Privacy Policy

This Privacy Policy explains how Fitnix (“we,” “our,” or “us”) collects, uses, shares, and protects your personal information when you use the Fitnix mobile application, website (getfitnix.app), and related services (the “Service”). We take your privacy seriously and only collect what we need to make the Service work.

1. Information We Collect

a. Information you provide directly

• Account data: email address, full name, authentication credentials (handled via Supabase Auth, Apple Sign In, or Google Sign In — we never see your password in plaintext).
• Profile & fitness data: age, gender, height, weight, body measurements, fitness goals, activity level, equipment preferences, medical conditions you choose to share, and workout logs.
• Support correspondence: messages you send to support@getfitnix.app.

b. Information collected automatically

• Device & technical data: device model, operating system version, app version, locale, time zone, crash logs, and anonymous diagnostic data.
• Usage data: features accessed, workouts completed, session duration, and aggregated analytics events — used to improve the Service.
• Push notification token: if you enable notifications, we store the device-specific token needed to deliver reminders.

c. Information from third parties

• Apple / Google Sign In: when you sign in through Apple or Google, we receive your email address and (if shared) your name. We do not access your contacts, photos, or other data.
• RevenueCat: receives your purchase events to manage subscription entitlements. We receive a subscription status back from RevenueCat — we do not process payment-card details ourselves.

2. How We Use Your Information

We use your information to:

• Create and maintain your account;
• Generate personalized workout plans using AI, based on the fitness profile you provide;
• Track your progress, calculate statistics, and deliver reminders you’ve enabled;
• Process subscriptions and manage entitlements via RevenueCat;
• Respond to your support requests and communicate about important changes to the Service;
• Monitor for abuse, debug crashes, and improve the Service through aggregated analytics;
• Comply with legal obligations.

3. Legal Bases (GDPR / UK GDPR)

If you are in the European Economic Area, United Kingdom, or Switzerland, we process your data on the following legal bases:

• Contract:to provide the Service you’ve signed up for (account, workouts, subscription management);
• Consent: for push notifications and for any optional marketing communications. You can withdraw consent at any time;
• Legitimate interests: for security, fraud prevention, and product improvement — balanced against your rights and freedoms;
• Legal obligation: where we must retain or disclose data to comply with applicable law.

4. How We Share Your Information

We do not sell your personal data. We share it only with the service providers required to operate the Service, each bound by contractual confidentiality and data-protection obligations:

• Supabase — database hosting, authentication, and backend infrastructure;
• RevenueCat — subscription management and entitlement syncing with Apple / Google;
• Anthropic, Inc. (Claude API)— our sole third-party AI processor, used to generate personalized workout plans and daily coaching tips. The exact data fields sent to Anthropic are listed in section 5 below (“AI Data Sharing & Consent”). We do not share your name, email, phone number, Apple ID, device identifiers, IP address, location, photos, contacts, or payment data with Anthropic;
• Apple and Google — app distribution, sign-in, push notifications, and payment processing;
• Analytics & crash-reporting — to diagnose bugs and measure feature usage in aggregate;
• Legal compliance — if required by law, court order, or to protect rights, safety, or property.

5. AI Data Sharing & Consent

Fitnix uses Anthropic, Inc. (“Anthropic”) — specifically the Claude API — as our sole third-party AI processor. We share a strictly limited, non-identifying subset of your fitness profile with Anthropic so that Claude can produce personalized workout plans and daily coaching tips. We do not use OpenAI, Google Gemini, or any other AI provider.

a. What is sent to Anthropic

• Age, gender, weight (kg), height (cm)
• Self-reported fitness level (beginner / intermediate / advanced)
• Fitness goal (weight loss / muscle gain / maintenance)
• Training location (home / gym) and available equipment
• Preferred workout duration (minutes)
• Weekly training schedule (days of the week)
• Total number of workouts completed
• Anonymous workout history: exercise names, last weights used, and subjective difficulty ratings (easy / normal / hard)

b. What is never sent to Anthropic

• Name, email address, phone number, Apple ID
• User ID, device identifiers, IP address
• Location data, photos, contacts, calendar
• Payment information or subscription tokens
• Authentication credentials of any kind

c. Anthropic’s data protection

Anthropic operates under a zero-data-retention policy for API requests: Anthropic does not train its models on user inputs and does not retain prompts or responses beyond the request lifecycle. Anthropic is a U.S. company that contractually provides the same or equal level of data protection as described in this policy. Anthropic’s privacy policy is available at https://www.anthropic.com/legal/privacy.

d. Explicit consent before sharing

We obtain your explicit, in-app consent before any of the data above is sent to Anthropic:

• New userssee a dedicated “AI-Powered Workouts” disclosure screen during onboarding, immediately after entering their fitness profile and before any workout is generated. The screen names Anthropic, lists every data field that will be shared, lists what will never be shared, and requires an explicit tap on “I Agree, Continue”.
• Existing users who installed the app before this policy took effect see the same disclosure screen as a modal the first time they attempt to generate a workout. AI features remain locked until consent is granted.
• Acceptance is recorded on your account record (timestamp). All AI requests are gated server-side on this record — no data is shared with Anthropic until consent is on file.

e. Withdrawing consent

You can withdraw your AI consent at any time by deleting your account (Profile → Delete Account in the app). Account deletion erases all personal data linked to your account, including the AI consent record. If you would like to revoke AI consent without deleting your entire account, contact us at support@getfitnix.app and we will clear the consent flag — AI features will then be locked again on your next sign-in.

6. Data Retention

We retain your data for as long as your account is active. When you delete your account (Profile → Delete Account in the app), all personal data linked to your account is permanently erased from our primary databases within 30 days. Aggregated, anonymized analytics data may be retained indefinitely. Backups are cycled out within 90 days. Some records may be retained longer where required by law (e.g., tax or fraud-prevention records held by payment processors).

7. Your Rights

Depending on your location, you have the following rights over your personal data:

• Access: request a copy of the data we hold about you;
• Rectification: correct inaccurate or incomplete data;
• Deletion: delete your account and associated data from within the app, or by emailing us;
• Portability: receive your data in a structured, machine-readable format;
• Objection / restriction: object to or restrict certain processing;
• Withdraw consent: for any processing based on consent;
• Lodge a complaint: with your local data-protection authority.

To exercise any of these rights, email us at support@getfitnix.app. We will respond within 30 days.

8. California Privacy Rights (CCPA / CPRA)

If you are a California resident, you have the right to know what personal information we collect, to request deletion, and to opt out of the sale or sharing of personal information. We do not sell your personal information. Contact us at support@getfitnix.app to exercise your rights. We will not discriminate against you for exercising them.

9. Children’s Privacy

The Service is not directed to children under 13, and we do not knowingly collect personal data from them. If you believe a child has provided us with personal data, contact us and we will promptly delete it. If you are between 13 and 16 (or the age of digital consent in your country), you must have parental permission to use the Service.

10. Security

We use industry-standard security measures, including TLS encryption in transit, encrypted storage at rest, and strict access controls. Authentication tokens are stored in the iOS Keychain / Android Keystore. However, no system is perfectly secure, and we cannot guarantee absolute security. If we learn of a breach affecting your personal data, we will notify you without undue delay as required by law.

11. International Data Transfers

Your data may be processed and stored in countries outside your own — including the United States and the European Union — where our service providers operate. When we transfer data internationally, we rely on appropriate safeguards such as the European Commission’s Standard Contractual Clauses.

12. Cookies and Similar Technologies

The Fitnix mobile app does not use tracking cookies. Our website (getfitnix.app) may use minimal first-party cookies that are strictly necessary for the site to function. We do not use cross-site tracking cookies or advertising pixels.

13. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the “Last updated” date at the top and, where required, notify you in-app or by email. Your continued use of the Service after changes become effective constitutes acceptance of the updated policy.

14. Contact

Questions, requests, or concerns about your privacy? Reach us at support@getfitnix.app. We aim to respond within 5 business days, and always within 30 days for formal data-protection requests.