Privacy Policy

1. Introduction

MyFitnessGoals ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application and website (collectively, the "App").

Please read this Privacy Policy carefully. By using the App, you consent to the collection, use, and disclosure of your information as described in this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access the App.

2. Information We Collect

2.1 Personal Information You Provide

We collect information you voluntarily provide when you:

• Create an account: Email address, name, password
• Set up your profile: Age, gender, weight, height, fitness goals, profile photo
• Create and log workouts: Exercise routines, sets, reps, weights, workout history
• Subscribe to premium features: Payment information processed by Stripe
• Contact us for support: Name, email, message content
• Use trainer features: Client information, training programs, client communications

2.2 Chat Messages and Communications

When you use our messaging and chat features, we collect and store:

• All text messages sent and received between users
• Message timestamps and read receipts
• Conversation metadata (participants, creation date, etc.)
• Any files or media shared through chat

By using the chat features, you acknowledge and consent to the collection and storage of your messages. We may access, review, or disclose message content when required by law, to enforce our Terms of Service, or to protect the rights, property, or safety of our users.

2.3 Images and Media

When you upload images or media to the App, we collect and store:

• Profile photos and avatars
• Progress photos and fitness images
• Images shared in chat or messages
• Any other photos or media you upload
• Image metadata (file size, format, upload date)

You are solely responsible for all images you upload. By uploading images, you represent that you have all necessary rights and permissions, including consent from any individuals depicted. We may remove images that violate our Terms of Service.

2.4 Information Collected Automatically

When you use the App, we may automatically collect:

• Device Information: Device type, operating system, unique device identifiers, mobile network information, device model, manufacturer
• Usage Data: Features used, time spent in the App, workout frequency, interaction patterns, clicks, and navigation paths
• Log Data: Access times, pages viewed, app crashes, error logs, and other system activity
• Location Data: General location based on IP address (we do not collect precise GPS location unless you explicitly enable it)
• Push Notification Tokens: If you enable push notifications

2.5 Health and Fitness Data

To provide our fitness tracking services, we collect health and fitness-related data including:

• Workout logs and exercise history
• Body measurements and weight tracking data
• Fitness goals and progress metrics
• Custom exercise and routine data
• Performance statistics and personal records

Important: We treat health and fitness data with extra care. We do not sell this information to third parties for marketing purposes.

2.6 Cookies and Tracking Technologies

We use cookies, local storage, and similar tracking technologies to collect information about your browsing activities and to personalize your experience. You can control cookies through your browser settings, but some features of the App may not function properly without them.

3. How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve the App
• Create and manage your account
• Process transactions and send related information (via Stripe)
• Track your workouts and fitness progress
• Enable communication between users (trainers and clients)
• Store and display images you upload
• Personalize your experience and provide recommendations
• Send administrative communications (account updates, security alerts)
• Send promotional communications (only with your consent)
• Respond to your comments, questions, and support requests
• Monitor and analyze usage patterns and trends
• Detect, prevent, and address technical issues, fraud, and abuse
• Enforce our Terms of Service and other policies
• Comply with legal obligations
• Protect the rights, property, and safety of our users and the public

4. Payment Processing

We use Stripe as our third-party payment processor for all subscription and payment transactions. When you make a payment:

• Your payment card details are collected and processed directly by Stripe
• We do not store your full credit card number on our servers
• We receive only limited information from Stripe (last 4 digits, card type, expiration date) for record-keeping
• We store your Stripe customer ID to manage your subscription
• Transaction history and billing records are maintained for accounting purposes
• Stripe may collect additional information as described in their Privacy Policy

Stripe is PCI-DSS compliant, ensuring your payment information is handled securely. For more information about Stripe's security practices, visit Stripe Security.

5. Information Sharing and Disclosure

We may share your information in the following circumstances:

5.1 Service Providers

We share information with third-party vendors who perform services on our behalf, including:

• Stripe: Payment processing
• Cloud hosting providers: Data storage and infrastructure (e.g., AWS, Google Cloud)
• Analytics providers: App usage analysis
• Email service providers: Transactional and marketing emails
• Push notification services: Mobile notifications
• Content delivery networks: Image and media delivery

These providers are contractually obligated to protect your information and use it only for the services they provide to us.

5.2 Legal Requirements

We may disclose your information, including chat messages and images, if required to do so by law or in response to valid requests by public authorities (e.g., court orders, subpoenas, government requests). This includes situations where disclosure is necessary to:

• Comply with a legal obligation
• Protect and defend our rights or property
• Prevent or investigate possible wrongdoing
• Protect the personal safety of users or the public
• Protect against legal liability

5.3 Business Transfers

If we are involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any change in ownership or uses of your information.

5.4 With Your Consent

We may share your information with third parties when you give us explicit consent to do so.

5.5 Trainer-Client Relationship

If you use our trainer features, information may be shared between trainers and their clients as necessary for the training relationship. This includes:

• Profile information and fitness data
• Workout plans and progress
• Messages exchanged between trainer and client
• Images shared for fitness tracking purposes

Both trainers and clients consent to this sharing by using these features.

5.6 Aggregated and De-Identified Data

We may share aggregated or de-identified information that cannot reasonably be used to identify you for research, marketing, analytics, and other purposes.

6. Data Retention

We retain your personal information for as long as your account is active or as needed to provide you services. Specifically:

• Account data: Retained while your account is active
• Chat messages: Retained for the duration of your account and for a reasonable period after to comply with legal obligations
• Images and media: Retained while your account is active; deleted within 30 days of account deletion
• Workout data: Retained while your account is active
• Transaction records: Retained for 7 years for tax and accounting purposes
• Log data: Generally retained for up to 90 days

When you delete your account, we will delete or anonymize your personal data within 30 days, except where we are required to retain certain information for legal, tax, accounting, or legitimate business purposes.

7. Data Security

We implement appropriate technical and organizational measures to protect your personal information, including:

• Encryption of data in transit (TLS/SSL) and at rest
• Secure authentication mechanisms and password hashing
• Regular security assessments and penetration testing
• Access controls limiting employee access to personal data
• Secure cloud infrastructure with industry-standard protections
• Regular backups and disaster recovery procedures
• Security incident response procedures

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security. You are responsible for maintaining the confidentiality of your account credentials.

8. Your Rights and Choices

Depending on your location, you may have the following rights:

8.1 Access and Portability

You can access your personal data through your account settings. You may request a copy of your data in a portable format by contacting us at budalic@hotfix-doo.com.

8.2 Correction

You can update or correct your personal information through your account settings or by contacting us.

8.3 Deletion

You can delete your account at any time through your account settings. Upon deletion, we will remove your personal data as described in Section 6. Note that some information may be retained as required by law.

8.4 Marketing Communications

You can opt out of marketing emails by clicking the "unsubscribe" link in any marketing email or adjusting your notification preferences in your account settings. You may still receive transactional emails (e.g., account updates, receipts).

8.5 Push Notifications

You can disable push notifications through your device settings at any time.

8.6 Data Processing Objection

In certain circumstances, you may object to the processing of your personal data. Contact us at budalic@hotfix-doo.com to exercise this right.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence, including the United States. These countries may have different data protection laws than your home country.

When we transfer personal data internationally, we take appropriate safeguards to ensure your information remains protected in accordance with this Privacy Policy, including:

• Standard contractual clauses approved by relevant authorities
• Data processing agreements with our service providers
• Compliance with applicable data transfer frameworks

10. Children's Privacy

The App is not intended for children under 16 years of age. We do not knowingly collect personal information from children under 16. If we learn that we have collected personal information from a child under 16, we will delete that information promptly.

If you believe we may have collected information from a child under 16, please contact us immediately at budalic@hotfix-doo.com.

11. Third-Party Links and Services

The App may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to read the privacy policies of any third-party sites you visit.

Our App may integrate with third-party services (such as Stripe for payments). These integrations are governed by the respective third party's privacy policies.

12. California Privacy Rights (CCPA)

If you are a California resident, you have specific rights regarding your personal information under the California Consumer Privacy Act (CCPA):

• Right to Know: You can request information about the categories and specific pieces of personal information we have collected about you, including chat messages and images.
• Right to Delete: You can request deletion of your personal information, subject to certain exceptions.
• Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.
• Right to Opt-Out: We do not sell personal information to third parties for monetary consideration. We do not share personal information for cross-context behavioral advertising.

To exercise these rights, please contact us at budalic@hotfix-doo.com. We will verify your identity before processing your request.

Categories of Information Collected

In the past 12 months, we have collected the following categories of personal information:

• Identifiers (name, email, account ID)
• Commercial information (subscription and payment records)
• Internet activity (usage data, log data)
• Geolocation data (general location from IP address)
• Sensory data (photos and images you upload)
• Health information (fitness and workout data)
• Communications (chat messages)

13. European Privacy Rights (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR):

13.1 Legal Basis for Processing

We process your data based on the following legal bases:

• Contract: Processing necessary to provide our services to you
• Consent: Where you have given explicit consent (e.g., marketing communications)
• Legitimate Interests: Where processing is necessary for our legitimate business interests
• Legal Obligations: Where we must process data to comply with the law

13.2 Your GDPR Rights

• Access: Request access to your personal data
• Rectification: Request correction of inaccurate data
• Erasure: Request deletion of your data ("right to be forgotten")
• Restriction: Request restriction of processing
• Portability: Request transfer of your data in a machine-readable format
• Objection: Object to processing based on legitimate interests
• Withdraw Consent: Withdraw consent at any time where we rely on consent

13.3 Complaints

You have the right to lodge a complaint with your local data protection authority if you believe we have violated your privacy rights.

14. Mobile App Specific Provisions

When you use our mobile application:

• Device Permissions: We may request access to your camera (for uploading photos), photo library, and notifications. You can manage these permissions in your device settings.
• Local Storage: We may store some data locally on your device for offline access and performance.
• App Analytics: We collect app usage analytics to improve performance and user experience.
• Crash Reports: We collect crash reports to identify and fix bugs.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

• Posting the new Privacy Policy on this page
• Updating the "Last updated" date
• Sending you an email notification for significant changes
• Displaying a notice within the App

Your continued use of the App after any changes to this Privacy Policy constitutes your acceptance of the updated policy. If you do not agree with the modified Privacy Policy, you must stop using the App.

16. Contact Us

If you have any questions about this Privacy Policy, your personal data, or wish to exercise your rights, please contact us at:

Email: budalic@hotfix-doo.com

Website: https://myfitnessgoals.app

For data protection inquiries, please include "Privacy Request" in the subject line of your email. We will respond to your request within 30 days.