Privacy Policy

    Effective April 24, 2026. How FitAI handles your personal and health information.

    FitAI ("we", "us", "our") is operated by Healthx.life. This policy explains what information we collect when you use fitai.live and our mobile apps, how we use it, and the choices you have. By using FitAI you agree to this policy.

    1. Information we collect

    1.1 Information you provide

    • Account information — email address, password hash (we never store your plain password), full name, and avatar if you upload one.
    • Health profile — age, height, weight, fitness level, dietary preferences, allergies, medical conditions, and goals you choose to share so the AI can personalize recommendations.
    • Activity data — workouts you save or complete, meals you log, wellness check-ins, sleep and mood entries, symptom notes, habits, water intake.
    • Chat history — messages you send to the AI assistant and the responses you receive (unless you use Temporary Chat mode).
    • Uploaded media — avatar photo, progress photos, food photos.
    • Support correspondence — messages you send to support@healthx.life.

    1.2 Information collected automatically

    • Device and usage — browser type, operating system, pages and features visited, approximate location (from IP, city-level), time zone, referring URL. Collected via Google Analytics 4 and Microsoft Clarity for product analytics.
    • Session replays — Microsoft Clarity records anonymized session replays to help us improve usability. Clarity masks all text input by default.
    • Cookies and local storage — we store your access and refresh tokens locally so you stay signed in, and preferences such as theme. We do not set third-party advertising cookies.

    1.3 Information from third parties

    • Google / Apple Sign-In — if you sign in with Google or Apple we receive your verified email address, name, and provider ID. We do not receive your Google or Apple password.

    2. How we use your information

    • Provide the core service — AI workout, meal, and wellness recommendations personalized to your profile.
    • Authenticate you and keep you signed in securely.
    • Send reminders you enable (water, meals, workouts, sleep, mood).
    • Analyze product usage to fix bugs and prioritize features.
    • Respond to support requests and send service-related emails.
    • Comply with legal obligations and enforce our Terms.

    We do not sell your personal information. We do not use your health data to train third-party AI models.

    3. Who we share with

    • Cloud infrastructure — MongoDB Atlas (database), DigitalOcean (application hosting), all accessed over encrypted connections.
    • AI provider — your chat messages and relevant profile context are sent to Google Gemini so the assistant can generate responses. Google's terms for Gemini API apply in addition to this policy.
    • Analytics — Google Analytics 4 and Microsoft Clarity (behavioral analytics only, no PII shared).
    • Email provider — Resend delivers transactional emails (password reset, welcome, reminders).
    • Legal — we may disclose information if required by law, subpoena, or to protect the rights, property, or safety of users.

    4. International transfers

    Our servers are located in Amsterdam, Netherlands (EU). If you are outside the EU, your data is transferred across borders to be processed by us and our service providers. Where applicable we rely on Standard Contractual Clauses as the transfer mechanism.

    5. Data retention

    We keep your account and its related data for as long as your account is active. When you delete your account, we permanently remove your personal profile, workouts, meals, check-ins, photos, chat history, and tokens from our primary database within 30 days. Backups are rotated and purged within 90 days.

    6. Your rights

    Depending on where you live (GDPR in the EU/UK, CCPA in California, and similar laws elsewhere), you have the right to:

    • Access the personal information we hold about you.
    • Correct inaccurate information (most of it you can edit directly in the app).
    • Delete your account and associated data at any time (Settings → Delete Account).
    • Export your data in a portable JSON format.
    • Object to or restrict certain processing.
    • Withdraw consent (e.g., turn off reminders, disable Google Sign-In).
    • Lodge a complaint with your local data protection authority.

    To exercise any of these rights, email support@healthx.life.

    7. Security

    We protect your data with TLS in transit, bcrypt password hashing, JWT access tokens rotated via opaque refresh tokens, and standard OWASP controls (helmet, rate limiting, CORS allowlist). No system is 100% secure — if we detect a breach that affects you we will notify you within 72 hours in accordance with applicable law.

    8. Children

    FitAI is not intended for children under 16. We do not knowingly collect information from anyone under 16. If you believe a child under 16 has provided us with data, contact us and we will delete it.

    9. Not medical advice

    FitAI provides general wellness and fitness information generated by AI. It is not a medical device and not a substitute for professional medical advice, diagnosis, or treatment. Always consult a qualified healthcare provider for medical concerns.

    10. Changes to this policy

    We may update this policy from time to time. Material changes will be announced in the app and via email. The "Effective" date at the top of this page tells you when the current version took effect.

    11. Contact

    Healthx.life
    Email: support@healthx.life
    Data requests: support@healthx.life