Privacy Policy

1. Information We Collect

a) Information You Provide Directly - Account details: name, email, password, gender, age, etc. - Profile photo (if applicable). - Health / wellness inputs: weight, height, BMI, workout habits, diet preferences, goals. - Communications: messages you send to support or via contact forms. - Subscription / payment details (when you purchase or subscribe).

b) Automatically Collected Information - Log data: IP address, browser type, pages visited, timestamps. - Device information: device type, operating system, unique identifiers. - Usage metrics: which features you use, how often, timezones, session times. - Cookies, tracking technologies, analytics tools.

c) Information from Third-Party Sources - If you link or authorize integration with external services (e.g. health platforms), we may receive data from them (with your consent). - Aggregated or anonymized data from partners or analytics providers.

2. Purposes for Processing Personal Data

• To operate and deliver the core features of FitNutri (e.g. profile, diet plans, progress tracking).
• To improve and develop new features.
• To provide support, respond to your inquiries, and maintain communication.
• To send service-related communications (e.g. password resets, notifications).
• Marketing emails or promotions, where permitted by law and with your consent.
• To maintain security, detect fraud or abuse, and improve system stability.
• To comply with legal obligations, enforce our policies, or respond to legal requests.
• To aggregate or anonymize your data for research and trends.

3. Legal Basis for Processing (GDPR/EEA/UK)

We process your personal data under the following legal bases:

• Contract performance — To deliver and maintain the FitNutri AI service, including account management, workout plan generation, and meal planning.
• Explicit consent (Article 9) — For processing special category data (health and fitness data such as weight, BMI, workout history, and nutrition intake). You provide this consent during onboarding through our in-app consent screen. You can withdraw consent at any time through Profile Settings → Manage Consents. Withdrawing health data consent will limit the app's ability to generate personalized workout and nutrition plans.
• Consent — For optional data processing including analytics (anonymous usage data to improve the service) and marketing communications (tips, updates, and promotional content). These are collected separately during onboarding and can be changed at any time in Profile Settings.
• Legitimate interests — For security monitoring, fraud detection, and service improvement where these interests are not overridden by your rights.
• Legal obligation — To comply with applicable laws, including Dutch and EU tax regulations for financial records.

4. Data Retention

We retain your data for defined periods based on its purpose. When a retention period expires, data is permanently deleted or anonymized.

Note: We do not currently collect server analytics or detailed application logs beyond what is necessary for service operation. If we introduce analytics or logging in the future, the retention periods above will apply, and you will be notified of any material changes to this policy.

All deletions are hard deletes — your data is permanently removed from our systems, not merely deactivated.

5. Your Rights & Choices

Depending on your jurisdiction, you may have rights such as:

• Access to your personal data.
• Correct or update inaccurate data.
• Delete your account or data (subject to retention requirements).
• Restrict or object to processing (e.g. for marketing).
• Withdraw consent at any time.
• Data portability (in certain regions).
• Lodge a complaint with a data protection authority.

How to exercise your rights:

• Data export (portability): You can request a complete export of your personal data directly from the app via Profile Settings → Export My Data. Your data will be compiled and sent to your registered email address in JSON format.
• Consent management: You can review and change your consent preferences at any time through Profile Settings → Manage Consents.
• Account deletion: You can request account deletion through Profile Settings → Delete Account. Your data will be permanently removed within 30 days, with the exception of financial records retained under legal obligation.
• Other requests: For access, correction, restriction, or objection requests, contact us at support@fitnutri.com. We will respond within 30 days. We may ask you to verify your identity before processing your request.

If you believe your data protection rights have been violated, you have the right to lodge a complaint with the Autoriteit Persoonsgegevens (Dutch Data Protection Authority) at https://autoriteitpersoonsgegevens.nl.

6. Security

We use reasonable technical, organizational, and administrative measures (encryption, access controls, vulnerability assessments) to protect your data. However, no system is perfect; in the event of a security breach, we will follow applicable laws to notify affected users or authorities.

7. Children

Our Services are not intended for children under 18. If we become aware of a person under 18 using the Services, we will remove their data.

8. Sharing & Disclosure of Personal Data

We may share your personal data in the following circumstances:

• Service providers / subprocessors (hosting, email, analytics, payments) under contractual obligations.
• Legal or regulatory authorities when required.
• In aggregated / anonymized form (non-identifying) for research or reporting.
• Affiliates or during corporate transactions (e.g. merger, acquisition), with notice to you.
• AI service provider: Google LLC (Google Gemini) for generating personalized workout and nutrition recommendations based on your health and fitness data. See Section 10 for details.
• Error monitoring: Sentry (Functional Software, Inc.) for crash reporting and error tracking to maintain app stability. Sentry may collect device information, error logs, and app state data. No personally identifiable information is intentionally shared.
• Payment processing: RevenueCat, Inc. for managing in-app subscriptions. RevenueCat receives your email address and purchase transaction data to process and validate subscriptions.

We do not sell your personal data to third parties for their direct marketing.

9. Cookies & Tracking Technologies

We and our partners may use cookies, SDKs, pixels, beacons, and other technologies to collect usage and device data. You may have options to manage or disable them via browser or device settings, but disabling may reduce functionality.

10. Automated Decision-Making and AI

FitNutri AI uses Google Gemini, a third-party artificial intelligence service provided by Google LLC, to generate personalized workout plans and nutrition recommendations.

What data is shared with Google Gemini:

• Age, gender, weight, and height
• Fitness goals and activity level
• Workout history and exercise preferences
• Dietary preferences, food allergies, and preferred cuisines
• Meal logs and nutrition intake
• Soreness and injury information (when provided)

Why this data is shared: To generate personalized workout plans, meal plans, exercise swap recommendations, daily suggestions, and chatbot responses tailored to your fitness profile.

Data retention by AI provider: Data sent to Google Gemini is processed in real time to generate responses. We do not instruct Google to retain your personal data beyond the duration of each request. Google's processing of data is subject to Google's Privacy Policy.

These AI-generated plans are suggestions only and do not constitute medical advice or legally binding decisions. You are free to modify or regenerate your plans at any time.

Nutrition recommendations are grounded in established nutrition and sports science guidelines, including those published by the World Health Organization (WHO), the U.S. Department of Agriculture (USDA), and the International Society of Sports Nutrition (ISSN). However, they are not a substitute for professional medical or dietary advice.

AI data sharing consent is required to use FitNutri's core features. You provide this consent during onboarding. If you wish to stop AI processing of your data, you may delete your account through Profile Settings → Delete Account.

If you have questions about how our AI processes your data, contact us at support@fitnutri.com.

11. Data Breach Notification

In the event of a personal data breach that poses a risk to your rights and freedoms, we will:

• Notify the Autoriteit Persoonsgegevens (Dutch Data Protection Authority) within 72 hours of becoming aware of the breach, as required by Article 33 GDPR.
• Notify affected users without undue delay where the breach is likely to result in a high risk to your rights and freedoms, as required by Article 34 GDPR. Notification will be sent to your registered email address.

Breach notifications will include: the nature of the breach, the categories of data affected, the likely consequences, and the measures taken or proposed to address the breach.

12. Communications & Marketing

• You will receive essential service emails (account, security, notifications).
• For promotional emails, we will obtain your consent where required.
• Every marketing email includes an unsubscribe link.
• You can also opt out of promotional communications by contacting us or via settings.

13. International Transfers

If we transfer your personal data outside your country (or outside EU/EEA for EU users), we will ensure appropriate safeguards (e.g. standard contractual clauses, binding corporate rules) are in place to maintain privacy protections.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will post the revised version with the "Effective date" updated. If changes materially affect your rights, we will notify you (e.g. via email) where required by law.

15. Contact Us

If you have questions or concerns about this policy, or to exercise your rights, contact:

Fitnutri B.V. Baarnsche Dijk 6 C1 3741 LR Baarn Netherlands

Email: support@fitnutri.com