Privacy Policy

FitFab Inc. ("FitFab," "we," "us," or "our") operates the FitFab mobile application, the website at fitfab.ai, and the web application at pulse.fitfab.ai (collectively, the "Services"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Services.

By accessing or using the Services, you agree to this Privacy Policy. If you do not agree, please discontinue use of the Services immediately.

2.1 Information You Provide

• Account Information: Name, email address, password, date of birth, gender, height, weight, and fitness goals when you create an account.
• Profile Data: Photos, biometric measurements, dietary preferences, and health conditions you choose to share.
• Food & Nutrition Data: Food images you scan, meal logs, nutrition entries, and dietary intake information.
• Corporate Account Data: Company name, department, employee ID (for B2B/corporate wellness programs).

2.2 Information from Wearable Devices

When you connect wearable devices (Apple Watch, Fitbit, Garmin, Oura Ring, WHOOP, etc.), we collect:

• Heart rate, heart rate variability (HRV), and resting heart rate
• Blood oxygen saturation (SpO2)
• Step count, calories burned, and physical activity data
• Sleep duration, sleep stages, and sleep quality scores
• Stress scores and recovery metrics

2.3 Apple HealthKit Data

If you grant permission, we read and write data from Apple HealthKit. We use HealthKit data solely to provide personalized health insights within the app. We do not sell HealthKit data, use it for advertising, or share it with third parties for marketing purposes. HealthKit data is not stored on external servers beyond what is necessary to provide the Services.

2.4 Automatically Collected Information

• Device type, operating system, and app version
• IP address, browser type, and general location (city-level)
• Usage data such as screens viewed, features used, and session duration
• Crash logs and performance diagnostics

2.5 Camera & Microphone

• Camera: Used exclusively for scanning food items and nutrition labels for AI-powered nutrition analysis.
• Microphone: Used exclusively for voice commands to the AI health advisor. Audio is processed on-device when possible.

• Provide personalized fitness, nutrition, and wellness insights
• Calculate BMR, TDEE, and nutritional gap analyses
• Generate AI-powered health recommendations
• Detect nutrient deficiencies and suggest corrective actions
• Display unified dashboards of your wearable and nutrition data
• Send alerts for critical health signals (if enabled)
• Improve our AI models and Services (using de-identified, aggregated data only)
• Communicate service updates and security notices
• Provide corporate wellness administrators with anonymized, aggregated reports (B2B accounts only)

We do not sell your personal information. We may share data in these circumstances:

• Service Providers: Google Cloud Platform (hosting, AI/ML services), Firebase (authentication), and infrastructure vendors who process data on our behalf under strict confidentiality agreements.
• Corporate Wellness Programs: If you are part of a B2B corporate account, your employer may see anonymized, aggregated health metrics (never individual data) with a minimum group size of 5 employees.
• Legal Requirements: When required by law, regulation, legal process, or governmental request.
• Safety: To protect the rights, safety, or property of FitFab, our users, or the public.

Your data is stored on Google Cloud Platform infrastructure with encryption at rest (AES-256) and in transit (TLS 1.3). We implement industry-standard security measures including:

• Role-based access controls and principle of least privilege
• Regular security audits and vulnerability assessments
• Secrets management via Google Secret Manager
• Database-level encryption and access logging

Health data from wearable devices is stored in a separate, isolated database with additional access restrictions.

We retain your data for as long as your account is active. Upon account deletion, we will delete or de-identify your personal data within 30 days, except where retention is required by law or for legitimate business purposes (e.g., fraud prevention). Aggregated, de-identified data may be retained indefinitely for analytics and service improvement.

Depending on your jurisdiction, you may have the right to:

• Access: Request a copy of your personal data.
• Correction: Request correction of inaccurate data.
• Deletion: Request deletion of your data.
• Portability: Export your data in a machine-readable format.
• Opt-Out: Disconnect wearable devices or revoke permissions at any time through the app settings.
• Withdraw Consent: Withdraw consent for data processing where consent is the legal basis.

To exercise these rights, contact us at privacy@fitfab.ai.

FitFab is not intended for children under 16. We do not knowingly collect personal data from children under 16. If we learn that we have collected data from a child under 16, we will delete it promptly.

Our Services integrate with third-party platforms (wearable manufacturers, USDA FoodData Central). These services have their own privacy policies, and we encourage you to review them. We are not responsible for the privacy practices of third-party services.

We may update this Privacy Policy from time to time. We will notify you of material changes via email or in-app notification. Continued use of the Services after changes constitutes acceptance of the updated policy.

If you have questions about this Privacy Policy, contact us at:

FitFab Inc.
Email: privacy@fitfab.ai
Website: fitfab.ai