Privacy Policy (FitWow)

1. Data We Collect

1.1 Account and profile

• Sign-in: When you create an account or sign in with Google or Apple, we receive an identifier and, depending on the provider, your email and name. We store a display name and optional profile photo (avatar) that you can edit in the app.
• Profile: We store your preferences and goals, such as target calories, macros, water goal, activity level, age, height, sex, weight, goal weight, dietary restrictions (e.g. allergies, intolerances), and timezone. This is used to personalize the app and send you relevant reminders. Biological sex is collected solely to provide more accurate metabolic and nutritional calculations (e.g. BMR) based on established scientific equations. Consult with your healthcare provider to determine which physiological profile best aligns with your current medical status.

1.2 Nutrition and meals

• Meals and foods: We store the meals you log (date, type, name) and the foods in each meal (name, calories, protein, carbs, fat, quantity, unit). This data is used to show your daily summary, statistics, and history.
• Photos: If you use the camera or photo library to log meals, we upload and store meal photos on our servers to display them in the app and to analyze them (see "Meal analysis" below). You can choose not to add photos.

1.3 Health and activity (optional)

• Health Connect (Android): If you grant permission, we may read and write health data such as steps, active calories, heart rate, sleep, weight, height, nutrition, and similar data to sync with the app and to write nutrition data back to Health Connect. We explicitly do not use data accessed through Health Connect for any purpose other than providing and improving the features of the app. This data is never shared with third parties for advertising or marketing purposes.
• Fitbit / Strava: If you connect these services, we receive activity data (e.g. steps, workouts) according to the permissions you approve. We use this to enrich your experience in the app (e.g. activity and nutrition in one place).

1.4 Device and app usage

• Push notifications: We store a push token (device identifier for notifications) so we can send you reminders, streak updates, and other app-related notifications. You can disable notifications in your device or in-app settings.
• Timezone: We store your device timezone to send notifications at appropriate local times.
• Referrals: If you use a referral link or code, we may store and match referral information to attribute sign-ups.

1.5 Community and groups

• When you participate in groups, your shared meals, display name, and reactions may be visible to other members of that group.

2. How We Use Your Data

• Provide the service: To track your nutrition, weight, and habits. FitWow does not provide medical advice or clinical services.
• Meal analysis: We use Google's Gemini API to suggest meal name and nutrition estimates when you take or upload a photo. These are statistical approximations and should not be relied upon for medical decisions (e.g., insulin dosing or managing severe allergies). Images are processed for immediate analysis and handled according to Google's Enterprise/API privacy terms; they are not used to train models. AI-generated estimates may vary—verify nutritional information with a professional if you have specific medical requirements.
• Metabolic calculations: BMR and similar formulas are based on standard mathematical models. They are not a substitute for clinical metabolic testing.
• Personalization: To show targets, recommendations, and reminders (e.g. meal reminders, water, streaks) based on your profile and preferences.
• Subscriptions: To manage premium features and subscriptions (e.g. via RevenueCat and the stores). We do not sell your personal data.

3. Legal Basis (EEA/UK)

Where applicable, we process your data:

• Contract: To fulfill our contractual obligations in providing the FitWow services and features requested by you.
• Consent: Where we ask for consent (e.g. push notifications, Health Connect, camera, photo library).
• Legitimate interests: To improve the app, security, and support, where this does not override your rights.

You can withdraw consent (e.g. revoke permissions or disable notifications) at any time. Withdrawal does not affect the lawfulness of processing before withdrawal.

4. Who We Share Data With

We do not sell your personal data. We share data only as follows:

• Service providers: We use Supabase (auth, database, storage), Firebase (push notifications), and RevenueCat (subscriptions). These providers process data on our behalf under strict agreements.
• Meal analysis: Processed meal images are sent to Google's Gemini API for analysis; see Google's privacy policy for how they handle this data.
• Sign-in: If you sign in with Google or Apple, those providers receive the sign-in request and may share limited profile data with us as you consent.
• Optional integrations: If you connect Fitbit or Strava, we share only what is needed for the connection and receive data according to your authorization.
• Legal: We may disclose data if required by law or to protect rights and safety.

5. Data Retention and Deletion

• We keep your account and data as long as your account is active.
• You can delete your account and all associated data directly within the app settings or by contacting our support email.
• If you delete your account (or ask us to), we will delete or anonymize your personal data in line with our retention and backup procedures, except where we must keep it for legal reasons.
• For any other account or data deletion request, contact us (see "Contact" below).

6. Your Rights

Depending on where you live, you may have the right to:

• Access your personal data.
• Correct inaccurate data.
• Delete your data or account.
• Restrict or object to certain processing.
• Data portability (e.g. a copy of your data in a common format).
• Withdraw consent where processing is based on consent.
• Complain to a supervisory authority (e.g. in the EEA).

To exercise these rights, contact us using the details below. We will respond within the time required by applicable law.

7. Security

We use industry-standard measures (including encryption, access controls, and secure infrastructure) to protect your data. No system is 100% secure; we encourage you to use a strong password and keep your device secure.

8. Children

The app is not directed at children under 13 (or the applicable age in your country). We do not knowingly collect data from them. If you believe we have collected a child's data, please contact us and we will delete it.

9. International Transfers

Your data may be processed in countries other than your own. We ensure appropriate safeguards (e.g. standard contractual clauses or equivalent) where required by law.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will post the updated version in the app or on our website and, where required, ask for your consent or notify you. Continued use of the app after changes means you accept the updated policy.

11. Contact

For privacy-related requests, questions, or to delete your account, contact us at:

support@fitwowapp.com