FitTrack Privacy Policy

Last Updated: April 9, 2026

1. Introduction

FitTrack ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains exactly what data we collect, how we use it, and how we protect it when you use the FitTrack fitness tracking application.

2. Information We Collect

Account Information

• Email address — used for account creation, login, and password recovery
• Full name — used to personalise your profile
• Profile photo — optional, uploaded by you
• Bio — optional, personal description you write
• Gender — used for BMR and macro calculations
• Date of birth / Age — used for calorie and macro calculations
• Height and weight — stored in metric (cm/kg), displayed in your preferred unit

Fitness & Workout Data

• Workout sessions — exercises, sets, reps, weights, and workout names
• Circuit training sessions — bodyweight, dumbbell, and barbell circuits
• Custom workouts and exercise combinations
• Calisthenics workouts
• Swimming sessions — distance, duration, laps, and stroke type
• Running and walking sessions — GPS route, distance, duration, pace, and calories burned
• Weekly training plans and scheduled workouts
• Workout calendar entries and completion status
• Equipment card data — custom names and images for gym machines

Nutrition Data

• Food logs — food name, serving size, calories, macronutrients, fibre, sugar, vitamins, and minerals
• Meal type (breakfast, lunch, dinner, snack)
• Saved meals and meal groups
• Barcode scan history — food items retrieved from Open Food Facts
• Macro targets — daily calorie, protein, carb, and fat goals
• Weekly macro shopping lists
• Nutrition day statuses

Progress & Body Data

• Progress photos — taken or uploaded by you, stored on our servers
• Body measurements (if logged)

Preferences & Settings

• Theme preference (dark or light mode)
• Measurement system (metric or imperial)
• Notification preferences
• PIN lock setting — stored securely on your device only, never sent to our servers

Device & Technical Data

• Device type and operating system version
• App version
• Offline data queue — actions taken while offline, synced when reconnected
• Local cache — stored on your device using AsyncStorage for offline access

3. How We Use Your Information

• To create and manage your account and keep it secure
• To sync your fitness, nutrition, and progress data across sessions
• To calculate BMR, TDEE, and personalised macro targets
• To display your workout history, nutrition logs, and progress
• To schedule and deliver push notifications based on your preferences
• To provide offline functionality by caching data locally on your device
• To improve the app based on how features are used

4. Data Storage & Security

All personal data is stored on our private, self-hosted servers using a managed PostgreSQL database. Security measures include:

• All data transmitted over HTTPS/TLS encryption
• Passwords hashed using industry-standard algorithms — never stored in plain text
• Row-level security so you can only access your own data
• Secure token-based authentication with automatic token refresh
• PIN lock stored only on your device using encrypted secure storage — never transmitted

5. Data Stored Locally on Your Device

• Cached profile information
• Workout and nutrition logs
• Equipment card names and images
• Exercise video URIs
• Notification preferences and scheduled notification IDs
• Session tokens (stored in encrypted SecureStore)

6. Permissions We Request

• Camera — for scanning food barcodes and taking progress photos
• Photo Library — for uploading profile photos and equipment card images
• Location — only during active running or walking sessions
• Notifications — for workout reminders, meal reminders, and streak alerts

7. Third-Party Services

• Open Food Facts (openfoodfacts.org) — used when searching or scanning food barcodes. No personal information is sent to Open Food Facts; only the barcode number or food name is queried.
• Local Australian Foods Database — a built-in offline food database; no external requests made.
• Expo Notifications — used to schedule local push notifications on your device.

We do not use any advertising networks, analytics platforms, or data brokers.

8. Data Sharing

We do NOT sell, trade, rent, or share your personal data with any third parties for commercial purposes. Your fitness data belongs to you.

We may disclose information only:

• With your explicit consent
• To comply with a legal obligation or court order
• To protect the safety or rights of FitTrack or its users

9. Your Rights

• Access — view all data associated with your account
• Correction — update your profile, measurements, and preferences at any time
• Deletion — permanently delete your account and all associated data from the Profile screen
• Data control — you can clear locally cached data by logging out of the app

10. Children's Privacy

FitTrack is not intended for children under 13 years of age. We do not knowingly collect personal information from anyone under 13.

11. Changes to This Policy

We may update this Privacy Policy as the app evolves. When we make material changes, the "Last Updated" date at the top will be revised.

12. Contact

For questions, data requests, or privacy concerns:
Email: erueram423@gmail.com

© 2026 FitTrack. All rights reserved.