Privacy Policy

Information We Collect

FitArox collects: your email and password (authentication), profile data (age, height, weight, goal, fitness level), meals and nutritional data, workout sessions, and coach AI messages.

How We Use Your Information

Your data is used to: personalize your programs and nutrition, generate AI analyses, track your progress, and improve the FitArox service.

Body Photos

Photos taken for body analysis are NEVER stored. They are analyzed in memory by AI then immediately deleted. No photos are kept on our servers.

Data Storage & Security

Your data is securely stored on Supabase (GDPR-compliant cloud hosting). Communications are encrypted in transit (HTTPS). FitArox does not sell or share your personal data with third parties.

Your Rights (GDPR)

Under GDPR, you have the right to access, modify, and delete your data. You can delete your account and all data at any time from the app settings. You can also export all your data in JSON format.

Third-Party Services

FitArox uses the following services to operate. Supabase (database and authentication — GDPR-compliant, hosted in EU — supabase.com/privacy). Railway (backend hosting — railway.app/legal/privacy). Mixpanel (analytics — opt-in only — mixpanel.com/legal/privacy-policy). Sentry (crash reports — opt-in only — sentry.io/privacy). RevenueCat (subscription and payment management — revenuecat.com/privacy). Anthropic Claude (AI coach, meal analysis, body analysis, program generation — anthropic.com/privacy). Google Sign-In and Apple Sign-In (authentication only — handled via native OAuth dialogs). Your data is never sold to third parties. Each service provider acts as a data processor under contract with FitArox.

Third-Party AI Services

Some FitArox features rely on third-party AI providers. Below are the specific details of how your data is handled when these features are used.

Provider

Anthropic, Inc.

Data shared

Body photos (3 views: front, side, back), meal photos, fitness profile (height, weight, age, gender, goal, fitness level, available equipment, dietary preferences) and your messages to the AI coach.

Why we share it

To generate personalized training and nutrition plans, analyze body composition, analyze meals, and produce coach responses.

Retention

Body and meal photos are deleted on FitArox's side immediately after analysis. Anthropic only retains API inputs for the time needed to return a response, plus a short security retention window.

No model training

Under our commercial agreement with Anthropic, none of your data is used to train Anthropic's models.

Anthropic Privacy Policy →

Data Retention

Your data is kept for as long as your account is active. Workout sessions and meal logs are kept for up to 2 years. AI coach messages are automatically deleted after 90 days. You can delete all your data at any time by deleting your account.

International Transfers

Your data may be processed in the EU and the United States through our service providers. All transfers are protected by encryption and standard contractual clauses.

California Privacy Rights (CCPA)

If you are a California resident, you have the right to: know what data we collect, request deletion of your data, and opt out of data sharing. FitArox does not sell your personal information. To exercise your rights, contact us or use the data export feature in the app.

Children's Privacy

FitArox is not intended for children under 13. We do not knowingly collect data from children under 13. If we learn that we have collected data from a child under 13, we will delete it immediately.

Health Data

FitArox collects health-related data (weight, height, body composition) with your explicit consent. This data is used solely to personalize your fitness experience and is stored securely. You can withdraw your consent at any time.

Data Export

You can export all your data in JSON format at any time from the app settings (Profile > Export my data). This includes your profile, workouts, meals, coach messages, and body analyses.

Contact Us

For any privacy-related questions or requests, please contact us at contact@fitarox.com.

Data Protection Officer

For any data protection inquiries, you can reach our data protection team at: dpo@fitarox.com. If you are not satisfied with our response, you have the right to lodge a complaint with your local data protection authority.

Do Not Sell My Personal Information

FitArox does not sell, rent, or trade your personal information to any third party for monetary or other valuable consideration. This applies to all users, including California residents under CCPA/CPRA.

Data Breach Notification

In the event of a data breach that poses a risk to your rights, we will notify affected users within 72 hours as required by GDPR Article 33. We will also notify the relevant supervisory authority. Notifications will be sent via email and in-app notification.

Automated Decision-Making

FitArox uses AI (Anthropic Claude) to generate workout programs, analyze meals, assess body composition, and provide coaching advice. These are AI-assisted recommendations, not binding decisions. You can modify any AI-generated program or recommendation manually.

Legal Basis for Processing (GDPR Art. 6)

We process your data based on: (a) your consent (analytics, health data, crash reports), (b) contract performance (providing the fitness service you signed up for), and (c) legitimate interest (security, fraud prevention). You can withdraw consent at any time without affecting prior processing.

Cookies & Tracking

FitArox is a mobile application and does not use cookies. Analytics tracking (Mixpanel) and crash reporting (Sentry) are only enabled with your explicit consent. You can revoke this consent at any time from the app settings.