Privacy Policy

Effective May 27, 2026

FitPal is a fitness-buddy matching app. This page explains what data we collect, why, and how to control it.

What We Collect

• Account: email, password (hashed), display name. If you sign in with Apple or Google, we receive the email and name they share with us.
• Profile: gender, age range, height, weight, target weight, goal, fitness level, weekly training, preferred activities, equipment, session length, short bio, and photos you upload.
• Location: a coarse suburb-level label that other users can see, plus exact latitude/longitude that we use only to compute distances. Your full street address is never shared with other users.
• AI features: when you choose AI coach chat, meal scan, weekly plans, form checks, profile-bio generation, match-message generation, or identity verification, we send only the data needed for that request to Google Gemini, and to Anthropic Claude only if configured as a backup. This can include your message text, selected photos/video/audio, workout history, Apple Health workouts, heart rate and active calories if connected, profile goals, body metrics, equipment, recent session context, and for verification your selfie plus profile photo. We store the app result, such as a coach reply, meal log, plan, generated draft, or "verified: yes/no" flag.
• Activity data: sessions you host or attend, workout templates you use, streaks, check-ins, attendance, and ratings.
• Meal logs: photos you send to the AI coach for calorie estimation, plus the resulting macro/calorie totals.
• Communications: in-app messages with other users, AI coach chat history, support requests.
• Payments: we never see your card. Subscriptions are billed through Apple, validated via RevenueCat, and we store only a subscriber ID and entitlement state.
• Device: push notification tokens, app version, OS version, and crash diagnostics via Sentry.

How We Use It

• Match you with compatible buddies nearby and rank discovery results.
• Power the AI coach, weekly plan, form checks, and meal/calorie estimation.
• Deliver push notifications you have opted in to receive.
• Detect and prevent fraud, abuse, and underage signups.
• Investigate crashes and improve reliability.

We do not sell your personal data, and we do not allow third-party AI providers to train models on it. AI data is sent only to answer or complete the request you start in the app.

Face Data and Identity Verification

FitPal uses face data only when you choose identity or coach verification. Face data may include your profile photos, the live selfie you take for profile verification, and the selfie submitted with a coach application. We do not create or store faceprints, face geometry templates, face embeddings, or other biometric identifiers.

Profile verification compares your live selfie with your profile photos to decide whether to show a selfie-verified badge. Coach verification checks that the submitted coach selfie appears to be a live image of a real person and supports fraud prevention, coach approval, and limited re-use of a prior coach verification.

Face data is processed by Google Gemini for the verification request. Anthropic Claude may be used only as a configured backup for AI inference. These providers are not allowed to train models on FitPal user data. Profile photos are stored in FitPal media storage until you remove them or delete your account. The temporary profile-verification selfie is stored only long enough to complete the verification attempt and retry transient errors, then the raw selfie image is deleted; we keep only the verification status, failure reason if any, and timestamps. Coach-application selfies are stored in private Google Cloud Storage for review while the application or coach account is active; rejected coach applications purge the submitted selfie and certificate images, and account deletion removes retained face data within 90 days unless a legal obligation requires longer.

Who We Share It With

We require each sub-processor to provide the same or equal protection for your data as described in this policy and required by the App Store Review Guidelines.

• Google (Gemini, Places, Sign-In): AI inference on your prompts, selected media, profile and fitness context after your in-app permission; address autocomplete; and federated login.
• Anthropic Claude: backup AI inference only if configured and only after your in-app AI sharing permission.
• Apple Sign-In: federated login.
• Neon: managed Postgres.
• Google Cloud Run: API hosting.
• RevenueCat and Apple: subscription entitlement validation and billing.
• Expo: push notification delivery.
• Sentry: crash and performance diagnostics.

Your Controls

• AI sharing permission: the app asks before sending personal fitness context to third-party AI providers. You can decline and still use non-AI features.
• Reset AI sharing choice: open Settings > Privacy > AI data sharing > Reset.
• Access and export: email support@fitpal.info and we will send a copy of your data within 30 days.
• Delete: open the app > Settings > Delete account. This permanently removes your profile, photos, messages, and activity. Some records may be retained for up to 90 days for fraud prevention and legal obligations.
• Health: Apple Health access is optional and can be revoked in iOS Settings.
• Location: precise coordinates are used for matching distance and are not displayed to other users.

Retention

We keep your account data while your account is active. After deletion we hard-delete within 90 days, except where law requires longer, such as payment receipts retained for tax purposes.

Children

FitPal is for people 16 and older. We block underage signups where detected.

Changes

We may update this policy as FitPal changes. Material changes will be announced in-app or by email.

Questions or requests: support@fitpal.info.