Privacy Policy · Vertek Solutions LLC

01 — Overview

Overview

Fitnex ("we", "our", or "us") is a fitness tracking application that helps you log workouts, track cardio, monitor nutrition, generate AI-powered training plans, share progress posts with other users, and monitor your fitness over time.

This Privacy Policy explains what personal information we collect when you use Fitnex, why we collect it, and how we use and protect it. By using Fitnex, you acknowledge the data practices described in this policy.

        Short version: We only collect data that makes Fitnex work well for you. We do not sell your
        personal data to third parties. Your health and nutrition data is always private. Your workout posts are visible
        to other Fitnex users by default, but you can make them private.
      

02 — Controller & Scope

Data Controller & Scope

For the purposes of applicable data protection laws, Fitnex is the data controller for personal information processed through the app. Fitnex is operated from Atlanta, Georgia, United States.

This policy applies to information collected through the mobile app, related backend services, and support communications. It does not apply to third-party websites or services that have their own privacy policies.

03 — What We Collect

Information We Collect

We collect the following categories of information:

Account Information

Email address (used to create and identify your account)
Display name or username (if provided)
Profile photo (if provided)
Authentication data (managed securely via Firebase Authentication)

Fitness & Workout Data

Workout logs — exercises, sets, reps, weights, and duration
Cardio activity data — type, distance, duration, and calories burned
Workout calendar entries and scheduled training plans
AI-generated workout preferences and history

Health & Body Metrics

Body metrics — height, weight, and fitness goals (if provided)
Nutrition data — food intake, calorie tracking, and macronutrient information (if provided)

        Health data is sensitive. Your body metrics and nutrition data are treated as sensitive
        personal information. This data is never visible to other users and is never shared with third
        parties except as required to operate the app (e.g., AI generation through our secure backend).
      

User-Posted Content

Photos you choose to post (stored in Firebase Storage)
Captions, text, and workout summaries attached to posts
Visibility settings you apply to your posts (public to Fitnex users, or private)
Interactions such as likes and comments on other users' content

Device & Usage Data

Device identifiers used for analytics, ad attribution (with your consent on iOS), and Firebase Cloud Messaging
App usage patterns and feature interactions, which may be associated with your account for features such as profile view counts and timeline analytics
Error and diagnostic data collected via Firebase to improve app stability

Location Data

Fitnex does not currently collect precise GPS location data for route tracking.
You may choose to enter location-related information (for example, a gym address on your profile or a text "location" on a cardio entry). This information is stored in your account and is used only to display it back to you inside the app.

Subscription & Purchase Data

Subscription status and entitlement information (managed via RevenueCat)
Fitnex does not store or process your payment card information — all billing is handled by Apple App Store or Google Play

Notifications Data

Push notification tokens (for example, Firebase Cloud Messaging tokens) used to deliver notifications to your device
Notification delivery events (such as whether a notification was sent) to help us operate and debug notifications

04 — How We Use It

How We Use Your Information

We use your information to:

Provide, maintain, and improve the Fitnex app and its features
Personalize AI-generated workout plans based on your profile, body metrics, and history
Authenticate your account and keep it secure
Track your fitness progress and display it within the app
Enable social features — displaying your public posts and workout shares to other Fitnex users
Process and manage your subscription status
Send important account notifications (e.g., service updates and subscription notices)
Analyze usage trends (using aggregated, non-identifiable data) to fix bugs and improve the user experience
Enforce our Terms of Service, Community Guidelines, and comply with legal obligations
Investigate and act on reports of content that violates our Community Guidelines

05 — Legal Bases

Legal Bases for Processing

If you are in a jurisdiction that requires a legal basis for processing (such as the EEA, UK, or Switzerland), we process personal data under one or more of the following bases:

Performance of a contract: to provide app functionality you request (account creation, workout tracking, subscriptions, social features)
Legitimate interests: to improve security, reliability, product performance, and to moderate user-generated content
Consent: for optional permissions (such as location access or tracking where required by law). You may withdraw consent at any time.
Legal obligations: where required to comply with applicable law

For health and nutrition data, which may constitute "special category" data under GDPR, we rely on your explicit consent and the necessity of processing for the purpose of preventive or occupational health services you have requested.

06 — Data Sharing

Data Sharing & Disclosure

We do not sell, trade, or rent your personal data. We may share your information only in these limited cases:

Firebase (Google): We use Firebase for authentication, Firestore database, Firebase Storage (photos and media), Cloud Functions, and Firebase Cloud Messaging (push notifications). These providers process data on our behalf under strict data protection agreements.
Google Generative AI (Gemini): When you use AI workout generation, your relevant profile and fitness data is sent through our secure backend to Google Generative AI (Gemini) to produce results. We do not send health or nutrition data to Gemini unless it is directly required to fulfill your specific request.
RevenueCat: Subscription status and entitlement information is managed via RevenueCat. RevenueCat may receive your device identifier and subscription state to determine your access level.
Google AdMob: Free-tier users may see ads served by Google AdMob. AdMob may collect device identifiers and usage signals for ad targeting, subject to your tracking consent on iOS.
Other users: Content you post publicly (photos, captions, workout summaries) is visible to all registered Fitnex users. Content you mark as private is visible only to you. Your nutrition and body metrics data is never shared with other users.
Legal obligations: We may disclose data if required by law, subpoena, court order, or to protect the rights and safety of Fitnex and its users.
Business transfers: In the event of a merger, acquisition, or sale of assets, user data may be transferred as part of that transaction. We will provide notice via the app or email before such a transfer occurs.

07 — User Posts, Photos, Chat & Social Features

User Posts, Photos, Chat & Social Features

Fitnex includes a social feed where you can share photos, workout summaries, and progress updates with the Fitnex community. Here is what you should know:

Visibility

Posts and photos are visible to all registered Fitnex users by default
You may set any post to private at the time of posting, making it visible only to you
You can change the visibility of a post after it is published at any time
Your nutrition data, body metrics, and health information are always private and are never attached to public posts without your explicit action

Photo Storage

Photos you upload are stored in Google Firebase Storage
Photos are stored securely and access-controlled — only users with the correct permission level can view them
Photos may be cached on users' devices when they view your public posts

Content You Post

You are responsible for the content you post. Do not share photos or information that you do not have the right to share
Do not include sensitive personal information (such as your home address, financial details, or medical conditions) in public posts
Once a public post has been viewed by other users, we cannot guarantee that copies have not been made by those users

Deleting Your Content

You can delete any post, photo, or workout entry at any time from within the app
When you delete a post or photo, it is removed from your feed and is no longer accessible to other users
Deletion from Firebase Storage is processed promptly, though residual copies may remain in backup systems for a limited period (up to 30 days) before permanent removal

Direct Messages (DMs) & Chat

Fitnex includes a direct messaging feature that lets you exchange messages with other users
Messages are stored in Firebase Firestore and are visible only to the participants of each conversation
Message content is not end-to-end encrypted; it is protected by Firebase security rules that restrict access to conversation participants only
We may access message content if required to investigate a report of abuse or a legal obligation
When you delete your account, your messages are deleted along with all other account data. Individual message deletion removes the message from your view and from the recipient's view
Push notification previews for chat messages are routed via Firebase Cloud Messaging and may briefly appear on your device lock screen

Reporting & Moderation

Other users may report content they believe violates our Community Guidelines
We may review reported content, which requires us to access it regardless of its visibility setting
We reserve the right to remove content that violates our Community Guidelines or applicable law

08 — Workout, Calendar & Health Data

Workout, Calendar & Health Data

Your fitness data is core to the Fitnex experience. Here is how each type of data is handled:

Workout Logs & Activity Data

Stored securely in your Fitnex account (Firebase Firestore)
Visible to other users only when you explicitly share them as part of a public post
Used to power progress tracking, personal records, and AI-generated plan personalization
You can delete individual workouts or your entire history at any time

Workout Calendar

Calendar entries (scheduled workouts and training plans) are private to your account only
Calendar data is never shared with or visible to other users

Body Metrics (Height, Weight, Goals)

Body metrics are treated as sensitive personal information
This data is always private — it is never visible to other users and is not attached to posts
Used internally to personalize AI workout recommendations and display your personal progress

Nutrition & Calorie Data

Nutrition data (food logs, calorie intake, macronutrients) is treated as sensitive personal information
This data is always private — it is never visible to other users under any circumstances
Used only to display your personal nutrition progress and, where you explicitly request it, to inform AI plan generation
Nutrition data is not shared with any third party except through our secure backend if you explicitly request AI-assisted nutrition planning

09 — AI Features & Your Data

AI Features & Your Data

Fitnex uses Google Generative AI (Gemini) via our secure backend to power AI workout generation features. Here is how your data is used in this context:

When you request an AI-generated workout, relevant information from your profile (such as fitness goals, experience level, and workout history) is sent to our backend and processed by Gemini to generate a result
We send only the minimum data necessary to produce the requested output
Sensitive data such as your nutrition logs and body metrics are not sent to Gemini unless you explicitly request AI-assisted nutrition or body composition planning
AI prompts and outputs are processed in transit and are not stored by us beyond what is needed to display your result
Google's handling of data submitted through their Generative AI API is governed by Google's own terms and privacy policies

        AI outputs are suggestions only. Fitnex does not make automated decisions with legal or
        similarly significant effects about you. AI-generated workout plans are recommendations — always consult a
        qualified professional before starting a new exercise program.
      

10 — Storage, Security & Retention

Data Storage, Security & Retention

Your data is stored securely using Google Firebase infrastructure, which includes:

Encryption in transit (TLS) and at rest
Secure authentication tokens managed by Firebase Auth
Access controls that restrict data to your account only
Photos and media stored in Firebase Storage with access-controlled URLs
Error and diagnostic data collected via Firebase to identify and fix crashes

While we take reasonable precautions to protect your data, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.

Retention: We keep personal data only as long as needed for the purposes described in this policy, including legal, accounting, and security obligations. If you delete your account, we aim to delete or de-identify associated personal data from active systems within 30 days, subject to limited retention required by law or technical backup cycles. Photos deleted from your account are removed from Firebase Storage promptly and permanently purged from backup systems within 30 days.

11 — International Transfers

International Data Transfers

Fitnex is operated from Atlanta, Georgia, United States. Because we use cloud providers with global infrastructure (primarily Google Firebase and Google Generative AI), your information may be processed outside your country of residence, including in the United States.

Where required by law (for example, for users in the EEA or UK), we rely on appropriate transfer safeguards, including Standard Contractual Clauses and Google's compliance frameworks, to protect your data during cross-border transfers.

12 — Your Privacy Rights

Your Privacy Rights

Depending on your location, you may have the following rights regarding your personal data:

Access: Request a copy of the personal data we hold about you.
Correction: Ask us to correct inaccurate or incomplete data.
Deletion: Request deletion of your account and associated data. You can also delete your account directly from within the app.
Portability: Request a portable copy of certain data where applicable.
Objection / Restriction: Object to or request restriction of certain processing where legally available.
Withdraw consent: Withdraw consent for optional processing (such as location access) at any time. Withdrawal does not affect the lawfulness of processing before withdrawal.
Location permissions: Disable location access at any time via your device settings without affecting core app functionality.
Content deletion: Delete your posts, photos, workouts, and other content at any time within the app.
Opt out of non-essential processing: Contact us for available opt-out options.
Lodge a complaint: If you are in the EEA or UK, you have the right to lodge a complaint with your local data protection supervisory authority if you believe we have processed your data unlawfully.

To exercise your rights, contact us at dev.saif17@gmail.com. We may need to verify your identity before fulfilling a request. We will respond within 30 days, or within any shorter period required by applicable law.

Account deletion: You can request deletion of your account and data from within the app (Settings) or by contacting us. Deletion requests will remove your account data from active systems, subject to limited retention required by law and technical backup cycles as described in the retention section of this policy.

13 — US State Disclosures

US State Privacy Disclosures

If you are a resident of California (CCPA/CPRA) or another US state with applicable privacy laws (including Virginia, Colorado, Connecticut, or Texas), you may have additional rights, including the right to know, delete, correct, and opt out of certain data uses.

Fitnex does not sell personal information for monetary or other valuable consideration. We also do not use sensitive personal information (including health, nutrition, and body metrics data) for inferring characteristics beyond the core app functionality described in this policy.

Categories of personal information we collect and their business purposes are described in Sections 3 and 4 of this policy. We do not engage in profiling that produces legal or similarly significant effects.

You may exercise your applicable rights by contacting us at dev.saif17@gmail.com. You may designate an authorized agent where permitted by applicable law. We will not discriminate against you for exercising your privacy rights.

14 — Tracking, Ads & Permissions

Tracking, Ads & Device Permissions

Ads: Free-tier users may receive ads served through Google AdMob. Upgrading to Fitnex Plus removes all advertisements.
iOS App Tracking Transparency: On iOS, we request your permission before enabling tracking-dependent ad features in accordance with Apple's App Tracking Transparency (ATT) framework. If you decline, you may still see ads but they will not be personalized based on cross-app tracking.
Do Not Track: Because mobile apps do not consistently support browser-based DNT signals, we do not respond to DNT signals in a standardized way. You can control ad-related tracking through your device settings instead.
Push notifications: We may send push notifications for account updates, reminders, and service notices. You can manage notification preferences in your device settings at any time.
Device permissions: You can control all app permissions — including location, notifications, and camera/photo library access — in your device settings at any time.

15 — Automated Processing

Automated Processing (AI)

Fitnex uses automated systems powered by Google Generative AI (Gemini) to generate workout suggestions based on your profile, fitness goals, and history. These outputs are informational recommendations and may not be accurate or appropriate for every user or health condition.

Fitnex does not make solely automated decisions that produce legal or similarly significant effects about users. AI-generated content is always presented as a suggestion for you to accept, modify, or discard.

16 — Children's Privacy

Children's Privacy

Fitnex is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If you are in a jurisdiction where the minimum age for digital services is higher (for example, 16 in certain EU member states), users below that age should not use Fitnex without verifiable parental or guardian consent.

If we become aware that a child under the applicable minimum age has provided us with personal data, we will take steps to delete it promptly. If you are a parent or guardian and believe your child has provided us with personal data, please contact us at dev.saif17@gmail.com.

17 — Third-Party Services

Third-Party Services

Fitnex integrates with the following third-party services, each governed by their own privacy policies:

Firebase (Google): Authentication, Firestore database, Firebase Storage, Firebase Cloud Messaging (push notifications), and Cloud Functions — firebase.google.com/support/privacy
Google AdMob: Advertising shown to free-tier users — policies.google.com/privacy
Google Generative AI (Gemini): AI workout generation processed via our backend — ai.google.dev/gemini-api/terms
RevenueCat: Subscription status and entitlement management — revenuecat.com/privacy
Apple App Store and Google Play: Marketplace billing and subscription handling — apple.com/legal/privacy / policies.google.com/privacy

We are not responsible for the privacy practices of these third parties. We encourage you to review their policies.

18 — Security Incidents

Security Incidents

If we become aware of a data breach or security incident affecting your personal information, we will take steps required by applicable law, including investigation, mitigation, and notification. Where required by law (for example, within 72 hours under GDPR), we will notify the relevant supervisory authority. Affected users will be notified without undue delay where the breach is likely to result in a high risk to their rights and freedoms.

19 — Changes

Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page. For material changes — particularly those affecting how we use health data, shared content, or AI processing — we will provide prominent notice via the app or by email, and where required by law, seek your consent before the changes take effect.

We encourage you to review this policy periodically to stay informed about how we protect your information.

20 — Contact

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us:

✉️

Email us at

dev.saif17@gmail.com