Privacy Policy

FitApp · Last updated: April 23, 2026 · Effective: April 23, 2026

1. Introduction and scope

FitApp (“we,” “us,” or “our”) respects your privacy. This Privacy Policy describes how we collect, use, disclose, retain, and protect information when you use our mobile application FitApp (the “App”) and related services that connect to our backend (collectively, the “Services”).

By creating an account or using the Services, you acknowledge that you have read this policy. If you do not agree, please do not use the App. For questions, contact us using the details in Section 15.

2. Who we are and how to reach us

The operator of FitApp can be reached at support@aitomationops.com. Our published policies are hosted at fitappweb.com.

3. Definitions

• Personal information — information that identifies or can reasonably be linked to you or your device.
• Account data — information associated with your registered account (for example, email and authentication credentials).
• Workout data — training-related content you create or import (plans, logs, splits, progress, notes, and similar).
• Usage data — information about how you interact with the App (for example, features used and session patterns).
• Device data — technical information about your device or environment (for example, OS version and device type).

4. Information we collect

4.1 Account information

When you register, we collect the email address you provide and credentials needed to authenticate you. Passwords are processed using industry-standard one-way hashing (bcrypt); we do not store plaintext passwords.

4.2 Workout and fitness-related data

We collect and store the workout plans, exercise history, training splits, progress metrics, and related content you enter or sync through the App. This data is stored so we can provide core App functionality, including sync across your devices where you are signed in.

4.3 Usage data

We may collect information about how you use the App, such as features accessed, general interaction patterns, and time spent in the App, to operate, secure, debug, and improve the Services.

4.4 Device and technical data

We may collect device information such as device type, operating system version, and identifiers that help us deliver secure sessions, diagnose issues, and maintain compatibility.

4.5 Local storage on your device

The App may cache recent workout data on your device (for example, for offline use). Depending on implementation, such caching may cover a window of up to approximately thirty (30) days. Data stored locally is subject to your device security settings.

4.6 Payment and subscription data

Purchases of paid features or subscriptions are processed by third-party platforms (Apple App Store and Google Play). We do not receive your full payment card number from those platforms. We may receive limited purchase status or entitlement information necessary to unlock in-app features.

5. How we use information (purposes)

We use personal information to:

• Provide, maintain, and improve the App and backend services;
• Authenticate your account and manage secure sessions (including token-based authentication);
• Store, synchronize, and display your workout data across devices;
• Send workout-related notifications when you have granted permission;
• Respond to support requests and communicate about the Services;
• Detect, prevent, and address fraud, abuse, security incidents, and technical issues;
• Comply with legal obligations and enforce our terms.

5.1 Legal bases (EEA, UK, and similar jurisdictions)

Where GDPR or similar laws apply, we rely on one or more of the following legal bases, as appropriate:

• Contract — processing necessary to provide the Services you request;
• Legitimate interests — securing the Services, improving reliability, and understanding aggregate usage, balanced against your rights;
• Consent — where we ask for consent (for example, certain notifications), which you may withdraw where the law allows;
• Legal obligation — where we must retain or disclose information to comply with law.

6. How we share information

We do not sell or rent your personal information. We do not “share” personal information for cross-context behavioral advertising as defined under the CCPA/CPRA in the ordinary course of operating FitApp.

We may disclose information only as described below:

• Service providers (processors) — We use trusted vendors to host and operate the Services. Our primary backend and database provider is Supabase. They process data on our instructions and maintain their own privacy program. Links: Supabase Privacy Policy.
• Build and distribution tooling — We use Expo for development and build-related workflows. Link: Expo Privacy Policy.
• Legal and safety — We may disclose information if required by law, regulation, legal process, or governmental request, or where we reasonably believe disclosure is necessary to protect rights, safety, or security.
• Business transfers — If we are involved in a merger, acquisition, or asset sale, information may be transferred as part of that transaction, subject to appropriate safeguards and notice where required.

7. Storage, security, and integrity

7.1 Where data is stored

Your data is stored in cloud infrastructure operated by our service providers (including Supabase). Data may be processed in data centers located in various regions depending on provider configuration.

7.2 Security measures

• Encryption in transit using HTTPS/TLS for communications between the App and our services;
• Encryption at rest as provided by our infrastructure provider;
• Authentication using industry-standard token-based mechanisms (JWT);
• Database access controls, including row-level security policies intended to restrict access so that users can access their own data in accordance with our design;
• Password hashing using bcrypt;
• Where applicable, use of secure storage mechanisms on your device for sensitive tokens or credentials.

No method of transmission or storage is completely secure. We work to protect your information using reasonable administrative, technical, and organizational measures, but we cannot guarantee absolute security.

8. International data transfers

If you access the Services from outside the country where our servers or service providers are located, your information may be transferred across borders. Where required, we rely on appropriate safeguards (such as standard contractual clauses approved by relevant regulators) in addition to technical and organizational measures. By using the Services, you understand that your information may be processed in countries that may have different data protection laws than your own.

9. Retention

We retain personal information for as long as your account remains active or as needed to provide the Services. If you delete your account, we will delete or irreversibly anonymize your personal information within a reasonable period, typically within thirty (30) days, except where we must retain certain information to comply with legal obligations, resolve disputes, or enforce our agreements.

Backup systems may retain residual copies for a limited period consistent with our providers’ technical practices before being overwritten.

10. Your rights and choices

Depending on your location, you may have rights to:

• Access — request a copy of or information about the personal data we hold about you;
• Correction — update inaccurate information through the App where available, or by contacting us;
• Deletion — delete your account in Settings (see Delete your account) or contact us;
• Export — export certain workout data using export features in the App, where available;
• Restriction / objection — in some jurisdictions, request restriction of processing or object to certain processing;
• Portability — receive certain data in a structured, commonly used format where applicable;
• Withdraw consent — where processing is based on consent, withdraw consent without affecting prior lawful processing;
• Opt-out of sale or sharing — we do not sell personal information as described in Section 6; California residents may contact us with questions about rights under the CCPA/CPRA.

To exercise rights, email support@aitomationops.com. We may need to verify your identity before fulfilling requests. You may also lodge a complaint with a supervisory authority in your country of residence where applicable.

11. California residents (CCPA/CPRA summary)

In the preceding twelve months, we have collected categories of personal information consistent with Sections 4–5 (identifiers such as email; commercial information related to subscriptions as reported by app stores; internet or electronic network activity such as usage data; and other categories you voluntarily provide in workout data). We use this information for the business purposes described in this policy. We do not sell personal information. We do not knowingly sell or share personal information of consumers under sixteen.

California residents may request access, deletion, and certain other rights subject to exceptions under law. Contact us at the email above. We will not discriminate against you for exercising these rights.

12. Children’s privacy

FitApp is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child has provided us personal information, contact us promptly and we will take appropriate steps to delete such information where required by law.

13. Third-party services and links

The App may reference or integrate third-party services. Their collection and use of information are governed by their own policies. We encourage you to review Supabase and Expo policies linked in Section 6, and the privacy policies of Apple and Google for app store and device-level controls.

14. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. We will post the updated version at this URL and revise the “Last updated” date. Where changes are material and the law requires, we will provide additional notice (for example, in-app or by email). Continued use of the Services after the effective date constitutes acceptance of the updated policy where permitted by law.

15. Contact us

16. Regulatory alignment

This Privacy Policy is intended to support compliance with applicable privacy frameworks, including the GDPR for users in the European Economic Area and the United Kingdom (where applicable), the CCPA/CPRA for California residents, and other applicable data protection laws, each as interpreted in light of our actual practices described here.