Privacy Policy

Your privacy and data security are fundamental to how we build FitSync. Learn how we collect, use, and protect your information.

Last Updated: January 19, 2025

Introduction

FitSync ("we," "our," or "us") is committed to protecting your privacy and personal information. This Privacy Policy explains how we collect, use, store, and protect your information when you use the FitSync mobile application (the "App").

By using FitSync, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with our policies and practices, please do not use our App.

Contact Information

FitSync Development Team
Email: support@fitsync.app

For privacy-related inquiries, please contact us at the email address above.

Information We Collect

1. Personal Information

We collect the following personal information that you voluntarily provide:

  • Date of Birth: Used for age-related fitness calculations and BMR computations
  • Height and Weight: Used for caloric calculations, BMI calculations, and personalized fitness recommendations
  • Gender: Used for gender-specific metabolic calculations and fitness recommendations
  • Activity Level: Your self-reported activity level for personalized caloric expenditure calculations
  • Fitness Goals: Your selected fitness objectives (weight loss, muscle gain, etc.)
  • Experience Level: Your fitness experience level for workout recommendations

2. Health and Fitness Data

With your explicit consent, we collect and process:

  • Step Count Data: Daily step counts from your device or connected health apps
  • Caloric Expenditure: Calories burned through daily activities and workouts
  • Workout Sessions: Exercise routines, duration, intensity ratings, and performance data
  • Nutrition Data: Food intake, meal logs, and nutritional information
  • Body Composition: Weight tracking and BMI calculations over time

3. Location Information

When you enable location services for cardio tracking features:

  • GPS Coordinates: Real-time location data during outdoor cardio activities
  • Route Information: Path taken during runs, walks, or cycling sessions
  • Elevation Data: Altitude changes during activities for distance and intensity calculations
  • Speed and Pace: Movement speed calculated from GPS data
  • Distance: Total distance traveled during activities

4. Device and Usage Information

We automatically collect:

  • Device Information: Device type, operating system version, app version
  • Usage Analytics: App usage patterns, feature interactions, and performance metrics
  • Crash Reports: Technical information to diagnose and fix app issues
  • Settings and Preferences: Your app configuration and customization choices

5. Third-Party Health Platform Data

With your permission, we may access data from:

  • Apple Health (iOS): Step count, caloric burn, and other health metrics
  • Google Fit (Android): Activity data, step count, and health measurements
  • Connected Fitness Devices: Data from smartwatches and fitness trackers

How We Use Your Information

Primary Uses

We use your information to:

  1. Provide Core Functionality: Calculate personalized fitness metrics, caloric expenditure, and BMR/TDEE
  2. Track Progress: Monitor your fitness journey, weight changes, and goal achievement
  3. Generate Recommendations: Create personalized workout routines and nutrition suggestions
  4. Calculate Metrics: Compute calories burned, distance traveled, pace, and elevation changes
  5. Sync Health Data: Integrate with Apple Health and Google Fit for comprehensive tracking

Secondary Uses

We may also use your information to:

  1. Improve the App: Analyze usage patterns to enhance features and user experience
  2. Technical Support: Diagnose and resolve technical issues
  3. Safety and Security: Detect and prevent fraudulent or harmful activities
  4. Legal Compliance: Meet legal obligations and protect our rights

Data Storage and Security

Storage Infrastructure

  • Primary Database: Your data is stored securely using Supabase, a SOC 2 Type 2 certified platform
  • Local Storage: Some data is cached locally on your device for offline functionality
  • Encryption: All data transmissions are encrypted using industry-standard TLS/SSL protocols
  • Database Security: Stored data is encrypted at rest and protected by multiple security layers

Security Measures

We implement appropriate technical and organizational measures to protect your data:

  • Access Controls: Role-based access limitations for our development team
  • Regular Security Audits: Periodic security assessments and vulnerability testing
  • Data Minimization: We collect only the data necessary for app functionality
  • Secure Development: Following security best practices in app development

Third-Party Services

Apple Health Integration

  • Purpose: Sync step count, caloric burn, and other health metrics
  • Data Shared: Only health data you explicitly authorize
  • Apple's Privacy: Governed by Apple's Health app privacy policy
  • User Control: You can revoke access at any time through iOS Settings

Google Fit Integration

  • Purpose: Access activity data and health metrics on Android devices
  • Data Shared: Only fitness data you specifically authorize
  • Google's Privacy: Subject to Google's privacy policies
  • User Control: Manage permissions through Google account settings

MapBox Services

  • Purpose: Provide mapping, route calculation, and location services for cardio tracking
  • Data Shared: GPS coordinates, route information, and location data during active tracking
  • MapBox Privacy: Governed by MapBox's privacy policy
  • User Control: Disable location services in app settings to opt out

Supabase Backend Services

  • Purpose: Secure data storage, user authentication, and real-time data synchronization
  • Data Processing: All personal and health data storage
  • Security: SOC 2 Type 2 certified with enterprise-grade security
  • Data Location: Data stored in secure, compliant data centers

Data Sharing and Disclosure

Current Policy

We DO NOT sell, trade, or rent your personal information to third parties. We do not share your data except in the following limited circumstances:

Permitted Disclosures

We may disclose your information only when:

  1. Legal Requirements: Required by law, subpoena, or court order
  2. Safety Concerns: To protect the safety of users or the general public
  3. Business Transfers: In connection with a merger, acquisition, or sale of assets (with user notification)
  4. Consent: With your explicit, informed consent
  5. Service Providers: To trusted third-party service providers bound by confidentiality agreements

Aggregated Data

We may share aggregated, anonymized data that cannot identify individual users for research or analytics purposes.

Your Privacy Rights

Access and Control

You have the right to:

  • Access: Request a copy of all personal data we have about you
  • Correction: Update or correct inaccurate personal information
  • Deletion: Request deletion of your personal data (subject to legal retention requirements)
  • Portability: Receive your data in a structured, machine-readable format
  • Objection: Object to certain processing activities
  • Restriction: Request limitation of processing activities

Exercising Your Rights

To exercise these rights, contact us at support@fitsync.app. We will respond within 30 days of receiving your request.

Account Management

You can also:

  • Update profile information directly in the app
  • Manage third-party integrations in app settings
  • Control location sharing preferences
  • Delete your account and associated data

Data Retention

Retention Periods

  • Account Data: Retained while your account is active
  • Health and Fitness Data: Stored for the duration of your account plus 90 days after deletion
  • Location Data: Automatically deleted after 2 years unless you delete it sooner
  • Usage Analytics: Aggregated data retained for up to 3 years for improvement purposes
  • Legal Requirements: Some data may be retained longer if required by law

Deletion Process

When you delete your account:

  1. Personal data is immediately marked for deletion
  2. Data is permanently removed from active systems within 30 days
  3. Backup systems are purged within 90 days
  4. Some aggregated, anonymized data may be retained for analytics

Children's Privacy (COPPA Compliance)

Age Restrictions

FitSync is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13.

Parental Rights

If you are a parent and believe your child has provided personal information to us:

  • Contact us immediately at support@fitsync.app
  • We will delete the information promptly upon verification
  • We will implement additional safeguards to prevent future collection

Teen Users (13-17)

For users aged 13-17:

  • Parental consent may be required in some jurisdictions
  • Enhanced privacy protections apply
  • Contact us for specific guidance on teen privacy rights

Contact Us

Privacy Inquiries

For questions, concerns, or requests related to this Privacy Policy, contact us:

Email: support@fitsync.app
Subject Line: "Privacy Policy Inquiry"
Response Time: We respond to privacy inquiries within 5 business days

Data Protection Requests

For specific data protection requests (access, deletion, correction):

Email: support@fitsync.app
Subject Line: "Data Protection Request"
Required Information:

  • Full name associated with the account
  • Email address used for the account
  • Specific request type and details
  • Identity verification may be required

Document Version: 1.0
Effective Date: January 19, 2025
Review Schedule: This policy is reviewed annually and updated as necessary to maintain compliance and transparency.

By using FitSync, you acknowledge that you have read, understood, and agree to this Privacy Policy.