Privacy Policy

Overview

Fitnessage ("we", "our", "us") provides AI-personalised fitness assessments, workout plans, meal plans, and meal-delivery integrations. This Privacy Policy describes the personal data we collect, how we use it, and your rights over it. By using Fitnessage you consent to the practices described here.

Data we collect

• Account data: name (optional), email address, password (hashed), and authentication tokens.
• Profile data you provide: age, sex, height, weight, primary fitness goal, dietary preferences, allergies, disliked foods, injuries, health conditions, and selected gym (if any).
• Assessment data: results of the fitness tests you choose to record, and the biological-age and risk scores derived from them.
• Plan data: AI-generated workout and meal plans, your edits, completion logs, water intake, and meal logs.
• Subscription and order data: your subscription tier, trial status, billing identifiers from Stripe (we never store full card details), meal-delivery orders, and delivery addresses you provide.
• Device and diagnostic data: app version, OS, crash reports, and basic usage metrics for stability monitoring.

How we use your data

• To run the product features you actively requested — generate plans, track progress, deliver meal orders, manage your subscription.
• To improve the product through aggregated, de-identified analytics (we do not sell or share individual records).
• To send you transactional email related to your account (sign-up confirmation, password reset, order confirmations, subscription receipts). We do not send marketing email without your explicit opt-in.
• To comply with legal obligations and detect abuse or fraud.

Sharing with third parties

• Stripe — payment processing and subscription management. Stripe receives the data necessary to process your payment.
• Cloudflare — hosting, DNS, and edge compute. All data in transit is encrypted with TLS.
• Neon (PostgreSQL) — primary database, hosted in the region closest to our compute.
• Google AI (Gemini) — generates workout and meal plans from the profile inputs you provide. Inputs are sent on each generation request and are not used by Google to train its general models per your account configuration.
• Meal-delivery providers — when you place a delivery order, your delivery address, contact details, and order line items are sent to the provider you selected so they can fulfil it.
• We do not sell your personal data to advertisers, brokers, or any third party.

Your rights

• Access — see what data we hold about you. Email support@fitnessage.ai and we will respond within 30 days.
• Correction — update inaccurate data via the in-app Profile screen at any time.
• Deletion — permanently remove your account and personal data through Profile → Delete Account in the mobile app, or at fitnessage.ai/delete-account. Deletion is immediate and irreversible.
• Portability — request a copy of your data in JSON format by emailing support@fitnessage.ai.
• EU residents (GDPR) and California residents (CCPA) have the additional rights granted by those laws and can exercise them through the same channels.

Data retention

We retain your account data for as long as your account is active. After account deletion we permanently remove personal data within 30 days, except where retention is required by law (e.g. invoicing records). Aggregated, de-identified statistics may be retained indefinitely.

Security

All communication is encrypted with TLS 1.3. Passwords are hashed with PBKDF2. Database credentials, API keys, and signing secrets are stored as encrypted secrets within Cloudflare and are never shipped to client devices. We monitor for unauthorised access and will notify affected users without undue delay if a breach occurs.

Children

Fitnessage is not directed at children under 13 (or under 16 in the EU). We do not knowingly collect personal information from children. If you believe a child has provided us data, please email support@fitnessage.ai and we will delete it.

Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or an in-app notice at least 14 days before they take effect. The "Last updated" date below reflects the most recent revision.

Contact

Questions or requests: support@fitnessage.ai. Postal address available on request.