Privacy Policy

Last updated: March 12, 2026

The short version

This is a simplified summary - the full policy below is what actually applies.

We collect your profile, health data, meals, workouts, photos, and conversations to power AI coaching.
Your conversations are processed by third-party AI providers (like Anthropic) to generate responses - they don't train on your data.
We may use your data to train our own AI models to improve coaching quality. You can opt out anytime.
We may share anonymized data(that can't identify you) with third parties for research and analytics.
We never sell your personal information.
Payments go through Stripe - we never see your card number.
Your data is encrypted at rest (AES-256) and in transit (TLS 1.2+), stored on AWS in the United States.
You can access, correct, export, or delete your data anytime by emailing privacy@fitly.chat.
California (CCPA), European (GDPR), and Canadian (PIPEDA) residents have additional rights - see Section 8.

Fitly AI ("Fitly," "we," "us," or "our") operates the Fitly AI mobile application and website (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

1. Information We Collect

Account Information

When you create an account, we collect your name, email address, and a securely hashed password. We never store your password in plain text.

Profile & Health Data

To provide personalized coaching, you may choose to provide health and fitness information including: date of birth, gender, height, weight, fitness goals, dietary preferences, food allergies, injuries, and training experience. This information is used exclusively to personalize your AI coaching experience.

Fitness & Nutrition Data

We store data you log through the Service, including meals (descriptions, macronutrients, photos), workouts (exercises, sets, reps, weights), body weight entries, water intake, and progress photos. All logged data includes a timestamp and source indicator.

Conversation Data

Your chat conversations with the AI coach are stored to provide continuity, improve the quality of coaching, and enable you to review your history. Conversations may include text messages and photo uploads.

Payment Information

Payment processing is handled entirely by Stripe, Inc. We never receive, store, or process your credit card number or full payment details. We store only your Stripe customer identifier and subscription status.

Usage & Analytics Data

We may collect anonymized usage analytics such as feature usage patterns, AI response quality ratings (thumbs up/down feedback you provide), and general app performance metrics. This data is used to improve the Service.

2. How We Use Your Information

Personalized AI coaching - Your profile, health data, and conversation history are used to provide relevant, context-aware fitness and nutrition guidance.
Meal and workout logging - We store your logged data so you can track progress and the AI can reference your history.
Service improvement - Anonymized and aggregated data, including AI response feedback, may be used to improve the accuracy and quality of our AI coaching.
Model training - Your data, including conversations, logged meals, workouts, and feedback, may be used to train, fine-tune, and improve our AI models and algorithms. We may use both identifiable data (in a secure, access-controlled environment) and de-identified data for this purpose.
Anonymized data sharing - We may create anonymized, aggregated, or de-identified datasets from your data and share them with third parties for research, analytics, industry benchmarking, and other lawful purposes. This data cannot reasonably be used to identify you.
Account management - To manage your subscription, communicate service updates, and provide customer support.
Security and compliance - To maintain audit logs, detect unauthorized access, and comply with legal obligations.

3. AI & Data Processing

Your conversations are processed by third-party AI providers (currently Anthropic Claude; we may use other providers such as OpenAI in the future) to generate coaching responses. When you send a message, relevant context - including your profile, today's logged data, and recent conversation history - is sent to the AI provider to generate a personalized response.

We do not sell your personal data to AI providers. AI providers process your data solely to generate responses and, per their data processing agreements, do not use your data to train their models.

Fitly AI model training: We may use your data - including conversations, logged meals and workouts, photos, feedback, and usage patterns - to train, fine-tune, and improve our own AI models and coaching algorithms. This may include using identifiable data in a secure, access-controlled training environment, as well as de-identified or aggregated data. The purpose of this training is to improve the accuracy, relevance, and quality of AI coaching across the Service.

You may opt out of having your data used for model training at any time by contacting us at privacy@fitly.chat. Opting out will not affect the core functionality of the Service. Data that has already been used for training prior to your opt-out cannot be retroactively removed from trained models, but we will exclude your data from future training runs.

4. Data Security

We implement security measures consistent with industry best practices for handling sensitive health data:

Encryption at rest - All data stored in our databases and file storage is encrypted using AES-256 encryption.
Encryption in transit - All data transmitted between your device and our servers is encrypted via TLS 1.2+.
Password security - Passwords are hashed using bcrypt and are never stored or transmitted in plain text.
Access controls - Your data is accessible only to you through authenticated API requests. Photos are served via time-limited, pre-signed URLs that expire after 15 minutes.
Audit logging - All data access and modifications are logged for security monitoring and compliance.

5. Data Storage & Retention

Your data is stored on servers located in the United States (AWS infrastructure). We retain your data for as long as your account is active. If you delete your account, we will delete your personal data within 30 days, except where retention is required by law or for legitimate business purposes (e.g., billing records, legal compliance).

Anonymized, aggregated data that cannot be used to identify you may be retained indefinitely for research, model training, and service improvement purposes. Data that has been incorporated into trained AI models cannot be individually extracted or deleted from those models.

International transfers. Your data is stored and processed in the United States. By using the Service, you consent to the transfer of your data to the United States, where data protection laws may differ from those in your country of residence. We implement appropriate safeguards, including contractual protections, to ensure your data is treated securely and in accordance with this Privacy Policy.

6. Data Sharing & Disclosure

We do not sell your personal information. We may share or disclose your data in the following circumstances:

AI providers - Conversation data and relevant profile context are sent to our AI providers to generate coaching responses (see Section 3).
Payment processor - Basic account information is shared with Stripe to process subscription payments.
Cloud infrastructure - Data is stored on AWS infrastructure, which acts as a data processor on our behalf.
Legal requirements - We may disclose data if required by law, regulation, or legal process.
MCP integrations - If you choose to connect third-party AI agents via our MCP (Model Context Protocol) server, those agents will have access to your data as authorized by you. All MCP access is logged and auditable.
Anonymized data to third parties - We may share anonymized, aggregated, or de-identified data with third parties for purposes including research, analytics, industry benchmarking, product development, and other lawful purposes. This data is processed so that it cannot reasonably be used to identify you. Third-party recipients may include research institutions, data analytics companies, business partners, and other entities.

7. Your Rights & Choices

You have the following rights regarding your data:

Access - You can view all of your data through the app at any time.
Correction - You can update your profile information and correct logged data at any time.
Deletion - You can request deletion of your account and all associated data by contacting us at privacy@fitly.chat.
Data export - You can request an export of your data by contacting us.
Opt out of model training - You can opt out of having your data used for AI model training by contacting us at privacy@fitly.chat. Data already used in training prior to your opt-out cannot be retroactively removed from trained models.
Opt out of analytics - You can opt out of anonymized analytics data collection by contacting us.

8. Your Privacy Rights by Region

California Residents (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

Right to know - You may request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources, the business purposes for collection, and the categories of third parties with whom we share your data.
Right to delete - You may request deletion of your personal information, subject to certain exceptions (e.g., data needed to complete a transaction, comply with legal obligations, or data already de-identified or incorporated into trained models).
Right to opt out of "sale" or "sharing"- We do not sell your personal information as defined by the CCPA. We may share de-identified or aggregated data with third parties for analytics and research purposes; however, this data does not constitute a "sale" under the CCPA as it cannot reasonably identify you.
Right to non-discrimination - We will not discriminate against you for exercising any of your CCPA rights.
Right to correct - You may request correction of inaccurate personal information.
Right to limit use of sensitive personal information - Health and fitness data may be considered sensitive personal information under the CPRA. You may request that we limit its use to what is necessary to provide the Service.

To exercise these rights, contact us at privacy@fitly.chat. We will verify your identity before processing your request and respond within 45 days as required by law.

European Economic Area, UK & Switzerland (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR) or equivalent laws:

Legal basis for processing - We process your data based on: (a) your consent (e.g., when you create an account); (b) performance of our contract with you (i.e., these Terms of Service); (c) our legitimate interests (e.g., improving our Service, training AI models, fraud prevention); and (d) compliance with legal obligations.
Right of access - You may request a copy of the personal data we hold about you.
Right to rectification - You may request correction of inaccurate or incomplete data.
Right to erasure - You may request deletion of your personal data, subject to legal retention requirements and the limitations described in Section 5.
Right to restrict processing - You may request that we limit how we process your data in certain circumstances.
Right to data portability - You may request your data in a structured, commonly used, machine-readable format.
Right to object - You may object to processing based on our legitimate interests, including the use of your data for AI model training.
Right to withdraw consent - Where processing is based on consent, you may withdraw consent at any time without affecting the lawfulness of prior processing.
Right to lodge a complaint - You have the right to lodge a complaint with your local data protection authority.

To exercise these rights, contact us at privacy@fitly.chat. We will respond within 30 days as required by law.

Canadian Residents (PIPEDA)

If you are a Canadian resident, you have rights under the Personal Information Protection and Electronic Documents Act (PIPEDA), including the right to access, correct, and challenge the collection, use, and disclosure of your personal information. To exercise these rights, contact us at privacy@fitly.chat.

9. Children's Privacy

Fitly AI is not intended for use by individuals under 16 years of age. We do not knowingly collect personal information from children. If you believe a child under 16 has provided us with personal data, please contact us and we will promptly delete it.

10. Third-Party Links

The Service may contain links to third-party websites or services (e.g., Stripe for payments, exercise demonstration videos). We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy within the app or via email. Your continued use of the Service after changes constitutes acceptance of the updated policy.

12. Contact Us

If you have questions about this Privacy Policy or your data, contact us at:

privacy@fitly.chat