Privacy Policy - FitLog Pro

Last updated: April 22, 2026
Controller: Michele Ferrara
Email: privacy@fitlogpro.it
Website: https://fitlogpro.it

1. Scope

FitLog Pro is a wellness, training and nutrition-support product. It is not a medical device and does not provide diagnosis, treatment or clinical advice. This policy covers FitLog Pro, fitlogpro.it, the FitLog Pro mobile app, the optional TiNutro integration, and ChatGPT/AI features that you choose to use.

2. Data We Collect

• Account data: email, display name, authentication identifiers, optional profile image and subscription entitlement state.
• Training data: workouts, exercises, sets, reps, weights, notes, templates, goals, history and reminders.
• Body and wellness data: height, weight, body fat, lean mass, progress photos, resting heart rate, sleep, steps and calories when entered by you or imported with permission.
• Apple Health / Health Connect data: workout sessions, weight, body fat, lean mass, distance, steps, calories, sleep, heart rate and related fitness records only after you grant platform permission.
• Nutrition and TiNutro data: calorie intake, macro intake, meal logs, hydration, nutrition targets, optional hunger/satiety/craving check-ins, and FitLog fitness summaries shared with TiNutro when you enable the companion integration.
• AI data: prompts, requests, confirmations, tool calls and results needed for ChatGPT Actions, AI Coach, workout import or nutrition assistance.
• Technical, diagnostics and fraud-prevention data: device model, OS, app version, IP address, crash traces, performance signals, request ids and security logs.
• Ads and consent data: consent state, ad request metadata and advertising identifiers only where ads are enabled and permitted by your choices and local law.

3. Why We Use Data

• Provide workout tracking, nutrition context, dashboards, sync, backup, reminders and premium features.
• Import from or write to Apple Health / Health Connect when you request it.
• Connect FitLog Pro to TiNutro through short-lived bridge tokens and signed server-to-server requests.
• Provide AI-assisted wellness features and require confirmation before consequential writes such as diary, target, or nutrition behavior check-in updates.
• Process purchases, restore subscriptions and manage entitlement access.
• Prevent abuse, protect accounts, debug errors and improve reliability.
• Show ads to eligible free-tier users only when consent and platform rules allow it.

3.1 Anonymous Training Benchmarks

If you explicitly enable anonymous benchmarks, FitLog Pro uses aggregate metrics from your workouts to calculate percentiles against groups of users with similar training experience. Publishable snapshots do not include email, name, user identifiers or raw workouts: they contain only aggregate and rounded thresholds. We do not show benchmarks when a cohort does not meet the minimum privacy threshold. You can revoke consent from settings or the dashboard; after revocation your data is excluded from future recalculations.

4. Legal Bases

Where GDPR or UK GDPR applies, we rely on contract for requested app features, explicit consent for health/wellness data and optional integrations, consent for non-essential AI, analytics or ads where required, legitimate interests for security and essential diagnostics, and legal obligations where applicable. Health and fitness records may be special category data and receive additional safeguards.

5. Sharing and Processors

We do not sell personal data and we do not use health, nutrition, or nutrition behavior check-in data for behavioral advertising. We may process data with:

• Firebase / Google Cloud for authentication, Firestore, storage, messaging, Crashlytics, analytics, performance and Cloud Functions.
• Apple App Store, Google Play and RevenueCat for purchases and subscription entitlements.
• Google Mobile Ads / User Messaging Platform for ads and privacy choices in the mobile app.
• TiNutro / Supabase / Vercel when you enable nutrition companion features.
• AI providers such as OpenAI/ChatGPT Actions or a server-side AI provider used by AI Coach features you invoke.

International transfers are protected with appropriate contractual and organizational safeguards where required.

6. Retention and Deletion

• Active account data is retained while your account remains active.
• Verified deletion requests are targeted for completion within 30 days, except limited backup, security, billing or legal retention.
• Operational backups may persist for a limited period, typically up to 90 days.
• Raw hunger, satiety, and craving check-ins are stored in Supabase/TiNutro for 24 months; after that, only per-user coaching aggregates remain while the account is active.
• Bridge tokens, app handoff tokens, AI workflow jobs and integration logs are designed for short retention and should not retain raw health payloads longer than necessary.
• Public or community content may be anonymized if deletion would otherwise break shared content.

7. Your Rights and Controls

Depending on your location, you may have rights to access, export, correct, delete, restrict or object to processing. California users may also have rights related to sensitive personal information. Use in-app privacy settings, device Health permissions, Ads Privacy Options, the account deletion page, or contact privacy@fitlogpro.it.

8. Children

FitLog Pro is not intended for children under 13, or under 16 where local law requires a higher age threshold.

9. Security

We use HTTPS, access controls, Firebase and Supabase security rules, short-lived bridge tokens, HMAC-signed TiNutro integration requests, encryption for shared health summaries where configured, production log redaction, App Check and monitoring. No system can guarantee absolute security.

10. Changes and Contact

We may update this policy when features, providers or legal requirements change. For privacy questions or requests, contact privacy@fitlogpro.it.