Fit Snap ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered fitness application and related services (collectively, the "Service").

Please read this Privacy Policy carefully. By using the Service, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our Service.

1. Information We Collect

1.1 Personal Information You Provide

When you create an account or use our Service, we may collect the following personal information:

Account Information: Email address, name, and authentication credentials (Google, Apple, or Passkey)
Profile Information: Age, gender, weight, height, fitness goals, experience level
Onboarding Data: Workout location preferences, available equipment, workout frequency and duration preferences, primary fitness goals
Health Information: Self-reported injuries, physical limitations, energy levels, and health notes you choose to share
User Preferences: Time-sensitive preferences, workout intensity preferences (RIR - Reps in Reserve), unit preferences (metric/imperial)

1.2 Workout and Activity Data

To provide personalized fitness recommendations, we collect:

Workout History: Exercises completed, sets, reps, weights used, rest periods, completion dates
Performance Data: Actual reps completed vs. target reps, RIR (Reps in Reserve) feedback, difficulty ratings
Workout Plans: AI-generated weekly workout schedules, modifications, and completion status
Progress Tracking: Workout streaks, training period data, rollover reconciliation records

1.3 AI Interaction Data

When you interact with our AI-powered features, we collect:

Chat Conversations: Your messages to our AI trainer and the AI's responses
Onboarding Conversations: Information you share during the onboarding chat to personalize your experience
LLM Interactions: Prompts, responses, tool calls, tokens used, and conversation metadata
Voice Interactions: Voice transcriptions from speech-to-text features (audio is not stored)

1.4 Audio Recording (RECORD_AUDIO Permission)

Our app requests the RECORD_AUDIO permission for voice-based workout tracking features:

Purpose: Voice-based workout tracking, AI fitness coaching, and hands-free workout logging
Usage: Audio is recorded only when you actively use voice features (e.g., during AI chat or workout tracking)
Processing: Audio is processed in real-time and converted to text using speech-to-text services
Storage: Raw audio recordings are NOT permanently stored. Only the transcribed text is retained for AI processing
Transmission: Audio data is encrypted during transmission to our servers and AI processing services
Control: You can disable microphone permissions at any time in your device settings (Settings → Apps → Fit Snap → Permissions)
Security: All audio transmission uses secure HTTPS/TLS encryption

Important: We do NOT:

Record audio in the background without your knowledge
Store audio recordings permanently on our servers
Share audio recordings with third parties (except AI processing services for transcription)
Use audio for advertising or marketing purposes

1.5 Documents and Media

If you choose to upload documents:

Document Uploads: Files you upload (e.g., medical records, fitness assessments)
Extracted Text: Text content extracted from uploaded documents for AI processing
File Metadata: Filename, file type, file size, upload timestamp

1.6 Health Connect and Apple HealthKit Data (Android/iOS)

Fit Snap calculates Recovery Score (training readiness) and Strain Score (daily physiological load) using health data from Health Connect (Android) and Apple HealthKit (iOS). These scores personalize your workout recommendations to prevent overtraining and optimize performance.

Important: All health data is processed locally on your device. We do NOT upload raw health data (heart rate readings, sleep sessions, step counts) to our servers. Only the calculated Recovery and Strain scores are synced to enable workout personalization across your devices.

Health Data We Access:

1. Steps (READ_STEPS)

Purpose: Measures daily movement for Strain Score calculation
Usage: Tracks non-workout activity throughout your day to measure total physical load
Benefit: Prevents overtraining by accounting for all movement, not just logged workouts
Privacy: Step counts are aggregated daily and processed locally; raw data never leaves your device

2. Sleep Sessions (READ_SLEEP)

Purpose: Sleep component of Recovery Score (30% weight)
Usage: Analyzes sleep duration, quality (deep + REM %), and efficiency to determine readiness
Benefit: Automatically recommends rest days when sleep is insufficient, preventing injury
Privacy: Sleep stage data processed locally; only sleep quality score synced to servers

3. Heart Rate (READ_HEART_RATE)

Purpose: Measures workout intensity for Strain Score calculation
Usage: Calculates heart rate zones (Zone 1-5) to objectively measure training intensity
Benefit: Accurately measures how hard you're working instead of guessing from exercise type
Privacy: Heart rate data processed during workouts only; individual HR readings never stored on servers

4. Heart Rate Variability - HRV (READ_HEART_RATE_VARIABILITY)

Purpose: Primary Recovery Score component (55% weight) - most important metric
Usage: Compares your current HRV to personal baseline to detect recovery state
Benefit: Detects overtraining, illness, and stress 24-48 hours before symptoms appear
Privacy: HRV readings processed locally; only daily HRV average synced to calculate Recovery Score
Note: We use SDNN (Standard Deviation of NN intervals) variant as provided by health platforms

5. Resting Heart Rate (READ_RESTING_HEART_RATE)

Purpose: Secondary recovery indicator (15% weight of Recovery Score)
Usage: Elevated resting HR indicates incomplete recovery or illness
Benefit: Provides safety net when HRV data is incomplete from wearables
Privacy: Daily resting HR value processed locally; only used for Recovery Score calculation

6. Active Calories Burned (READ_ACTIVE_CALORIES_BURNED)

Purpose: Measures high-intensity non-workout activity for Strain Score
Usage: Differentiates intense activities (hiking, stairs) from casual walking
Benefit: Captures activity intensity that step counts alone cannot measure
Privacy: Daily active calorie totals processed locally; raw data never uploaded

7. Exercise Sessions (READ_EXERCISE / WORKOUT)

Purpose: Fetches workout history for Strain Score calculation
Usage: Syncs workouts logged in other apps (Strava, Samsung Health, Apple Fitness)
Benefit: Provides complete training picture across all your fitness apps
Privacy: Workout metadata (type, duration) synced; detailed HR data stays local

8. Write Exercise Sessions (WRITE_EXERCISE / WORKOUT)

Purpose: Logs Fit Snap workouts back to Health Connect / Apple HealthKit
Usage: Makes your workouts visible across entire health ecosystem
Benefit: Ensures tomorrow's Strain Score includes today's Fit Snap workout
Privacy: Only workout summaries written (duration, type); no personal health data

How Recovery and Strain Scores Work:

Recovery Score (0-100): Indicates your training readiness

Heart Rate Variability: 55% weight (autonomic nervous system health)
Sleep Quality: 30% weight (restorative sleep duration and efficiency)
Resting Heart Rate: 15% weight (cardiovascular recovery)

Strain Score (0-100): Measures daily physiological load

Workout intensity via heart rate zones (exponential weighting)
Daily activity from steps and active calories
Cumulative training impulse (TRIMP methodology)

Your Control Over Health Data:

Permission Required: You must explicitly grant permissions via Health Connect or iOS Health settings
Revoke Anytime: Remove permissions in device settings; app continues working with limited features
Transparent Usage: You see exactly how each metric affects your Recovery and Strain scores
Local Processing: All raw health data processing happens on your device, not our servers
Minimal Sync: Only daily aggregated scores synced to enable multi-device experience

What We Do NOT Do:

Upload raw heart rate readings, step counts, or sleep sessions to servers
Share health data with advertisers or third parties (except AI providers for score calculation)
Use health data for marketing or non-fitness purposes
Train AI models on your personal health data
Access health data in the background without your knowledge

Scientific Foundation: Our Recovery and Strain Score algorithms are based on research from WHOOP, Oura Ring, Garmin, and Fitbit methodologies. Full algorithm documentation is available in our open-source repository.

1.7 Automatically Collected Information

When you access or use our Service, we automatically collect:

Device Information: Device type, operating system, browser type, unique device identifiers
Usage Data: Login times, features accessed, session duration, interaction patterns
Session Information: IP address, user agent, refresh tokens, device info for security purposes
Analytics Data: App performance metrics, error logs, feature usage statistics

2. How We Use Your Information

We use the collected information for the following purposes:

2.1 To Provide and Improve Our Service

Generate personalized AI-powered workout recommendations based on your Recovery and Strain scores
Calculate daily Recovery Score (training readiness) from sleep, HRV, and resting heart rate
Calculate daily Strain Score (physiological load) from workouts, steps, and active calories
Adjust workout intensity automatically when Recovery Score is low to prevent overtraining
Recommend rest days when cumulative Strain is high or Recovery is poor
Adapt exercises based on your available space, equipment, and fitness level
Track your progress and adjust difficulty levels automatically
Provide real-time coaching and form guidance through AI chat
Remember your injuries and physical limitations to prevent harmful recommendations
Offer exercise alternatives when equipment is unavailable
Build personal baselines for HRV and resting HR over 7-30 days for accurate recovery assessment

2.2 Account Management and Security

Create and manage your user account
Authenticate your identity using Google OAuth, Apple Sign-In, or Passkeys (WebAuthn)
Manage refresh tokens and session security
Detect and prevent unauthorized access, token reuse, and security breaches
Track active sessions across devices for security monitoring

2.3 Communication

Respond to your questions, comments, and support requests
Send you technical notices, updates, and security alerts
Provide onboarding assistance and feature tutorials
Send promotional communications (with your consent)

2.4 Analytics and Improvement

Analyze usage patterns to improve AI workout generation
Monitor app performance and identify technical issues
Conduct research and development for new features
Track AI model performance, cost, and token usage

3. AI and Machine Learning

Fit Snap uses advanced AI models to provide personalized fitness recommendations. Here's how we handle your data in our AI systems:

3.1 AI Processing

We use third-party AI providers (OpenRouter, OpenAI, Google Gemini, Anthropic Claude) to process workout generation and chat interactions
Your fitness data is sent to these providers to generate personalized recommendations
We maintain detailed logs of AI interactions for quality improvement and debugging
AI interactions include context about your profile, workout history, and health notes

3.2 Data Retention for AI Training

Important: We do not use your personal data to train AI models. However, our third-party AI providers may have their own data retention policies. We recommend reviewing:

OpenAI Privacy Policy: https://openai.com/privacy
Google AI Privacy: https://ai.google/responsibility/privacy
Anthropic Privacy: https://www.anthropic.com/privacy

4. How We Share Your Information

We do not sell your personal information. We may share your information in the following circumstances:

4.1 Service Providers

We share your information with third-party service providers who perform services on our behalf:

AI Providers: OpenRouter, OpenAI, Google (Gemini), Anthropic (Claude) for workout generation and chat. These providers receive your Recovery and Strain scores (not raw health data) to personalize recommendations.
Authentication: Google OAuth and Apple Sign-In for account authentication
Cloud Services: Database hosting (PostgreSQL), file storage, server infrastructure
Analytics: Usage analytics and performance monitoring services

Health Data Privacy: Raw health data (heart rate readings, sleep sessions, step counts) from Health Connect/Apple HealthKit is processed locally on your device and NEVER uploaded to our servers or shared with AI providers. Only the calculated Recovery Score and Strain Score (numerical values 0-100) are synced to enable workout personalization.

4.2 Legal Requirements

We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., court orders, subpoenas).

4.3 Business Transfers

If Fit Snap is involved in a merger, acquisition, or asset sale, your personal information may be transferred. We will provide notice before your information is transferred and becomes subject to a different privacy policy.

5. Data Security

We implement industry-standard security measures to protect your personal information:

Encryption: All data transmitted between your device and our servers is encrypted using TLS/SSL
Authentication Security: JWT (JSON Web Tokens) with refresh token rotation, automatic token expiration, and token reuse detection
WebAuthn Support: Passkey authentication using FIDO2 standards for enhanced security
Database Security: PostgreSQL with access controls, connection pooling, and regular security updates
Rate Limiting: Protection against brute-force attacks and abuse
Session Management: Device tracking, multi-session monitoring, and remote session revocation
Security Headers: CSP (Content Security Policy), HSTS, and other protective headers

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security.

6. Data Retention

We retain your information for as long as necessary to provide the Service and for legitimate business purposes:

Account Data: Retained while your account is active
Workout History: Retained indefinitely to track progress and improve AI recommendations
Recovery and Strain Scores: Retained for 90 days to show trends and historical analysis (older data automatically deleted)
Health Data Baselines: Last 30 days of aggregated data for personal baseline calculations (e.g., average HRV, resting HR)
LLM Interactions: Retained for quality improvement, cost tracking, and debugging
Session Tokens: Automatically deleted upon expiration or revocation
Expired Passkey Challenges: Automatically cleaned up after expiration
Health Notes: Retained until you mark them as resolved or delete them

Health Connect / Apple HealthKit: Raw health data (HR, sleep, steps) always stays on your device and is never uploaded to our servers. We only store the calculated Recovery and Strain scores (two numbers per day) for the retention periods listed above.

When you delete your account, we will delete or anonymize your personal information within 30 days, except where we are required to retain information for legal, regulatory, or security purposes.

7. Your Privacy Rights

Depending on your location, you may have the following rights regarding your personal information:

7.1 Access and Portability

Request access to your personal information
Receive a copy of your data in a structured, machine-readable format
View your onboarding data, workout history, and AI interaction logs

7.2 Correction and Update

Update your profile information, preferences, and health notes
Correct inaccurate or incomplete data
Modify your onboarding data and fitness goals

7.3 Deletion

Request deletion of your account and all associated data
Delete specific health notes or preferences
Revoke active sessions across all devices

To delete your account, you can:

In-App: Go to Profile → Click the delete button next to "Logout"
By Email: Send a deletion request to chirag@forgeme.xyz or chiragmgg@gmail.com
Online Form: Visit our Account Deletion page

7.4 Objection and Restriction

Object to certain data processing activities
Restrict the use of your information in specific circumstances
Opt-out of promotional communications

To exercise any of these rights, please contact us at chiragmgg@gmail.com. We will respond to your request within 30 days.

8. Children's Privacy

Our Service is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately.

If we become aware that we have collected personal information from a child under 13 without parental consent, we will take steps to delete that information from our servers.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that are different from the laws of your country.

By using our Service, you consent to the transfer of your information to the United States and other countries where we operate. We take steps to ensure that your information receives an adequate level of protection in the jurisdictions in which we process it.

10. Third-Party Links and Services

Our Service may contain links to third-party websites, services, or integrations:

YouTube videos for exercise demonstrations
Google OAuth and Apple Sign-In for authentication
Health Connect (Android) and Apple HealthKit (iOS) for health data access
Third-party fitness tracking integrations (if enabled)

These third-party services have their own privacy policies. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing any information to them.

11. California Privacy Rights (CCPA)

If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA):

Right to Know: Request disclosure of personal information we collect, use, and share
Right to Delete: Request deletion of your personal information
Right to Opt-Out: Opt-out of the sale of personal information (we do not sell your data)
Right to Non-Discrimination: We will not discriminate against you for exercising your rights

To exercise these rights, contact us at chiragmgg@gmail.com with "CCPA Request" in the subject line.

12. European Privacy Rights (GDPR)

If you are in the European Economic Area (EEA), you have rights under the General Data Protection Regulation (GDPR):

Legal Basis: We process your data based on consent, contract performance, and legitimate interests
Data Protection Officer: Contact us for data protection inquiries at chiragmgg@gmail.com
Right to Lodge a Complaint: You may file a complaint with your local data protection authority
Data Transfers: We use standard contractual clauses for international data transfers

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. We will notify you of any material changes by:

Posting the new Privacy Policy on this page
Updating the "Last Updated" date at the top of this Privacy Policy
Sending you an email notification (for material changes)
Displaying a prominent notice in the app

Your continued use of the Service after any changes indicates your acceptance of the updated Privacy Policy. We encourage you to review this Privacy Policy periodically.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email: chiragmgg@gmail.com
Business Inquiries: chirag@narraite.xyz
Subject Line for Privacy Requests: "Privacy Policy Inquiry" or "Data Rights Request"

We will respond to your inquiry within 30 days. For urgent privacy concerns, please mark your email as "Urgent - Privacy Matter."

Last Updated: January 27, 2026
Effective Date: January 8, 2025

Recent Updates: Added comprehensive Health Connect and Apple HealthKit data usage documentation, including detailed explanations of Recovery Score and Strain Score calculations.

This Privacy Policy is effective as of the date listed above. We reserve the right to modify this Privacy Policy at any time. Material changes will be communicated to users via email and in-app notifications. Your continued use of the Service after changes are posted constitutes your acceptance of the revised Privacy Policy.

Privacy Policy Summary

Here's what you need to know:

✓ We don't sell your data. Your personal information is never sold to third parties.
✓ Health data stays on your device. Raw heart rate, sleep, and step data from Health Connect / Apple HealthKit is processed locally and never uploaded to our servers. Only calculated Recovery and Strain scores (two numbers) are synced.
✓ AI uses your data to help you. Your fitness data trains our AI to give you better, personalized recommendations and prevent overtraining.
✓ You're in control. Access, update, or delete your data anytime. Revoke health permissions in device settings whenever you want.
✓ We take security seriously. Industry-standard encryption, JWT authentication, and WebAuthn support protect your information.