized form (no PII) to help us understand usage and improve the app.

8. Data Retention

  • Personal Data: Retained until you delete your account or request erasure.
  • Anonymized Analytics: Stored for up to 5 years, then deleted.

9. Your Rights & Controls

You have the right to:

  • Access your personal data.
  • Modify your profile information.
  • Delete your account and anonymize your data.
  • Port your data (data export).
  • Object or restrict processing under GDPR.
  • Withdraw Consent: You can revoke any consent you have given (e.g., for data processing, analytics, HealthKit access) at any time by contacting our support team at info@fittality.app.

To exercise these rights, contact us at info@fittality.app.

10. Children's Privacy

Fittalty is intended for users 18 years and older. We do not knowingly collect data from children under 13. If you believe we have inadvertently collected information from a child under 13, please contact us to have it deleted.

11. Medical Disclaimer

All fitness suggestions and analytics are generated by our proprietary algorithms and are for informational purposes only. Fittalty is not a medical device, and its content is not a substitute for professional medical advice, diagnosis, or treatment.

12. Legal Compliance

We comply with:

  • GDPR (General Data Protection Regulation) - Europe
  • CCPA (California Consumer Privacy Act) - California

13. Changes to This Privacy Policy

We may update this policy from time to time. Any changes will appear in the "Last Updated" date. Significant changes may be communicated via in-app notifications or email.

Version History: A version history of this policy is available at https://fittality.app/privacy/archive. If no historical versions exist yet, this link may return a 404.

14. AI Chatbot & Third-Party Processing

When you use our PRO-only chatbot feature, any text you submit (which may include personal or health-related information) is transmitted to OpenAI's servers so the AI can generate responses. Fittalty does not store your chat transcripts except temporarily to support your current session; any logs we do retain are used solely for debugging and quality-improvement for up to 30 days, then deleted.

All processing of your chatbot inputs by OpenAI is governed by OpenAI's own policies—you can review them here:

By using the chatbot, you consent to this data transfer. If you have questions about how your chatbot data is handled, please contact us at info@fittality.app.

Contact Us

For questions or concerns about this policy, please contact our Privacy Officer at info@fittality.app.