Back to Home

Privacy Policy

Learn how FitFlow collects, uses, and protects your personal information

Last Updated: October 6, 2025
Version 1.02

Important Notice

We regularly update our legal documents to reflect changes in our services and legal requirements. Please review this document periodically.

1. Introduction

Welcome to FitFlow ("we," "our," or "us"). We are committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our fitness program management platform and related services (collectively, the "Service").

FitFlow Digital LLC
San Francisco, CA
Email: privacy@fitflow.digital
Data Protection Officer: dpo@fitflow.digital

By using our Service, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access the Service.

2. Information We Collect

2.1 Personal Information You Provide

  • Account Information: Name, email address, username, password (encrypted), profile photo
  • Profile Information: Age, gender, fitness goals, experience level, health conditions (optional)
  • Contact Information: Phone number (optional), mailing address (for trainers)
  • Payment Information: Processed securely through Stripe (we never store credit card numbers)
  • Fitness Data: Workout programs, exercise logs, performance metrics, progress tracking
  • Communication Data: Messages between trainers and clients, support tickets, feedback

2.2 Information Collected Automatically

  • Device Information: IP address, browser type, operating system, device identifiers
  • Usage Data: Pages visited, features used, time spent, click patterns, search queries
  • Performance Data: App crashes, system activity, error reports, performance metrics
  • Location Data: General location based on IP address (not precise GPS location)

2.3 Information from Third-Party Services

  • Authentication Services (Clerk): Account verification and authentication data
  • Payment Processor (Stripe): Transaction confirmations, subscription status
  • Analytics (PostHog): Aggregated usage patterns and user behavior insights
  • Support Chat (Crisp): Chat transcripts and support interactions

3. How We Use Your Information

3.1 To Provide Our Service

  • Create and manage your account
  • Facilitate trainer-client relationships and program assignments
  • Process payments and manage subscriptions
  • Track fitness progress and generate analytics
  • Enable communication between trainers and clients
  • Provide customer support and respond to inquiries

3.2 To Improve Our Service

  • Analyze usage patterns to enhance features and user experience
  • Conduct research and development for new features
  • Test and optimize platform performance
  • Personalize your experience based on preferences and usage

3.3 Legal Basis for Processing (GDPR)

We process your personal data under the following legal bases:

  • Contract Performance: To provide the services you've requested
  • Legitimate Interests: To improve our services and ensure security
  • Legal Obligations: To comply with applicable laws and regulations
  • Consent: For marketing communications and optional data processing

4. Data Sharing and Disclosure

4.1 Service Providers

We share data with trusted third-party services that help us operate our platform:

  • Clerk: User authentication and identity management
  • Stripe: Payment processing and subscription management
  • Supabase: Database and infrastructure services
  • AWS Amplify: Hosting and content delivery
  • PostHog: Analytics and user behavior tracking
  • Crisp: Customer support chat
  • Resend: Transactional email delivery

4.2 Within Our Platform

  • Trainers can access their clients' fitness data and progress
  • Clients can view trainer profiles and credentials
  • Public profiles may be visible to other users (with your consent)

4.3 Legal Requirements

We may disclose your information if required by law, court order, or government request, or if we believe disclosure is necessary to protect our rights, prevent fraud, or ensure user safety.

4.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the successor entity.

We do not sell, rent, or trade your personal information to third parties for their marketing purposes.

5. Data Security

We implement appropriate technical and organizational security measures to protect your personal information:

  • Encryption: All data transmitted is encrypted using TLS 1.2+ protocols
  • Access Controls: Role-based access control and authentication requirements
  • Regular Audits: Security assessments and vulnerability testing
  • Data Minimization: We only collect data necessary for our services
  • Secure Infrastructure: Industry-standard hosting and database security
  • Incident Response: Established procedures for security breach notification

While we strive to protect your information, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security but commit to maintaining industry-standard protections.

6. Your Rights

6.1 GDPR Rights (European Users)

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate or incomplete data
  • Erasure: Request deletion of your data ("right to be forgotten")
  • Portability: Receive your data in a portable format
  • Restriction: Limit how we process your data
  • Object: Object to certain processing activities
  • Withdraw Consent: Withdraw previously given consent

6.2 CCPA Rights (California Residents)

  • Know: Information about data collection and sharing practices
  • Delete: Request deletion of personal information
  • Opt-Out: Opt-out of the sale of personal information (we don't sell data)
  • Non-Discrimination: Equal service regardless of privacy choices

6.3 How to Exercise Your Rights

To exercise any of these rights, please contact us at privacy@fitflow.digital or through your account settings. We will respond to your request within 30 days (or as required by applicable law).

7. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience. For detailed information, please see our Cookie Policy.

7.1 Types of Cookies We Use

  • Essential Cookies: Required for platform functionality and security
  • Analytics Cookies: Help us understand usage patterns (PostHog)
  • Preference Cookies: Remember your settings and preferences
  • Marketing Cookies: Used for targeted communications (with consent)

8. Children's Privacy

Our Service is not directed to individuals under 13 years of age. We do not knowingly collect personal information from children under 13. If you become aware that a child has provided us with personal information, please contact us immediately.

For users aged 13-18, parental consent may be required depending on your jurisdiction. Trainers working with minors should ensure appropriate parental consent is obtained.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place for international transfers, including:

  • Standard Contractual Clauses approved by the European Commission
  • Adequacy decisions for countries with sufficient data protection laws
  • Privacy Shield certification (where applicable)

10. Data Retention

We retain your personal information only as long as necessary to provide our services and fulfill the purposes outlined in this Privacy Policy:

  • Active Accounts: Data retained while account is active
  • Inactive Accounts: Deleted after 2 years of inactivity
  • Fitness Data: Retained for duration of trainer-client relationship plus 1 year
  • Financial Records: 7 years for tax and accounting purposes
  • Marketing Data: Until consent is withdrawn

11. California Privacy Rights

California residents have additional rights under the California Consumer Privacy Act (CCPA). We do not sell personal information. For the past 12 months, we have collected and disclosed the following categories of personal information for business purposes:

  • Identifiers (name, email, IP address)
  • Personal information categories (fitness data, health information)
  • Commercial information (purchase history, subscription details)
  • Internet activity (usage data, interaction with our service)
  • Inferences (preferences, characteristics)

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

  • Posting the new Privacy Policy on this page
  • Updating the "Last Updated" date
  • Sending an email notification for significant changes
  • Displaying an in-app notification

Your continued use of the Service after changes constitutes acceptance of the updated Privacy Policy.

13. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

FitFlow Digital LLC

San Francisco, CA

Email: privacy@fitflow.digital

Data Protection Officer: dpo@fitflow.digital

For EU residents: You may also contact your local data protection authority if you have concerns about our data practices.

    FitFlow - All-In-One Platform for Modern Fitness Professionals