Back to home

Privacy Policy

Effective date: April 23, 2026

1. Who we are

FitProp AI ("we," "us," "our") provides an AI-powered fitness accountability platform. This policy explains what personal data we collect, why, how we use it, and your rights. We are the data controller for the data described here. For questions, contact fitpropaisupport@gmail.com.

2. Data we collect

We collect the following categories of personal data:

  • Account data: email, password (hashed), full name, username, avatar, bio, optional location.
  • Fitness data: workout logs, meal logs, training plans, goals, fitness level, check-ins, streak history.
  • Social data: posts, comments, stories, likes, follows, direct messages, challenge interactions.
  • Billing data: processed by Stripe; we receive only the Stripe customer ID, subscription status, and last 4 digits of your card. We do not store full card numbers.
  • Technical data: IP address, browser type, device info, session logs, error traces. Used for security and debugging.
  • Optional location: if you grant location permission for the Gym Check-In feature, we store the gym's coordinates (not your exact live location).

3. How we use your data

  • Provide the Service — show your feed, track your streak, generate AI training plans, enable social interactions
  • Process payments (via Stripe) and manage subscriptions
  • Send transactional emails (receipts, password resets, important account notices)
  • Improve the Service — analyze aggregate usage to fix bugs and prioritize features
  • Prevent fraud, abuse, and security threats
  • Comply with legal obligations

4. Lawful bases (GDPR)

Where GDPR applies, we rely on the following lawful bases: (a) contract — to deliver the Service you signed up for; (b) legitimate interests — for security, fraud prevention, and product improvement; (c) consent — for optional features such as location-based gym check-in; (d) legal obligation — for tax records, legal compliance, and responding to lawful requests. You may withdraw consent at any time; withdrawal does not affect the lawfulness of processing already carried out.

5. Who we share data with

We share data only with service providers who help us operate the Service:

  • Supabase — database and authentication
  • Vercel — hosting
  • Stripe — payment processing
  • Anthropic — AI model provider for the Elio coaching feature (anonymized prompts only — no account info sent)
  • Resend — transactional email delivery
  • Google — Places API for gym check-in
  • Cloudflare — DNS and DDoS protection

We do not sell your personal data. We do not share your data with advertisers. We may disclose data in response to lawful requests from public authorities, to protect our rights, or to prevent fraud.

6. Data retention

We retain your personal data for as long as your account is active, plus a reasonable period afterwards for legal and audit purposes. If you delete your account (Settings → Delete Account), we permanently remove your profile, posts, logs, and associated data within 30 days. Aggregated, anonymized data may be retained indefinitely. Payment records are retained for 7 years for tax compliance.

7. Your rights

Depending on your jurisdiction (GDPR, UK GDPR, CCPA, and similar laws), you have the right to:

  • Access — request a copy of your data
  • Rectify — correct inaccurate data (editable in Settings)
  • Delete — remove your account and associated data
  • Port — receive a machine-readable export
  • Object — to processing based on legitimate interests
  • Restrict — limit how we process your data
  • Withdraw consent — at any time, for consent-based processing
  • Complain — lodge a complaint with your local data protection authority (in Hungary, NAIH)

To exercise any of these rights, email fitpropaisupport@gmail.com. We respond within 30 days.

8. International transfers

Your data may be processed outside your country, including in the United States (where Stripe, Vercel, and Anthropic operate). Where required, we rely on Standard Contractual Clauses or other approved transfer mechanisms to ensure an adequate level of protection.

9. Cookies and similar technologies

We use strictly necessary cookies to keep you signed in and remember preferences. We do not use third-party advertising or tracking cookies. Session cookies are first-party and essential — the Service cannot function without them.

10. Security

We use industry-standard security measures: encryption in transit (TLS), encryption at rest, hashed passwords, role-based access controls, and regular security reviews. No system is 100% secure — promptly notify us at fitpropaisupport@gmail.com if you suspect a breach affecting your account.

11. Children

The Service is not directed to children under 16. We do not knowingly collect data from children under 16. If you believe we have collected data from a child, contact us and we will delete it.

12. Changes to this policy

We may update this policy occasionally. Material changes will be announced via email or in-app notice at least 14 days before taking effect. Your continued use of the Service after the effective date constitutes acceptance.

13. Contact

Privacy questions, data subject requests, or general support: fitpropaisupport@gmail.com