01 ·Introduction
Fitquency, Inc. (“Fitquency,” “we,” “us”) takes your privacy seriously. This policy explains what personal information we collect, why we collect it, how we protect it, and the rights you have over it.
This policy applies to the Fitquency mobile apps, website, and API. It's written to be readable — plain-English summaries sit next to the legal text so you can skim if you want.
Plain English: we collect only what we need to run your account. We never sell it. Progress photos are encrypted so even we can't see them. You can delete your data any time.
02 ·Data we collect
| Category | What | Source |
|---|---|---|
| Identity | Full name, email, profile photo | You provide at signup |
| Account | Password hash, 2FA factors, passkey public keys | You set; stored encrypted |
| Business | Organization name, client roster, workout programs, sessions | You enter |
| Health & fitness | Workout logs, measurements, goals, nutrition entries | You (or your trainer) enter |
| Photos | Progress photos — E2E encrypted, see §6 | You upload |
| Billing | Plan, invoice history, last-4-digits of card (Stripe holds the rest) | Stripe provides us the metadata |
03 ·How we use it
- Deliver the service: run your workouts, schedule, payments, messaging.
- Keep it safe: fraud detection, rate-limiting, security audits.
- Support: respond when you contact us.
- Improve: fix bugs, design new features (aggregated + anonymized only).
- Communicate: transactional emails (never marketing without your opt-in).
We do not use your data to train AI models without explicit, granular opt-in. See §7 for AI specifics.
04 ·Legal bases for processing (GDPR Art. 6)
| Purpose | Basis |
|---|---|
| Running your account | Contract (Art. 6(1)(b)) |
| Fraud / security | Legitimate interest (Art. 6(1)(f)) |
| Marketing emails | Consent (Art. 6(1)(a)) |
| Legal holds / compliance | Legal obligation (Art. 6(1)(c)) |
| Health & fitness metrics | Explicit consent (Art. 9(2)(a)) |
06 ·Progress photos — end-to-end encrypted
Progress photos are end-to-end encrypted on your device before upload. Here's what that means in practice:
- The encryption key is generated and stored only on your device (iOS Keychain / Android Keystore).
- Encrypted photo blobs are stored on our servers. We can't decrypt them. Our engineers can't decrypt them. Our cloud provider can't decrypt them.
- When a photo is shared with your trainer (with your explicit action), the app re-encrypts it with their public key — we still can't see it.
- If you lose all your devices and don't have a backup of your key, the photos are unrecoverable. We'd rather you lose photos than we have the ability to read them.
Legal-hold exception: we can produce the encrypted blob under a valid subpoena, but we cannot decrypt it. Law enforcement would need a separate court order directed at you for the key.
Full architecture: fitquency.com/security/photos.
07 ·AI features & your data
Our AI coach uses OpenAI under an enterprise DPA that explicitly forbids OpenAI from training on Fitquency data. Your inputs to AI features are:
- Not used to train OpenAI's models (enterprise data-processing agreement, zero-retention API mode).
- Not used to train Fitquency's models without your explicit, revocable opt-in (Settings → Privacy → AI improvement program).
- Not shared beyond OpenAI's per-request processing.
Per the EU AI Act, AI-generated content is labeled as such in the UI. Per the Colorado AI Act (SB 24-205 as amended by SB25B-004; effective no later than 2026-06-30), AI content shown to Colorado residents carries an explicit AI-generated disclosure.
08 ·Retention & deletion
| Data | Retention |
|---|---|
| Active account data | As long as your account is active |
| Deleted-account data | 30 days soft-delete grace, then permanent deletion |
| Financial records (invoices) | 7 years (US tax requirement) |
| Audit logs | 1 year (security + SOC 2) |
| Analytics (aggregated) | Indefinite, but no per-user identifiers |
| Legal-hold subset | Until hold is lifted |
09 ·Your rights & choices
Universal rights — every user
- Access — download a full export from Settings → Privacy → Export my data
- Correction — edit your profile, data, or history any time
- Deletion — delete your account from Settings → Privacy → Delete account
- Portability — export is JSON + CSV, importable elsewhere
- Opt-out of analytics — Settings → Privacy → Analytics
- Opt-out of AI improvement program — Settings → Privacy → AI
Residents of the EEA, UK, and Switzerland additionally have rights to object, restrict processing, and lodge complaints with their national data protection authority.
10 ·US state privacy laws
Fitquency is compliant with CCPA/CPRA (California), VCDPA (Virginia), CTDPA (Connecticut), UCPA (Utah), CPA (Colorado), TDPSA (Texas), ORPA (Oregon), MCDPA (Montana), DPDPA (Delaware), NJ DPA (New Jersey), IN CDPA (Indiana), ICDPA (Iowa), MT CDPA (Montana), and applicable sector laws. See fitquency.com/legal/state-privacy for the full jurisdiction-by-jurisdiction matrix.legal-draft
California residents: we honor the Global Privacy Control (GPC) header as a valid “do not sell / share” signal. We don't sell personal information, but GPC also suppresses the AI improvement opt-in and marketing emails.
11 ·Washington MHMDA & health data
Under the Washington My Health My Data Act (effective 2024), we give additional protections to consumer health data:
- We don't collect or process health data beyond what's necessary for your use of Fitquency.
- We don't sell health data. Full stop.
- We publish a dedicated Consumer Health Data Privacy Policy with detail on collection, processing, and your rights under MHMDA.
12 ·Nevada SB 370 (consumer health data)
Nevada residents have additional rights over consumer health data, including the right to opt-out of its sale (which is moot since we don't sell it). Requests via privacy@fitquency.com.legal-draft
13 ·COPPA & minors
Fitquency is for users 18 and older. We don't knowingly collect personal information from anyone under 18. If you believe a child under 18 has created an account, email us at privacy@fitquency.com and we'll delete the account immediately.
Our age-attestation at signup, combined with the California Age-Appropriate Design Code (AB 2273), means we block minors from creating accounts at the sign-up gate.
14 ·International data transfers
Fitquency stores data in US-based data centers. If you're in the EEA, UK, or Switzerland, transfers to the US rely on the EU-US Data Privacy Framework and Standard Contractual Clauses (SCCs) as fallback.
15 ·Security measures
- Encryption in transit: TLS 1.3 across all endpoints
- Encryption at rest: AES-256 (managed keys) + E2EE (customer-held keys) for photos
- Authentication: Argon2id hashed passwords, TOTP 2FA, WebAuthn passkeys, step-up on billing + privacy operations
- Access control: Row-level security, org-scoped isolation, audit logs
- Posture: SOC 2 Type II in progress (report 2026-Q3), PCI DSS 4.0.1 SAQ-A-EP
- Incident response: 72-hour breach notification to users & regulators per GDPR / state law
Security disclosures: fitquency.com/security · Report a vulnerability: security@fitquency.com.
17 ·Changes to this policy
We'll email you at least 30 days before any material change takes effect. Non-material changes (typos, clarifications) go live immediately with a bumped “Last updated” date. Prior versions are available on request — email privacy@fitquency.com.
18 ·Contact & DPO
- Privacy questions: privacy@fitquency.com
- Security issues: security@fitquency.com
- EU Data Protection Officer: dpo@fitquency.comappoint-pre-eu-launch
- UK Representative: appoint-pre-uk-launch
Fitquency, Inc. · 1209 Orange Street, Wilmington, DE 19801, USA
Structural mockup. Final legal prose will be reviewed by counsel before public launch. Items marked legal-draft / appoint-pre-eu-launch need real data or appointments before publication.
See also our Terms of Service.