FitFit

Privacy Policy

Last updated: April 30, 2026

Fit MMC ("Fit", "we", "us", "our") operates the Fit mobile application and the application.fit website (the "Service"). This Privacy Policy explains what data we collect, why we collect it, how we use it, and your rights over your data.

1. Information we collect

We collect the following categories of personal data:

  • Account information: name, email address, phone number, password (hashed), profile photo, gender, birthdate.
  • Health and fitness data: height, weight, activity level, BMI, daily calorie goals, meal logs, water intake, weight tracking, walking/step counts.
  • Device and motion data: with your permission, step counts and motion sensor data used for activity tracking.
  • Camera and microphone: when you use food scanning, voice input, or set a profile photo. Captured media is processed and not stored permanently except as part of meal logs.
  • Authentication identifiers: tokens issued via Sign in with Apple, Sign in with Google, or email/phone verification.
  • Subscription and billing: purchase receipts and entitlement data from Apple App Store or Google Play.
  • Technical data: device model, OS version, language, app version, IP address, push notification tokens, crash and performance logs.
  • Communications: messages you send to our AI assistant or to our support team.

2. How we use your data

  • Provide the core service: meal logging, AI food scanning, meal planning, water and step tracking.
  • Personalize recommendations and content based on your goals, metrics, and history.
  • Authenticate you and keep your account secure.
  • Process subscription payments through Apple App Store and Google Play.
  • Send transactional notifications (verification codes, reminders you opt into).
  • Diagnose crashes and performance issues; improve app stability.
  • Comply with legal obligations and enforce our Terms of Use.

3. Legal basis (GDPR)

For users in the European Economic Area, we process personal data on the following legal bases:

  • Performance of the contract — to provide the Service you signed up for.
  • Consent — for optional features such as motion data, push notifications, and personalized analytics.
  • Legitimate interests — to keep the Service secure, prevent fraud, and improve features.
  • Legal obligation — where required by applicable law.

4. Sharing with third parties

We do not sell your personal data. We share data only with the processors listed below, strictly to operate the Service:

  • Apple Inc. — Sign in with Apple, App Store subscriptions, push notifications.
  • Google LLC — Sign in with Google, Firebase (authentication, push notifications, crash reporting), Google Play subscriptions.
  • OpenAI — AI meal recognition, recommendations, and assistant chat (only the prompt content needed to fulfill your request is sent).
  • Sentry — crash and error monitoring (anonymized device information).
  • Cloud hosting and email providers — to operate our infrastructure and deliver verification emails.
  • Law enforcement and government authorities — only when required by valid legal process.

5. International transfers

Your data may be processed in countries other than the one in which you reside, including the United States and the European Union. We rely on Standard Contractual Clauses or equivalent safeguards where required.

6. Data retention

  • Account and health data — retained while your account is active.
  • After account deletion — personal data is removed from active systems immediately. Backups are purged within 30 days.
  • Crash and security logs — retained up to 90 days.
  • Records required for legal, tax, or financial compliance — retained as required by law.

7. Your rights

Depending on your jurisdiction (e.g., GDPR, CCPA), you have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate data.
  • Delete your account and associated data — see our Account Deletion page.
  • Object to or restrict certain processing.
  • Receive a portable copy of your data.
  • Withdraw consent at any time (without affecting prior lawful processing).

To exercise any of these rights, email hello@application.fit. We respond within 30 days.

8. Children's privacy

The Service is not directed to children under 13 (or the equivalent minimum age in your jurisdiction). We do not knowingly collect data from children. If we become aware that a child under the applicable age has provided personal data, we delete it.

9. Security

We use industry-standard measures including TLS encryption in transit, encryption at rest where applicable, hashed passwords, and access controls. No system is perfectly secure; please use a strong unique password and report any concerns to hello@application.fit.

10. Changes to this policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top reflects the latest revision. Material changes will be communicated in-app or via email.

11. Contact

Questions or complaints about this policy or our data practices:

  • Email: hello@application.fit
  • Data controller: Fit MMC