Privacy Policy
How Fitspot collects, uses, and safeguards your information — the recovery-driven training platform built on trust.
Thank you for using Fitspot (the “Service”). Your privacy is important to us. This Privacy Policy outlines how we collect, use, and safeguard your information.
- We collect the info you give us (account plus health and fitness data) and some technical data automatically, to run and improve Fitspot.
- We use a small set of named providers to operate the app — and we don’t sell your data or use it for advertising.
- Your health and fitness data is sensitive; we use it only to power the app’s features.
- You can access, correct, export, or delete your data — including deleting your account yourself in the app, with a 30-day window to change your mind.
- Questions: admin@fitspot.ai.
Information we collect
Information you provide
- Name, email address, username, and login details (passwords are stored only in encrypted, hashed form)
- Date of birth, gender, and body type
- Health and fitness data, including your height and weight over time (we keep a dated history so you can track changes), goal weight, target weight-loss pace, fitness goals, experience level, training frequency, and available equipment
- Workout activity, including the workouts you complete, muscles worked, sets and reps, weight lifted, estimated calories burned, workout duration, and streaks
- Nutrition and diet logs, including the foods you record, serving sizes, and the full nutritional breakdown of each entry (calories, protein, carbohydrates, fats, and micronutrients such as sodium, sugar, cholesterol, and vitamins)
- Support messages and feedback, and — if you cancel or delete your account — the reason you optionally choose to share with us
A note on sensitive health data
Much of the information above — your body metrics, workouts, and diet logs — is considered sensitive personal information (and “special category” health data under European law). We collect it only to provide the core features of the Service: planning your training, tracking your recovery, and logging your nutrition. We do not use your health or fitness data for advertising, and we never sell it. Where the law requires your explicit consent to process this data, you provide it by choosing to enter this information and use these features, and you can withdraw it at any time by deleting the data or your account.
Information we collect automatically
- Usage logs (IP address, browser type, timestamps)
- Cookies and similar technologies (see “Cookies and similar technologies”)
- Device information (device type, operating system, app version)
Push notifications
If you turn on notifications (for example, workout reminders), we register your device to receive them. To do this we store a device push token issued by Firebase Cloud Messaging (on Android) or the Apple Push Notification service (on iOS), along with your platform, app version, and operating-system version. We use these only to send the notifications you’ve enabled. You can turn notifications off at any time in your device’s system settings or your in-app notification preferences; doing so stops the notifications and we remove the associated device token.
Third-party sign-in
If you create your account or sign in using Google or Apple, we receive basic profile information from that provider — a provider account ID, your email address (Apple may give you a private relay address instead of your real one), your name, and, where available, your profile photo. We store this to create and secure your account.
How we use your information
- To provide and operate the Service
- To improve features and UX
- To respond to your inquiries
- To analyze trends and optimize performance
- To comply with legal obligations
Our legal bases (for users in the EEA and UK)
If you’re in the European Economic Area or the United Kingdom, we process your personal data under the following legal bases:
- To perform our contract with you — providing and operating the Service, delivering the features you use, and managing your subscription
- Your consent — for processing your health and fitness data, for analytics and session recording, and for push notifications; you can withdraw consent at any time
- Our legitimate interests — keeping the Service secure, preventing abuse, and understanding how it’s used so we can improve it, balanced against your rights
- Legal obligation — meeting our tax, accounting, and other legal requirements
You have the right to access, correct, delete, port, or restrict the processing of your data, to object to processing based on legitimate interests, and to lodge a complaint with your local data-protection authority.
Sharing your information
We do not sell your personal data.
The companies that help us run Fitspot
We rely on a small set of trusted service providers to operate the Service. Each one only receives the data it needs to do its job:
- MongoDB Atlas — our primary database. All of your account and fitness data is stored here.
- Vercel — hosts our website and app, and provides basic traffic analytics (page views, approximate location from IP, device type).
- Stripe — processes web payments. Stripe receives your name, email, payment method, and billing details. We store a Stripe customer ID and your subscription status, but we never see or store your full card number.
- RevenueCat and the Apple App Store / Google Play Store — process in-app purchases on iOS and Android and tell us whether your subscription is active.
- PostHog — our product-analytics provider (see “Analytics and session recording”).
- Firebase Cloud Messaging (Google) and Apple Push Notification service — deliver push notifications to your device.
- Resend — sends account emails such as verification codes. It receives your email address and the message content.
- FatSecret — powers food search in our diet-logging feature. When you search for a food, the text of that search is sent to FatSecret to return nutrition data. We do not send your name, email, or account identity with these searches.
- Google and Apple — provide account sign-in, as described above.
We may also disclose information when required by law, and we may transfer data as part of a company restructuring, merger, or acquisition.
Analytics and session recording
We use PostHog, a product-analytics tool, to understand how people use Fitspot so we can improve it. Through PostHog we collect:
- Product events — actions such as completing onboarding steps, viewing the paywall, starting checkout, subscription changes, and errors you encounter
- Automatically captured interactions — clicks and page views within the app (“autocapture”)
- Session recordings — a replay of your on-screen activity in the app, which can include screens showing your profile and fitness data, so we can diagnose problems and improve the experience
- Technical and identity data — your IP address, device and browser information, and your account ID and email address, so we can connect this activity to your account for support and analysis
We use this data only to operate, debug, and improve the Service. It is not sold and not used for third-party advertising.
Your choice: You can opt out of analytics and session recording at any time by contacting us at admin@fitspot.ai. Opting out does not affect your ability to use Fitspot.
Your rights and choices
- Access or receive a copy of your personal data
- Correct or update your personal data
- Delete your data, or ask us to restrict or stop processing it
- Request a portable copy of the data you provided to us
- Withdraw consent where applicable, and object to certain processing
- Lodge a complaint with your local data-protection authority
Deleting your account
You can delete your account yourself at any time from Account → Delete account in the app, or by emailing admin@fitspot.ai. See our retention section for exactly what happens to your data when you do.
Data retention
We keep your personal data only as long as we need it to provide the Service or to meet legal, tax, and accounting requirements. In practice:
- While your account is active, we retain your data so the Service works and your history is available to you.
- When you delete your account, we immediately deactivate it and hide your data. For 30 days the deletion can be reversed — if you sign back in during that window, your account and data are restored. This gives you a safety net against accidental deletion.
- After 30 days, we permanently delete your personal data from our systems. This includes your profile, body metrics, workouts, nutrition logs, notification tokens, linked sign-in accounts, and login credentials.
A few things are handled differently
- Billing records. We cancel your subscription, but we keep a limited payment record with our payment processors (such as a Stripe customer and invoice history) where we’re required to for tax and accounting purposes.
- Anonymized statistics. Before we delete your account, we save an anonymized summary that can no longer identify you — for example, an age range (not your birthday), a broad region (your time zone, not your location), your general fitness goals, and non-identifying subscription and usage statistics. We keep this to understand overall trends.
- Analytics already collected. Product-analytics events and session recordings already sent to PostHog follow PostHog’s own retention. You can ask us to delete these by contacting admin@fitspot.ai.
Cookies and similar technologies
We and our providers use cookies and similar technologies (such as local storage and device identifiers) to keep you signed in, remember your preferences, keep the Service secure, and measure how it’s used so we can improve it. We use:
- Essential — needed to run the Service (signing you in, security, remembering your session). These can’t be turned off.
- Analytics — help us understand usage so we can improve it (see “Analytics and session recording”).
We do not use advertising or cross-site tracking cookies, and we do not sell or share your information — so there is nothing to opt out of for advertising. You can control or delete cookies through your browser settings; turning off non-essential cookies won’t stop you using core features.
AI and automated processing
Fitspot uses artificial intelligence to generate your workout plans, schedule training around your recovery, and surface insights from the data you log. These features rely on the health and fitness information you provide. This processing supports the Service and does not produce decisions that have legal or similarly significant effects on you. If you have questions about how an automated feature used your data, or you’d like a person to review it, contact us at admin@fitspot.ai.
Security
We implement reasonable measures to secure your data. However, no method of transmission or storage is completely secure.
We will notify users of any data breach where legally required.
International users
Fitspot is based in the United States but available globally. If you access the service from another country, you consent to processing your data in the U.S.
While we aim to respect global standards, your use of the service must comply with your local laws.
How we protect data transferred internationally
Our service providers are located primarily in the United States. When we transfer personal data from the EEA or UK to the US, we rely on appropriate safeguards — including the European Commission’s Standard Contractual Clauses — to make sure your data receives an equivalent level of protection.
California & U.S. state privacy rights
If you live in California — or another U.S. state with a comprehensive privacy law — you have specific rights over your personal information, and we’re required to tell you what we collect and what we do with it.
Categories of personal information we collect
- Identifiers (name, email, username, account and device IDs)
- Demographic information (date of birth, gender)
- Sensitive personal information — your health and fitness data (body metrics, workouts, and nutrition logs)
- Commercial information (subscription and purchase history)
- Internet and device activity (usage events, session recordings, IP address, device and browser data)
- Approximate location inferred from your IP address and time zone
Sale and sharing
We do not sell your personal information, and we do not “share” it for cross-context behavioral (targeted) advertising, as those terms are defined under state privacy laws. We also do not use your sensitive personal information to infer characteristics about you.
Your rights and how to exercise them
You have the right to know what we collect, to access a copy of it, to correct it, to delete it, and not to be discriminated against for exercising these rights. To exercise any of them, email us at admin@fitspot.ai or use the in-app controls in Account settings; we’ll verify your request using your account email and respond within the timeframes required by law. You may use an authorized agent to submit a request on your behalf.
Children’s privacy
Our service is not intended for children under 13 (or other age as defined by your local law). We do not knowingly collect data from minors.
Changes to this policy
We may update this Privacy Policy occasionally. Any changes will be reflected with a new “Last Updated” date.
Contact us
Questions about your privacy? Reach out — we read everything.
Chicago, IL 60610, USA
Information you provide
- Name, email address, username, and login details (passwords are stored only in encrypted, hashed form)
- Date of birth, gender, and body type
- Health and fitness data, including your height and weight over time (we keep a dated history so you can track changes), goal weight, target weight-loss pace, fitness goals, experience level, training frequency, and available equipment
- Workout activity, including the workouts you complete, muscles worked, sets and reps, weight lifted, estimated calories burned, workout duration, and streaks
- Nutrition and diet logs, including the foods you record, serving sizes, and the full nutritional breakdown of each entry (calories, protein, carbohydrates, fats, and micronutrients such as sodium, sugar, cholesterol, and vitamins)
- Support messages and feedback, and — if you cancel or delete your account — the reason you optionally choose to share with us
A note on sensitive health data
Much of the information above — your body metrics, workouts, and diet logs — is considered sensitive personal information (and “special category” health data under European law). We collect it only to provide the core features of the Service: planning your training, tracking your recovery, and logging your nutrition. We do not use your health or fitness data for advertising, and we never sell it. Where the law requires your explicit consent to process this data, you provide it by choosing to enter this information and use these features, and you can withdraw it at any time by deleting the data or your account.
Information we collect automatically
- Usage logs (IP address, browser type, timestamps)
- Cookies and similar technologies (see “Cookies and similar technologies”)
- Device information (device type, operating system, app version)
Push notifications
If you turn on notifications (for example, workout reminders), we register your device to receive them. To do this we store a device push token issued by Firebase Cloud Messaging (on Android) or the Apple Push Notification service (on iOS), along with your platform, app version, and operating-system version. We use these only to send the notifications you’ve enabled. You can turn notifications off at any time in your device’s system settings or your in-app notification preferences; doing so stops the notifications and we remove the associated device token.
Third-party sign-in
If you create your account or sign in using Google or Apple, we receive basic profile information from that provider — a provider account ID, your email address (Apple may give you a private relay address instead of your real one), your name, and, where available, your profile photo. We store this to create and secure your account.
- To provide and operate the Service
- To improve features and UX
- To respond to your inquiries
- To analyze trends and optimize performance
- To comply with legal obligations
Our legal bases (for users in the EEA and UK)
If you’re in the European Economic Area or the United Kingdom, we process your personal data under the following legal bases:
- To perform our contract with you — providing and operating the Service, delivering the features you use, and managing your subscription
- Your consent — for processing your health and fitness data, for analytics and session recording, and for push notifications; you can withdraw consent at any time
- Our legitimate interests — keeping the Service secure, preventing abuse, and understanding how it’s used so we can improve it, balanced against your rights
- Legal obligation — meeting our tax, accounting, and other legal requirements
You have the right to access, correct, delete, port, or restrict the processing of your data, to object to processing based on legitimate interests, and to lodge a complaint with your local data-protection authority.
We do not sell your personal data.
The companies that help us run Fitspot
We rely on a small set of trusted service providers to operate the Service. Each one only receives the data it needs to do its job:
- MongoDB Atlas — our primary database. All of your account and fitness data is stored here.
- Vercel — hosts our website and app, and provides basic traffic analytics (page views, approximate location from IP, device type).
- Stripe — processes web payments. Stripe receives your name, email, payment method, and billing details. We store a Stripe customer ID and your subscription status, but we never see or store your full card number.
- RevenueCat and the Apple App Store / Google Play Store — process in-app purchases on iOS and Android and tell us whether your subscription is active.
- PostHog — our product-analytics provider (see “Analytics and session recording”).
- Firebase Cloud Messaging (Google) and Apple Push Notification service — deliver push notifications to your device.
- Resend — sends account emails such as verification codes. It receives your email address and the message content.
- FatSecret — powers food search in our diet-logging feature. When you search for a food, the text of that search is sent to FatSecret to return nutrition data. We do not send your name, email, or account identity with these searches.
- Google and Apple — provide account sign-in, as described above.
We may also disclose information when required by law, and we may transfer data as part of a company restructuring, merger, or acquisition.
Analytics and session recording
We use PostHog, a product-analytics tool, to understand how people use Fitspot so we can improve it. Through PostHog we collect:
- Product events — actions such as completing onboarding steps, viewing the paywall, starting checkout, subscription changes, and errors you encounter
- Automatically captured interactions — clicks and page views within the app (“autocapture”)
- Session recordings — a replay of your on-screen activity in the app, which can include screens showing your profile and fitness data, so we can diagnose problems and improve the experience
- Technical and identity data — your IP address, device and browser information, and your account ID and email address, so we can connect this activity to your account for support and analysis
We use this data only to operate, debug, and improve the Service. It is not sold and not used for third-party advertising.
Your choice: You can opt out of analytics and session recording at any time by contacting us at admin@fitspot.ai. Opting out does not affect your ability to use Fitspot.
- Access or receive a copy of your personal data
- Correct or update your personal data
- Delete your data, or ask us to restrict or stop processing it
- Request a portable copy of the data you provided to us
- Withdraw consent where applicable, and object to certain processing
- Lodge a complaint with your local data-protection authority
Deleting your account
You can delete your account yourself at any time from Account → Delete account in the app, or by emailing admin@fitspot.ai. See our retention section for exactly what happens to your data when you do.
We keep your personal data only as long as we need it to provide the Service or to meet legal, tax, and accounting requirements. In practice:
- While your account is active, we retain your data so the Service works and your history is available to you.
- When you delete your account, we immediately deactivate it and hide your data. For 30 days the deletion can be reversed — if you sign back in during that window, your account and data are restored. This gives you a safety net against accidental deletion.
- After 30 days, we permanently delete your personal data from our systems. This includes your profile, body metrics, workouts, nutrition logs, notification tokens, linked sign-in accounts, and login credentials.
A few things are handled differently
- Billing records. We cancel your subscription, but we keep a limited payment record with our payment processors (such as a Stripe customer and invoice history) where we’re required to for tax and accounting purposes.
- Anonymized statistics. Before we delete your account, we save an anonymized summary that can no longer identify you — for example, an age range (not your birthday), a broad region (your time zone, not your location), your general fitness goals, and non-identifying subscription and usage statistics. We keep this to understand overall trends.
- Analytics already collected. Product-analytics events and session recordings already sent to PostHog follow PostHog’s own retention. You can ask us to delete these by contacting admin@fitspot.ai.
We and our providers use cookies and similar technologies (such as local storage and device identifiers) to keep you signed in, remember your preferences, keep the Service secure, and measure how it’s used so we can improve it. We use:
- Essential — needed to run the Service (signing you in, security, remembering your session). These can’t be turned off.
- Analytics — help us understand usage so we can improve it (see “Analytics and session recording”).
We do not use advertising or cross-site tracking cookies, and we do not sell or share your information — so there is nothing to opt out of for advertising. You can control or delete cookies through your browser settings; turning off non-essential cookies won’t stop you using core features.
Fitspot uses artificial intelligence to generate your workout plans, schedule training around your recovery, and surface insights from the data you log. These features rely on the health and fitness information you provide. This processing supports the Service and does not produce decisions that have legal or similarly significant effects on you. If you have questions about how an automated feature used your data, or you’d like a person to review it, contact us at admin@fitspot.ai.
We implement reasonable measures to secure your data. However, no method of transmission or storage is completely secure.
We will notify users of any data breach where legally required.
Fitspot is based in the United States but available globally. If you access the service from another country, you consent to processing your data in the U.S.
While we aim to respect global standards, your use of the service must comply with your local laws.
How we protect data transferred internationally
Our service providers are located primarily in the United States. When we transfer personal data from the EEA or UK to the US, we rely on appropriate safeguards — including the European Commission’s Standard Contractual Clauses — to make sure your data receives an equivalent level of protection.
If you live in California — or another U.S. state with a comprehensive privacy law — you have specific rights over your personal information, and we’re required to tell you what we collect and what we do with it.
Categories of personal information we collect
- Identifiers (name, email, username, account and device IDs)
- Demographic information (date of birth, gender)
- Sensitive personal information — your health and fitness data (body metrics, workouts, and nutrition logs)
- Commercial information (subscription and purchase history)
- Internet and device activity (usage events, session recordings, IP address, device and browser data)
- Approximate location inferred from your IP address and time zone
Sale and sharing
We do not sell your personal information, and we do not “share” it for cross-context behavioral (targeted) advertising, as those terms are defined under state privacy laws. We also do not use your sensitive personal information to infer characteristics about you.
Your rights and how to exercise them
You have the right to know what we collect, to access a copy of it, to correct it, to delete it, and not to be discriminated against for exercising these rights. To exercise any of them, email us at admin@fitspot.ai or use the in-app controls in Account settings; we’ll verify your request using your account email and respond within the timeframes required by law. You may use an authorized agent to submit a request on your behalf.
Our service is not intended for children under 13 (or other age as defined by your local law). We do not knowingly collect data from minors.
We may update this Privacy Policy occasionally. Any changes will be reflected with a new “Last Updated” date.
Contact us
Questions about your privacy? Reach out — we read everything.
Chicago, IL 60610, USA
Governing law: This Privacy Policy is governed by the laws of the State of Illinois, United States, unless otherwise required by applicable local law.