Fittel — Privacy Policy

Last updated: 6 May 2026

This policy explains what Fittel collects, why, where it goes, and what you can do about it. Fittel is a personal-trainer ↔ client coaching app: trainers prescribe workouts and review meal logs; clients track sessions and meals. We try to keep data collection to the minimum the product genuinely needs.

Who we are

"Fittel" ("we", "us") is currently operated by Ting Teck Chuan as an individual. We may transfer operation of Fittel to a successor entity (such as a registered company or a partnership) in the future; if that happens we will update this page and notify users in-app. Reach us at fittelbusiness@gmail.com.

Summary, in one screen

We use your Google or Apple identity, or your email and a one-time code, to sign you in. We never see or store your password.
Trainers create workouts and notes; clients track meals (including photos), workout sets, and link to a trainer via an invite code.
Photos and metadata live on secure third-party cloud infrastructure.
When you log a meal, the photo and any description you typed are processed by Fittel Intelligence to estimate nutrition. Exercise photos are processed the same way to identify the movement. We never share your name, email, account details, location, contacts, HealthKit data, or trainer-client conversations with these AI providers.
We use Firebase Cloud Messaging to send you reminders.
You can delete your account and all your data from inside the app at any time. The button is real — see Your rights below.

What we collect, and why

Category	Examples	Purpose
Account	Firebase user ID, email, name, profile photo (from Google/Apple if applicable)	Authenticate you and show your name and photo to your trainer or clients
Profile	Display name, phone (optional), goals, role (trainer or client)	Personalise the experience and let trainers see who they're coaching
Personal stats	Date of birth, sex, height, weight, activity level, fitness goal	Compute personalized calorie and macro targets and tailor your daily insights. Never shared with your trainer.
Coaching content	Workouts, exercises, sets/reps/weights, per-exercise notes, off-days, trainer-uploaded custom exercise images or videos	The product itself — trainers prescribe, clients perform
Meal logs	Photos of meals, optional client note, macro estimates from Fittel Intelligence, time of day	Track nutrition and let trainers review eating patterns
Health data	Step count, active energy, exercise minutes (Apple HealthKit or Google Health Connect)	Show daily activity in your dashboard and inform daily insights generated for you. Health data and personal stats are not shown to your trainer.
Device	FCM push token, app version	Send session reminders and workout notifications
Diagnostic	Crash logs, request error logs (server-side)	Fix bugs. We don't run third-party analytics SDKs.

We do not collect: your contacts, browsing history, location, advertising identifiers, or biometric data beyond what HealthKit / Health Connect exposes. We don't run ad networks or attribution SDKs.

Where your data lives

Your account information, coaching content, and meal-log metadata are stored using secure third-party cloud database and object-storage providers so your data syncs across devices. Authentication runs through Firebase Authentication (Google). Push notifications are delivered via Firebase Cloud Messaging.

Fittel Intelligence — what it sees

Fittel Intelligence is the in-app name for the AI features that estimate nutrition from a meal photo or describe an exercise from a gym photo. The only data passed through it is:

the photo you took or selected;
the optional description you typed about that meal;
the photo of the gym machine or exercise.

It never sees your account email, name, age, weight, HealthKit data, workout history, trainer or client identities, messages, schedules, or notes. It is not used to coach you, write trainer feedback, or generate any health advice — only to estimate macros from the food in your photo and to label the exercise in your gym photo.

To deliver Fittel Intelligence we transmit the data above to third-party cloud hosting and AI technology providers. We share only the minimum information necessary to generate a response. Data sent to these providers is retained per their policies for up to 30 days for abuse monitoring, then deleted. The photos and descriptions you submit are not used to train any AI model.

Daily insights — how they're built

The daily insight card on your dashboard ("you're behind on protein", "great pace on calories", etc.) is generated locally on our backend by simple time-of-day rules from your own logged data: your meal logs for today, your personal stats, your calorie and macro targets, and (when you've granted access) your HealthKit / Health Connect step and energy totals. It is not produced by any AI provider — your data is never transmitted to Fittel Intelligence or any third-party AI service to generate these messages — and the message is visible only to you.

Health data (Apple HealthKit / Google Health Connect)

If you grant HealthKit or Health Connect access, the app reads steps, active energy, and exercise minutes for the days you view. We summarise those into daily totals to power your daily insights and dashboard. Your trainer never sees your raw HealthKit values or summaries — health data is for your view only. We never sell, share, or use HealthKit data for advertising. You can revoke the permission anytime in iOS Settings → Privacy → Health → Fittel, or in Android's Health Connect settings.

Device permissions

Fittel asks for the following device permissions when you first use a feature that needs them. You can grant or deny each one separately, and revoke them later in your phone's Settings app at any time.

Camera — used only when you tap the camera icon to take a fresh photo of a meal or an exercise. We never open the camera in the background. The captured photo is uploaded to our storage as described above and processed by Fittel Intelligence to estimate nutrition or label the exercise.
Photos / Media library — used when you pick an existing photo of a meal, an exercise, or a profile picture from your device's gallery. We only read the specific image you select; we never browse or upload your gallery.
Microphone — used only when you hold the voice-input button to dictate notes for a meal, an exercise, or a chat message. Audio is sent to our speech-to-text provider, transcribed, and discarded; the text is what we keep.
Notifications — used to deliver workout reminders, check-in nudges, and trainer messages. Disabling them only affects what alerts you see; the rest of the app works as usual.
Health (HealthKit / Health Connect) — described in the section above.

Data your trainer can see

If you're a client linked to a trainer (via invite code), that trainer can see: your profile (name, photo, goals), your workouts and how you completed each set, your meal photos and macro estimates, your off-days, and your scheduled sessions. They cannot see your HealthKit / Health Connect data, raw or summarised.

Your raw personal stats (date of birth, sex, height, weight, activity level) and your daily insight messages are never shared with your trainer; only the personalized calorie and macro targets these stats produce — which you and your trainer agree on — are visible to them.

If you delete your account, your trainer's view of you disappears. If your trainer deletes their account, you keep your meal logs and personal data; their prescribed workouts and diet notes remain on your profile but are unattributed to any trainer (so your training history isn't lost).

Third parties we send data to

We work with third-party service providers to operate Fittel, including:

Authentication and push-notification providers (Firebase Authentication and Firebase Cloud Messaging) for sign-in and reminders. Firebase privacy.
Cloud database, object-storage, and hosting providers that host the Fittel backend, your account data, and the media you upload. Access is via short-lived signed URLs; storage isn't world-readable.
Cloud hosting and AI technology providers that power Fittel Intelligence. See Fittel Intelligence — what it sees above for the exact data scope and protections.
Apple (HealthKit, App Store) on iOS, and Google (Health Connect, Play Store) on Android. HealthKit / Health Connect data stays on device under the OS's privacy controls; the app stores handle any purchases under their own terms.
ExerciseDB (open-source exercise catalogue at oss.exercisedb.dev): when the picker loads, your IP fetches their public catalogue directly. Animated demos are served from their CDN. We don't send your account info to them.

We do not sell your data. We do not share your data with advertisers. We do not run analytics SDKs that profile you across apps.

How long we keep your data

While your account exists: indefinitely, until you delete it.
After account deletion: domain rows are removed immediately. Backups roll off within 30 days.
Server logs: request error logs roll off within 30 days. They contain user IDs but no PII bodies.
Fittel Intelligence requests: data sent to our AI technology providers is retained per their policies for up to 30 days for abuse monitoring, then deleted. We do not store the photos and descriptions you submit through Fittel Intelligence beyond what's needed to display your meal log.
Trainer-uploaded custom exercise media: kept for as long as the exercise exists in the trainer's library. Deleting the exercise removes the media.

Your rights

You can, at any time:

View your data — it's all visible inside the app.
Delete your account in-app: open Profile → Delete Account → confirm. This removes your account, your media, and your linked records, and deletes your Firebase auth identity. The button is functional, not a stub.
Email us at fittelbusiness@gmail.com for any other request — including a copy of your data, correction, or to ask a question.

Depending on where you live (e.g. EU/UK under GDPR, California under CCPA, or similar laws elsewhere), you may have additional rights such as data portability, restriction of processing, and the right to lodge a complaint with your local data-protection authority. We honour these — email us.

International transfers

Our service providers may store and process data outside your home country, including in the United States and the Asia-Pacific region. Where required, transfers rely on Standard Contractual Clauses or equivalent safeguards.

Children

Fittel is not intended for users under 13. If we discover we hold data from a child under 13, we will delete it. If you're a parent who believes we hold data about your child, email us and we'll act promptly.

Security

Connections to our backend use HTTPS. Auth tokens are short-lived Firebase JWTs or Fittel-minted session tokens. Storage URLs for media are presigned and time-limited. We don't claim perfect security — no service can — but we treat this seriously and limit blast radius where we can.

Changes to this policy

We'll update this page when something materially changes (a new processor, a new data category, a new region). The "Last updated" date at the top reflects the latest revision. For significant changes, we'll surface a notice in-app on first launch.

Contact

Questions, requests, or complaints: fittelbusiness@gmail.com.