Privacy Policy

1. Our Core Principle — Your Data, Your Control

Fitness Tracker is a health passport built for you. Five commitments shape how we treat your data, and everything else in this policy is designed to give effect to them:

• You own your data. The health and fitness information you put into the app belongs to you.
• Nothing is shared without your action. We do not share your personal or health data with any third party except as strictly necessary to operate the services you have chosen to use (e.g., our cloud database, or an AI provider you message), or where required by law.
• You can disconnect any integration at any time. Apple Health, Fitbit, Oura, Google, Anthropic (Claude), OpenAI (ChatGPT), Google (Gemini), and any future third-party connection can be turned off from the Settings page. Disconnecting halts further data flow to or from that service going forward.
• You can download everything. One click on Export All My Data at the bottom of the Settings page produces a complete copy of your data in a portable spreadsheet format, no questions asked.
• You can delete everything. One click on Delete Account at the bottom of the Settings page permanently removes your account and associated health data from our systems, subject only to the limited backup and legal-retention exceptions described in Section 10.

2. What We Collect

We collect only what the service needs:

• Account information. When you sign in with Google or with Sign in with Apple, we receive your email address, display name, and (from Google) profile image. If you use Sign in with Apple with “Hide My Email,” we receive only the private-relay address Apple generates on your behalf.
• Health and fitness data you enter. Workouts, exercises, sets and reps, meals and macros, body metrics, sleep logs, wellbeing ratings, injuries, supplements, recovery sessions, runs, lab markers and lab results, and any notes, descriptions, or photos you attach.
• Wearable and health-platform data you connect. If you enable Apple Health (HealthKit), Fitbit, Oura, or another supported source, we import only the categories of data you explicitly authorize (commonly steps, heart rate, HRV, sleep stages, workouts, VO2 max, resting heart rate, and body composition).
• Chat content you send to an AI advisor. Messages you type into an in-app chat or a challenge-advisor conversation, together with the minimum subset of your logged data the conversation needs to answer you.
• Basic technical data. Session cookies used to keep you logged in, and standard server logs (IP address, user agent, timestamps) kept for security and abuse-prevention purposes.

3. How We Use Your Data

• Service delivery: displaying your logs, generating insights and summaries, rendering charts, and providing the core functionality of the app.
• AI features you invoke: forwarding your chat message and the necessary context to whichever AI provider powers the feature, so it can return a reply.
• Communications: service-related messages (verification, security alerts, feature notices) and — until you opt out — promotional messages about the app.
• Product improvement and debugging: aggregated or de-identified usage patterns used to improve reliability and features.
• Legal compliance and safety: responding to valid legal process and enforcing our Terms of Service.

4. What We Do Not Do With Your Data

• We do not sell your personal data or health data to anyone.
• We do not share your personal data or health data with any third party for that third party's own advertising or marketing purposes.
• We do not use health, fitness, or medical data — including data from Apple HealthKit, Fitbit, Oura, or lab results you enter — for advertising, marketing, or data-mining purposes.
• We do not share your data with third parties except as strictly necessary to operate the services you have chosen to use (for example, passing a chat message to the AI provider that generates the response, or storing your logs in our cloud database), or as required by law.
• We do not store identifiable personal health information in iCloud.
• We do not embed advertising pixels, cross-site tracking cookies, or third-party marketing analytics that follow you off the service.

Looking ahead. The commitments in this section describe our current practices. If we ever decide to change them — for example, to introduce an ad-supported free tier, to share de-identified or aggregated data for research, or to offer any other use or disclosure not described above — we will update this policy and notify you in advance in accordance with Section 14. Any new use of personal or health data we collected before the change takes effect will require your separate affirmative consent, not merely your continued use of the Service. Where state law requires a specific form of consent (for example, for any sale or share of consumer health data under the Washington My Health My Data Act or similar statutes), we will obtain consent in the form the law requires, and you can always decline.

5. Third-Party Integrations You Control

The app supports optional integrations with several third-party services. Each is off by default and must be enabled by you. Once enabled, any integration can be turned off at any time from the Settings page; disconnecting stops further data from flowing to or from that service going forward.

Current integrations:

• Sign-in providers: Google (Google Sign-In) and Apple (Sign in with Apple). Used only to authenticate you.
• Wearables and health platforms: Apple Health (HealthKit), Fitbit, Oura. These are one-way reads into the app of the categories of data you have explicitly authorized.
• AI providers: Anthropic (Claude), OpenAI (ChatGPT / Custom GPT), Google (Gemini). Invoked only when you send an in-app chat message or use an AI-powered feature.
• Infrastructure providers: Supabase (database and authentication host) and Vercel (application host). These are not user-toggleable because they are the platforms the app runs on; they process data only under written data-processing terms.

When you enable a third-party integration, the third party's own terms and privacy policy also apply to how they handle your data. We do not control a third party's internal processing.

6. AI Providers — What Happens to Chat Content

When you use an in-app AI advisor (Coach Jamie, Casey, Evelyn, etc.) or a Custom GPT integration, the text of your message and the subset of your logged data necessary to answer it is transmitted to the underlying AI provider — currently Anthropic (Claude), OpenAI, and/or Google (Gemini), depending on the feature.

Once the content reaches the AI provider, it is processed under that provider's data-handling practices, which we do not control. We endeavor to protect that content to the extent possible by: (i) using each provider's enterprise or API tier where available, which contractually restricts training of their models on customer inputs; (ii) sending only the minimum data needed to answer the message; and (iii) not sharing your identifying account metadata with the provider beyond what the API requires.

Photos attached to AI chats. As of the date of this policy, any photo you attach to an AI chat (for example, a meal photo for macro analysis) is transmitted to the AI provider for real-time analysis and is not retained on our servers after the analysis is complete. The AI provider may briefly retain the photo and accompanying message per its own API data-handling policy. If we change this handling in the future — for example, if we add optional chat history that saves past messages and attachments — we will update this policy and provide notice in accordance with Section 14 before the change takes effect.

Do not type into an AI chat, or attach to an AI chat, any information you would not be comfortable being processed by the underlying AI provider.

7. Apple HealthKit

If you enable the Apple Health / HealthKit integration on iOS, the app reads only the HealthKit data categories you explicitly authorize in the native iOS permission sheet. HealthKit data is used solely to display your metrics back to you inside the app and to power the insights, charts, challenges, and AI summaries you choose to interact with.

In line with Apple's HealthKit requirements, we:

• do not use HealthKit data for advertising or similar services, and do not sell HealthKit data to advertising platforms, data brokers, or information resellers;
• do not disclose HealthKit data to any third party for advertising, marketing, or data-mining purposes;
• do not use HealthKit data for any purpose other than improving health, fitness, or wellness management within this app;
• do not store HealthKit data in iCloud; and
• do not write into HealthKit any data that was not produced by you using the app.

You can revoke the app's HealthKit access at any time through iOS Settings > Health > Data Access & Devices, or by disabling the integration from inside the app.

8. Email Communications

By creating an account, you consent to receive email communications from us:

• Transactional emails: account verification, password resets, security alerts, and service notifications.
• Promotional emails: product announcements, feature updates, health and fitness content, tips, and special offers related to Fitness Tracker.

You can opt out of promotional emails at any time by clicking the “unsubscribe” link included in every promotional email, or by contacting us. Opting out does not affect transactional emails necessary to operate your account.

We never share your email address with third parties for their own marketing purposes.

9. Data Storage and Security

Your data is stored on servers operated by Supabase (database and authentication) and Vercel (application hosting). We implement reasonable administrative, technical, and physical safeguards appropriate to the nature of the data, including transport encryption (HTTPS/TLS) for all traffic between you and the service, encryption-at-rest for the underlying database, session-based authentication, row-level security policies in the database, and auditing of privileged access.

No internet-connected service can be made completely secure. We do not promise that our measures will prevent every possible breach — but we commit to using reasonable measures, to notifying affected users without undue delay if we become aware of a breach affecting their data, and to not collecting or retaining data we do not need.

10. Data Retention and Deletion

We retain your account and health data for as long as your account is active and only as long as we need it to provide the service. When you delete your account, we delete the underlying records from our active production databases promptly (typically within 30 days). Encrypted backups roll off on a finite schedule (currently 30–90 days), after which the deleted data ages out of backups as well. We may retain a minimal set of records longer where required for legal, tax, fraud-prevention, or dispute-resolution purposes, and will keep any such retention narrowly scoped and protected.

11. Your Rights and Controls

You can exercise the following controls at any time, free of charge:

• Access: review everything you have logged directly inside the app.
• Download (Export): use Export All My Data at the bottom of the Settings page to receive a complete copy of your data in spreadsheet form.
• Delete: use Delete Account at the bottom of the Settings page (or email us) to permanently delete your account and associated data.
• Disconnect integrations: turn off Apple Health, Fitbit, Oura, Google, an AI provider, or any other third-party connection from the Settings page. Disconnecting halts further data flow with that service.
• Opt out of promotional email: click “unsubscribe” in any promotional email.
• Correct or amend: edit or delete any individual log entry directly in the app.

Depending on where you live, you may have additional rights under applicable privacy law (for example, the California Consumer Privacy Act, the Washington My Health My Data Act, and the Connecticut, Nevada, and Colorado consumer-health-data statutes). We honor those rights regardless of where you reside; to exercise them formally, email us at the address in Section 15.

12. Cookies & Authentication

We use cookies and browser storage solely for authentication (keeping you logged in) and for remembering your basic preferences. We do not use advertising or cross-site tracking cookies, and we do not embed third-party marketing pixels or analytics that track you off the service.

13. Children

The service is intended for adults aged 18 and older. We do not knowingly collect personal information from anyone under 18. If you believe a minor has provided us with personal information, contact us and we will promptly delete it.

14. Changes to This Policy

We may update this policy from time to time. If we make a material change — especially one that narrows your rights or expands the categories of data we collect — we will provide reasonable advance notice (by email to the address on file, by an in-app notice, or both) before the change takes effect. Non-material updates (wording, clarifications, structural changes) may be made by updating the date at the top of this page. Continued use of the Service after a change takes effect constitutes acceptance of the updated policy going forward.

Prospective vs. retroactive changes. A change that introduces a new data-sharing, data-sale, advertising, or similar monetization use of personal or health data takes effect only on a prospective basis — that is, it applies only to data you submit, or events that occur, after the change becomes effective — unless you separately and affirmatively consent to apply the new use to data we collected earlier. Continued use of the Service after such a change is consent to the new practice going forward, but it is not, by itself, consent to apply any new monetization use to data we already hold.

15. Contact

For questions about this privacy policy, to exercise a data right, to opt out of promotional emails, or to report a concern, contact us at support@fitnesstracker.app.