FitCut Privacy Policy

Version: 2025-09-28

Effective: September 28, 2025

This Privacy Policy explains how we collect, use, share, and protect your personal information when you use our mobile and web applications, services, and websites (collectively, the "Services"). By using the Services, you acknowledge this Policy. Where required by law, we rely on your consent before enabling non-essential data collection (e.g., analytics/cookies).

1) Who we are (Data Controller)

FitCut LLC, Wyoming, USA, is the controller of your personal information.

Contact: fitcut.supp@gmail.com

2) Information we collect

We only collect what is necessary to operate the Services. Categories include:

Account & Identity Data: email, username, display name, UID, authentication state, and age attestation (affirmation that you meet the minimum required age).
Subscription & Payments: Stripe customer ID, subscription ID and status, price ID, checkout session IDs, renewal dates, and related billing metadata. We do not store full payment card details; Stripe processes payments.
App Content & Activity: workout and nutrition data, preferences and settings, progress, timers, devices list, tutorial state, and limited logs of significant in-app events.
Health & Fitness Media: progress photos you upload to track your fitness journey. These are treated as health-related imagery, stored securely, and never shared with third parties.
Device & Technical: app version, device type, OS, browser and user agent, connection type, screen info, crash/diagnostic logs, and local storage/IndexedDB identifiers required for sync and offline use.
Push Notifications: if you enable push notifications, we collect your device token via Firebase Cloud Messaging to deliver workout reminders, progress updates, and important account notifications. You can disable notifications in your device settings at any time.
Biometric Preferences: if you enable Face ID or Touch ID, we store your preference to unlock the app using biometrics. Your actual biometric data never leaves your device and is processed entirely by your operating system.
Consents & Versioning: timestamps and versions for Terms of Service, Privacy Policy, cookie preferences, and health consent.

3) Sources of information

We collect information directly from you (during sign-up, checkout, and in-app actions) and automatically from your device when you use the Services. We also receive limited subscription metadata from Stripe.

4) How we use your information

Provide, personalize, and improve the Services (e.g., workouts and nutrition features).
Authenticate users, maintain security, prevent abuse and fraud.
Process subscriptions and billing via Stripe and maintain your subscription state.
Sync data across your devices (Firestore/IndexedDB) and support offline use.
Where you consent, measure usage and performance to improve reliability and UX.
Comply with legal obligations and respond to lawful requests.

5) Cookies & analytics

By default, non-essential analytics and cookies are OFF.

We only enable them if you grant consent. Essential cookies/storage (e.g., to keep you signed in, to route traffic, to store your preferences, and to ensure security) may be used without consent where permitted by law.

6) Legal bases for processing (where applicable)

We rely on: performance of a contract (to deliver the Services), legitimate interests (e.g., security, fraud prevention, basic analytics where allowed), consent (for non-essential cookies/analytics), and legal obligations.

7) Sharing of information

We do not sell or share your personal information as defined under applicable privacy laws (e.g., CPRA).

Service Providers: e.g., Stripe (payments), Firebase/Google Cloud (authentication, database, storage, Cloud Messaging for push notifications, Crashlytics for crash reporting), and infrastructure providers. Access is limited to what is necessary.
Legal & Safety: if required by law, to protect rights, users, or the Service.
Business Transfers: as part of a merger, acquisition, or asset sale, subject to appropriate safeguards.

8) International transfers

We may transfer data internationally (e.g., to the United States and other countries). When we do, we use appropriate safeguards such as Standard Contractual Clauses and technical measures to protect your information.

9) Data retention

We retain personal information for the following periods:

Account Data: retained while your account is active, plus 30 days after deletion request to process the deletion.
Health & Workout Data: retained while your consent is valid; deleted within 7 days of consent withdrawal.
Progress Photos: deleted immediately upon your request or account deletion.
Billing Records: retained for 7 years as required for tax and legal compliance.
Analytics Data: retained for 14 months if you opted in; aggregated thereafter.
Inactive Accounts: may be deleted after 24 months of inactivity.

You may request deletion of your account data at any time, subject to legal obligations and safety requirements.

10) Your rights

Access, correction, deletion, and portability of your data.
Withdrawal of consent at any time (this does not affect prior lawful processing).
Objection or restriction of certain processing where applicable by law.
Lodging a complaint with a supervisory authority in your region.

To exercise your privacy rights or contact us about this Privacy Policy: fitcut.supp@gmail.com or FitCut LLC, Wyoming, USA.

10a) How to delete your data

You have the right to delete your personal data at any time. There are two ways to do this:

In-App Deletion (Recommended): Go to Settings > Privacy & Data > Delete Account. This immediately removes all your data from our systems.
Email Request: Send an email to fitcut.supp@gmail.com with the subject "Data Deletion Request" and we will process your request within 30 days.

Full data deletion instructions: View Data Deletion Instructions

11) Children & minimum age

The Services are not intended for children under the age required by local law to use fitness services and provide consent (e.g., 13 in many jurisdictions; higher ages may apply).

During sign-up you must attest that you meet the minimum age or have verified parental/guardian consent where required. If we learn that a child's data was collected contrary to this Policy, we will delete it.

12) Security

We implement administrative, technical, and organizational measures designed to protect personal information, including role-based access, encryption in transit, and least-privilege access to production systems. No system is 100% secure.

13) Changes to this Policy

We may update this Policy. When we do, we will revise the version and effective date and maintain a changelog. If material changes occur, we will provide additional notice and request new consent where required.

14) Versioning (for in-app audits)

The current privacy policy version is 2025-09-28. Your acceptance is recorded with a timestamp and version in Firestore (e.g., fields such as privacy_version and privacyAcceptedAt), alongside your cookie/analytics and health-consent preferences where applicable.

15) Contact

Questions?

Contact: fitcut.supp@gmail.com · FitCut LLC, Wyoming, USA

This document is provided for general informational purposes only and is not legal advice. Consult with counsel to adapt it to your specific regulatory obligations.