Privacy Policy

    Effective July 9, 2026. How FitAI handles your personal and health information.

    FitAI ("we", "us", "our") is operated by Healthx.life. This policy explains what information we collect when you use fitai.live and our mobile apps, how we use it, and the choices you have. By using FitAI you agree to this policy.

    1. Information we collect

    1.1 Information you provide

    • Account information — email address, password hash (we never store your plain password), full name, and avatar if you upload one.
    • Health profile — age, height, weight, fitness level, dietary preferences, allergies, medical conditions, and goals you choose to share so the AI can personalize recommendations.
    • Activity data — workouts you save or complete, meals you log, wellness check-ins, sleep and mood entries, symptom notes, habits, water intake.
    • Chat history — messages you send to the AI assistant and the responses you receive (unless you use Temporary Chat mode).
    • Uploaded media — avatar photo, progress photos, food photos.
    • Support correspondence — messages you send to support@healthx.life.

    1.2 Information collected automatically

    • Device and usage — browser type, operating system, pages and features visited, approximate location (from IP, city-level), time zone, referring URL. Collected via Google Analytics 4 and Microsoft Clarity for product analytics.
    • Session replays — Microsoft Clarity records anonymized session replays to help us improve usability. Clarity masks all text input by default.
    • Cookies and local storage — we store your access and refresh tokens locally so you stay signed in, and preferences such as theme. Our website (fitai.live) does not set third-party advertising cookies.
    • Mobile app diagnostics — device model, operating system version, app version, a randomly generated device identifier, and crash/diagnostic data to keep the apps stable and secure.
    • Advertising identifier (free plan, mobile apps only) — on the free plan our mobile apps show ads through Google AdMob, which may access your device's advertising identifier (Apple IDFA / Google Advertising ID) to deliver and measure ads. Premium removes all ads. See "Advertising and your choices" in Section 3.

    1.3 Information from third parties

    • Google / Apple Sign-In — if you sign in with Google or Apple we receive your verified email address, name, and provider ID. We do not receive your Google or Apple password.
    • Subscriptions and purchases — when you buy a Premium subscription it is processed by the Apple App Store or Google Play. We and our subscription provider RevenueCat receive your purchase and subscription status, product ID, transaction identifiers, and store account identifier — but not your full payment-card details, which the app stores handle directly.

    2. How we use your information

    • Provide the core service — AI workout, meal, and wellness recommendations personalized to your profile.
    • Authenticate you and keep you signed in securely.
    • Process your subscription and unlock Premium features.
    • Show ads on the free plan of our mobile apps (removed on Premium).
    • Send reminders you enable (water, meals, workouts, sleep, mood) via push notifications.
    • Analyze product usage to fix bugs and prioritize features.
    • Respond to support requests and send service-related emails.
    • Comply with legal obligations and enforce our Terms.

    We do not sell your personal information. We do not use your health data to train third-party AI models.

    3. Who we share with

    • Cloud infrastructure — MongoDB Atlas (database), DigitalOcean (application hosting), all accessed over encrypted connections.
    • AI provider — your chat messages and relevant profile context are sent to Google Gemini so the assistant can generate responses. Google's terms for Gemini API apply in addition to this policy.
    • Analytics — Google Analytics 4 and Microsoft Clarity (behavioral analytics only, no PII shared).
    • Email provider — Resend delivers transactional emails (password reset, welcome, reminders).
    • Subscriptions & paymentsRevenueCat (subscription management) and the Apple App Store / Google Play (payment processing) receive purchase and subscription data to validate and manage your Premium access.
    • Advertising (mobile, free plan)Google AdMob serves ads to free users in our mobile apps and may use your device advertising identifier for ad delivery and measurement. Premium removes all ads.
    • Push notificationsFirebase Cloud Messaging (Google) delivers the reminders and notifications you enable; a device push token is processed for this purpose.
    • Legal — we may disclose information if required by law, subpoena, or to protect the rights, property, or safety of users.

    Advertising and your choices. We do not sell your personal information for money. On the free plan, Google AdMob may use your device's advertising identifier to show and measure ads. You can reset or limit this identifier in your device settings (iOS: Settings → Privacy & Security → Tracking and Apple Advertising; Android: Settings → Google → Ads), or remove ads entirely by subscribing to Premium. Learn how Google uses advertising data at Google's Partner Policy.

    4. International transfers

    Our servers are located in Amsterdam, Netherlands (EU). If you are outside the EU, your data is transferred across borders to be processed by us and our service providers. Where applicable we rely on Standard Contractual Clauses as the transfer mechanism.

    5. Data retention

    We keep your account and its related data for as long as your account is active. When you delete your account, we permanently remove your personal profile, workouts, meals, check-ins, photos, chat history, and tokens from our primary database within 30 days. Backups are rotated and purged within 90 days.

    6. Your rights

    Depending on where you live (GDPR in the EU/UK, CCPA in California, and similar laws elsewhere), you have the right to:

    • Access the personal information we hold about you.
    • Correct inaccurate information (most of it you can edit directly in the app).
    • Delete your account and associated data at any time (Settings → Delete Account).
    • Export your data in a portable JSON format.
    • Object to or restrict certain processing.
    • Withdraw consent (e.g., turn off reminders, disable Google Sign-In).
    • Lodge a complaint with your local data protection authority.

    To exercise any of these rights, email support@healthx.life.

    7. Security

    We protect your data with TLS in transit, bcrypt password hashing, JWT access tokens rotated via opaque refresh tokens, and standard OWASP controls (helmet, rate limiting, CORS allowlist). No system is 100% secure — if we detect a breach that affects you we will notify you within 72 hours in accordance with applicable law.

    8. Children

    FitAI is not intended for children under 16. We do not knowingly collect information from anyone under 16. If you believe a child under 16 has provided us with data, contact us and we will delete it.

    9. Not medical advice

    FitAI provides general wellness and fitness information generated by AI. It is not a medical device and not a substitute for professional medical advice, diagnosis, or treatment. Always consult a qualified healthcare provider for medical concerns.

    10. Changes to this policy

    We may update this policy from time to time. Material changes will be announced in the app and via email. The "Effective" date at the top of this page tells you when the current version took effect.

    11. Contact

    Healthx.life
    Email: support@healthx.life
    Data requests: support@healthx.life