Privacy Policy

Welcome to Fitify. This Privacy Policy explains how Fitify Workouts s.r.o. (“Fitify”, “we”, “us” or “our”) collects, uses, and protects personal data when you use our websites, including gofitify.com and fitifyapps.com, and our mobile applications branded “Fitify”, together with related online services (collectively, the “Services”). Fitify Workouts s.r.o. is the controller of your personal data for the purposes described in this Privacy Policy.

This Privacy Policy forms part of our Terms of Service.

In this Privacy Policy, “personal data” means any information relating to an identified or identifiable natural person, as defined under applicable data protection laws (in particular the EU General Data Protection Regulation, “GDPR”). This includes information that can directly identify you (such as your name or email address) or that can be linked to you when combined with other information.

What Personal Information Do We Collect?

When registering for or using our Services, you provide us with data to build your account and personalize your experience. This includes Account Information (such as your Name, email, and social login details) and Physical Profile Data (such as your age, gender, body metrics, fitness level, and goals).

Additionally, if you engage with our advanced features, we collect the specific inputs required to provide them:

• AI & Coaching Inputs: Text, audio (voice), images, or video files you provide when interacting with the AI Coach, Meal Scanner, or Form Correction tools.
• Body Scanning Data: Video or image data required to generate your 3D body model if you choose to use the body composition feature.

How Do We Use Your Information?

We need to collect data for various purposes:

• To provide and maintain our Services
• To allow you to participate in interactive features of our Services when you choose to do so
• To provide customer support
• To gather analysis or valuable information so that we can improve our Services
• To monitor the usage of our Services
• To notify you about changes to our Services
• To detect, prevent, and address technical issues
• To provide you with news, offers, and general information about other goods, services, and events which we offer that are similar to those that you have already purchased or inquired about, unless you have opted not to receive such information.

Legal Basis for Processing Personal Data Under GDPR

If you are from the European Economic Area (EEA), Fitify’s legal basis for collecting and using the personal information described in this Privacy Policy depends on the Personal Data we collect and the specific context in which we collect it.

Fitify Workouts s.r.o. may process your Personal Data because:

• We need to perform a contract with you
• You have given us permission to do so
• The processing is in our legitimate interests, and it's not overridden by your rights
• For payment processing purposes
• To comply with the law

Retention of Data

We retain your Personal Data only for as long as is necessary for the purposes set out in this document. We retain and use your Personal Data to the extent needed to comply with legal obligations (e.g., if we need to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies.

Fitify will also retain Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter duration, except when this data is used to strengthen the security or to improve the functionality of the Services, or we are legally obligated to retain this data for longer time periods.

Data Transfer

Your information, including Personal Data, may be transferred to and processed in countries other than the one you live in. In particular, many of our main service providers (for example, cloud hosting, analytics, email, and customer support tools) are located in the European Union, the United States, and other countries. These countries may have data protection laws that are different from those in your country.

Where we transfer Personal Data from the European Economic Area (EEA) or the United Kingdom to a country that has not been recognized as providing an adequate level of data protection, we put in place appropriate safeguards to protect your Personal Data. These safeguards include, for example:

• Standard Contractual Clauses approved by the European Commission (and, where relevant, the UK’s International Data Transfer Agreement or Addendum); and
• where applicable, reliance on the EU–US Data Privacy Framework and the UK extension to the Data Privacy Framework.

We also implement technical and organizational measures (such as encryption, access controls and data minimization) to help protect your Personal Data during and after the transfer. You can contact us at [email protected] if you would like more information about the safeguards we use for international transfers.

Data Disclosure

If Fitify is involved in a merger, acquisition, or sale, your Personal Data may be transferred. We would provide notice before your Personal Data is transferred.

Under certain circumstances, Fitify may be required to disclose your Personal Data if required to do so by law or in response to valid requests by public authorities (e.g., a court or a government agency).

Fitify may disclose your Personal Data in good faith belief that such action is necessary to:

• comply with a legal obligation
• protect and defend Fitify’s rights or property, or those of our users
• prevent or investigate possible misconduct in connection with the Services
• protect the personal safety of users of the Services or the public
• protect against legal liability

Security of Data

We are committed to protecting our users’ personal data. We implement appropriate measures to help protect the security of your personal data; however, please note that no system is ever completely secure. We have implemented various policies, including pseudonymization, encryption, access, and retention policies, to guard against unauthorized access and unnecessary retention of personal data in our systems.

Your Rights Under GDPR

If you are a resident of the European Economic Area, you have certain data protection rights. Fitify allows you to correct, delete, or limit the use of your Personal Data.

If you want to delete your Personal Data from our systems, would like to know what information we have, or need to edit some data, please contact us via email: [email protected]

In certain circumstances, your rights are:

• Whenever possible, you can access, update, or request the deletion of your Personal Data via email ([email protected])
• You have the right to request that we restrict the processing of your personal information.
• You have the right to have your information rectified if that information is inaccurate or incomplete.
• You have the right to object to our processing of your Personal Data.
• You have the right to be provided with a copy of the information we have on you in a structured, machine-readable, and commonly used format.
• You also have the right to withdraw your consent at any time where Fitify relied on your consent to process your personal information.
• We may need to verify your identity before responding to such requests.
• You have the right to complain to a Data Protection Authority about our collection and use of your Personal Data. For more information, please contact your local data protection authority in the European Economic Area (EEA).

Service Providers

We use third-party companies and individuals (“Service Providers”) to help us operate, provide, improve, and secure our Services (for example, cloud hosting, analytics, email delivery, customer support, and payment processing). These Service Providers may have access to your personal data only to perform these tasks on our behalf, and they are contractually obliged to protect your data, to process it only on our instructions, and to implement appropriate safeguards in line with applicable data protection laws.

The main Service Providers we use are:

Fitify Workouts s.r.o. (Affiliate)
Service: App Development, Maintenance, and Technical Operations.
Location: Czech Republic.
Privacy Policy
Details: We engage our affiliate to operate the App infrastructure, host health/fitness data, and provide technical maintenance of the Fitify platform.

Twilio
Service: Email Marketing
Location: USA
Privacy Policy

Appsflyer
Service: Analytics
Location: USA
Privacy Policy

Cisco Systems (Smartlook)
Service: Analytics
Location: USA
Privacy Policy

Freshworks (by Freshdesk)
Service: Customer Support & Ticketing
Location: USA
Privacy Policy

Google Services (Google LLC / Google Ireland Ltd.)
Services: Cloud Platform, Vertex AI (Gemini), Analytics, Firebase, AdMob, Authentication
Location: USA, Ireland
Privacy Policy
Details: We utilize the Google ecosystem for several critical functions:

• Google Cloud Platform & Vertex AI: Hosting our secure infrastructure and powering our AI Coaching features (including voice, image, video, and other modalities if selected by the user, AI interactive articles, AI meal scanner, AI health score, etc.). We use Google's enterprise-grade Vertex AI (Gemini models) to generate text and analyze data. We utilize enterprise agreements that make sure Google can’t use your personal data or inputs to train their public AI models.
• Analytics & Firebase: To understand how users interact with our Services. These tools collect mobile device identifiers (e.g., Android Advertising ID), IP addresses, and in-app event data to help us improve app stability and performance.
• AdMob: To display advertisements. AdMob collects device identifiers and approximate location data to serve personalized or non-personalized ads and prevent fraud. Authentication: If you use "Sign in with Google," we process your email and public profile info to create your account.
• Opt-Out: You can opt out of personalized advertising and tracking by adjusting your device settings (Android: Settings > Privacy > Ads) or using the Google Analytics Opt-out Browser Add-on

Meta Platforms (Facebook)
Service: Analytics, Authentication (Login), Advertising (Pixel, Lookalikes)
Location: USA, Ireland
Privacy Policy
Details: We use Facebook’s pixel and SDK to measure conversions. This service is provided by Facebook Ireland Limited. However, according to Facebook, the data collected is also transferred to the USA and other third countries.

• This allows service visitors to be tracked after they have been redirected to the service by clicking on a Facebook ad, allowing us to evaluate the effectiveness of Facebook Ads for statistical purposes.
• The collected data is anonymous for Fitify; we cannot see the identity of the users. However, the data is stored and processed by Facebook, so Facebook can use the data for its own advertising purposes according to its Data Usage Policy.
• Opt-Out: You can disable the Custom Audiences remarketing feature in your Advertising Settings here: https://accountscenter.facebook.com/ad_preferences/ad_settings

TikTok
Service: Advertising, TikTok Pixel
Location: UK, Ireland, Singapore, USA
Privacy Policy
Details: We use the TikTok Pixel on our website and app to measure the effectiveness of our advertising campaigns on TikTok. This allows us to track user actions after they view or click on a TikTok ad. The data is anonymous to us, but TikTok stores and processes this data and may link it to your TikTok account for their own advertising purposes.
Opt-Out: You can manage your privacy settings within the TikTok app or disable personalized tracking in your device settings.

Apple HealthKit
Service: Sharing fitness activities (in case of your request)
Location: USA
Privacy Policy
Details: We only use HealthKit to provide health, motion, or fitness services in connection with the App; HealthKit data will not be used for marketing, advertising, or use-based data mining, including third parties. If you allow the iOS app to write data to Apple Health, Fitify will share Personal Information with the Apple Health application.

Google Fit and Health Connect by Android
Service: Sharing fitness activities (in case of your request)
Location: USA
Fitify uses Google Fit and/or Health Connect by Android to read and write health and fitness data if you choose to connect them. Health Connect is a system-level Android service that securely stores and manages health data and allows you to control which apps can access it.
You can manage your data sharing preferences directly in the Health Connect or Google Fit settings on your device. More info: https://health.google/privacy/

Prism Labs Inc.
Service: Body Composition Scanning & AI Analysis
Location: USA
Privacy Policy
Details: If you use our body composition scan feature, we collect videos, images, and data (e.g., height, weight) and share them with Prism Labs Inc. ("Prism") to create 3D body scans and calculate metrics like body composition. Prism provides us with the scan and insights to display in our app. These data may also be used to improve our Services, such as training the AI models.
Some data in these scans may qualify as "biometric identifiers" under certain laws, although they are not used for identification or reidentification. Prism’s handling of your data is governed by its own privacy policy, separate from this one.

OpenAI
Service: AI & Large Language Models (GPT, Whisper, Imagen, etc.)
Location: USA
Privacy Policy
Details: We use OpenAI’s business APIs to power our AI Coaching features (including voice, image, video, and other modalities if selected by the user, AI interactive articles, AI meal scanner, AI health score, etc.).
Data Processing: When you interact with the AI Coaching features, we send your inputs (text, audio, or images) along with relevant context from your profile (e.g., your name, fitness level, recent workout activity, height, and weight, etc.) to OpenAI to generate a personalized response.
Privacy Standards: We access these services via the Enterprise/Business API. OpenAI is contractually prohibited from using your data (inputs or outputs) to train their models. Your data is not visible to the public and is retained by OpenAI only temporarily for processing.

LangChain Inc. (LangSmith)
Service: AI Monitoring, Debugging & Observability
Location: USA
Privacy Policy
Details: We use LangSmith to monitor the technical performance, latency, and quality of our AI features. This provider is used solely for internal debugging, quality assurance, and software improvement.

AI Features and Data Usage

Our Services include Artificial Intelligence (AI) features, such as the AI Personal Trainer, Meal Scanning, AI interactive articles, Exercise summaries, Form Correction, and more. To provide you with safe and personalized advice, these features operate as follows:

• Context Sharing: When you interact with AI features, we do not just send your text. We automatically include relevant context from your Fitify profile—such as your age, gender, weight, height, fitness goal, injuries, and recent workout history. This ensures the AI generates advice tailored specifically to your body and progress.
• Multimedia Processing: If you use features that involve visual or audio inputs (e.g., sending a photo of a meal, a video of your squat, or speaking via voice/video call), these files are processed by our AI partners (Google Vertex AI or OpenAI) solely to provide the requested analysis or response.
• History Retention: We retain your conversation history and AI analyses stored securely in your Fitify profile. This allows the AI Coach to "remember" your past conversations and provide continuity in your coaching. This data is deleted if you choose to delete your account within the App settings. Alternatively, you may request specific data deletion by contacting us as described in the "Your Rights" section.

Cookies

Cookies are small files generated automatically by your browser and stored on your device when using the Services. Cookies do not contain any malware. Cookies contain information downloaded by the specific device, but direct knowledge of your identity is not received. One purpose of cookies is to make it more convenient for you to use our Services. When you use our Services again at a later time, the cookie automatically recognizes your previous visit to the website, so you don’t have to type the same input over and over.

We also use temporary cookies, which stay on your device for a shorter time. These cookies are automatically deleted when you log off. One other reason to use cookies is to get statistics on the use of our Services and to evaluate them so we can optimize your experience and display information customized for you. Cookies are automatically removed after a predefined period. Most browsers accept cookies automatically.

You can disable cookies on your browser or choose to be notified when a new cookie is created. Please note that disabling cookies may mean that not all functionalities of the Services will remain available.

Data Breach

In the event of a personal data breach, we will assess the risk to your rights and freedoms. Where required by law, we will notify the competent supervisory authority and, if necessary, affected users without undue delay.

Payments

We provide paid products and services within the Services. In that case, we use third-party services for payment processing. We do not collect your payment card details. That information is provided directly to our third-party payment processors. These payment processors comply with the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, Mastercard, American Express, and Discover. PCI-DSS requirements help ensure the secure handling of payment information.

The processors we work with are:

• App Store In-App Purchases Privacy Policy: https://www.apple.com/legal/privacy/en-ww/
• Google Play In-App Billing Privacy Policy: https://play.google.com/intl/en-US_us/about/play-terms.html
• Huawei App Gallery Privacy Policy: https://www.huawei.com/en/privacy-policy
• Stripe Privacy Policy: https://stripe.com/privacy
• Paddle Privacy Policy: https://www.paddle.com/legal/privacy
• FastSpring Privacy Policy: https://fastspring.com/privacy/

Links to Other Sites

Services may contain links to sites that are not operated by us. If you click on a third-party link, we strongly advise you to review the Privacy Policy of the site you are visiting.

Children's Privacy

Our Services do not address anyone under the age of 13 (in the US) or under the age of 16 (in the EEA). We do not knowingly collect personally identifiable information from children under these ages. If you are a parent or guardian and you are aware that your child has provided us with Personal Data, please contact us. If we become aware that we have collected Personal Data from children without verification of parental consent, we take steps to remove that information from our servers.

Your US State Privacy Rights

This section supplements the information contained in our Privacy Policy and applies solely to residents of certain U.S. states that have their own privacy laws, such as California, Colorado, Connecticut, Virginia, and Utah. We adopt this notice to comply with the California Consumer Privacy Act of 2018 (CCPA) as amended by the California Privacy Rights Act of 2020 (CPRA), and other applicable state laws.

Your Privacy Rights

Subject to certain limitations, you have the following rights:

• The Right to Know and Access: You have the right to request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources from which we collected it, our business purpose for collecting, selling, or "sharing" that information, and the categories of third parties to whom we disclose it.
• The Right to Delete: You have the right to request that we delete personal information we have collected from you, subject to certain exceptions.
• The Right to Correct: You have the right to request that we correct any inaccurate personal information we maintain about you.
• The Right to Opt-Out of "Sale" or "Sharing": You have the right to direct us not to "sell" or "share" your personal information. Like many online companies, we may use analytics and digital advertising services (like Facebook and Google) that use cookies and similar technologies. This activity may be considered "sharing" or a "sale" of personal information under CCPA.
• The Right to Limit Use of Sensitive Personal Information: As a fitness app, we collect information that may be considered Sensitive Personal Information (SPI), such as your health data (height, weight, body scan data, workout activity) and inputs provided to our AI coaching features (which may include health queries, voice recordings, or video/images of your body if you select to send those). You have the right to direct us to limit our use of your SPI to only what is necessary to provide the services you requested (e.g., creating your workout plan or displaying your body scan results to you).
• The Right to Non-Discrimination: We will not discriminate against you for exercising any of your privacy rights, such as by denying you services or charging you different prices.

How to Exercise Your Rights

To Opt-Out of the "Sale" or "Sharing" of Personal Information: Since "sharing" typically happens via cookies and tracking technologies for advertising, you can exercise this right through the following methods:

• On our Website: You can manage your preferences and opt out of non-essential tracking cookies via the cookie consent banner located on our website.
• On your Mobile Device: You can limit ad tracking through your device's operating system settings.
  • iOS: Go to Settings > Privacy & Security > Tracking and disable "Allow Apps to Request to Track" for Fitify.
  • Android: Go to Settings > Privacy > Ads and select "Delete advertising ID" or "Opt out of interest-based ads" (depending on your OS version).
• Via Email: You may also contact us directly at [email protected] with the subject line "Do Not Sell or Share My Info" to process your request.

To Exercise Your Rights to Know, Delete, or Correct: To submit a request to know, delete, or correct your information, please email us at [email protected] with your specific request. We will need to verify your identity before processing your request. We may do this by asking you to confirm information we already have on file, such as your email address or recent activity.

California's "Shine the Light" Law

California residents may also request, once per year, information about our disclosure of personal information (if any) to third parties for their direct marketing purposes. To make such a request, please email us at [email protected] with the subject "Shine the Light Request."

CAN-SPAM Act

The CAN-SPAM Act is a law that sets the rules for commercial email, establishes requirements for commercial messages, gives recipients the right to have emails stopped from being sent to them, and outlines significant penalties for violations.

We collect your email address in order to:

• Send information, respond to inquiries, and/or other requests or questions
• Process orders and send information and updates pertaining to orders.
• Send you additional information related to your product and/or service
• Market to our mailing list or continue to send emails to our clients after the original transaction has occurred.

To be in accordance with CAN-SPAM, we agree to the following:

• Do not use false or misleading subjects or email addresses.
• Identify the message as an advertisement in some reasonable way.
• Include the physical address of our business or site headquarters.
• Monitor third-party email marketing services for compliance, if one is used.
• Honor opt-out/unsubscribe requests quickly.

Allow users to unsubscribe by following the instructions at the bottom of each email.

Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Edited" date at the bottom.

For significant (material) changes that affect your rights, we will provide a more prominent notice prior to the change becoming effective. We may provide this notice by (i) displaying a notice within the Services (for example, a banner, pop-up, in-app message, or push notification), sending an email to the address associated with your account, or other appropriate means. Changes to this Privacy Policy are effective when they are posted on this page. Continued use of the Services after any changes to the Privacy Policy constitutes your consent to the revised policy.

Contacting Us

If there are any questions regarding this privacy policy, you may contact us using the information below.

Fitify Workouts s.r.o.
goFitify.com
[email protected]
Na Perštýně 342/1
110 00 Prague, Czech Republic

Last Edited on 2025-12-02