← Back to FitGo

Privacy Policy

Last updated: May 2026

FitGo is built on a simple principle: your health data belongs to you. This policy explains exactly what we collect, why, and how it is protected.

1. Data we collect

Account & waitlist

Your email address is collected when you join the waitlist or create an account. If you use Sign in with Apple, Apple shares a relay email address; we never see your real Apple ID email unless you choose to share it.

Profile

During onboarding you may provide a username, date of birth, height, and weight. These are stored in your Supabase profile and used solely to personalise your training experience and ALEX's coaching.

Training data

Workouts, routines, sets, reps, weights, and rest durations are stored locally on your device using SwiftData and optionally synced to Supabase so you can restore them on a new device. Body weight logs, body measurements, and personal records are included.

Health & HealthKit data

With your explicit permission, FitGo reads step counts and heart-rate data from Apple Health. Raw HealthKit values never leave your device — only aggregated summaries (e.g. daily average steps, average heart rate during a session) are included in coaching context sent to our servers.

AI Coach check-ins & goals

Daily check-ins (energy, soreness, stress, sleep) and your stated fitness goals are stored in Supabase and used exclusively to build your coaching context. They are never used for advertising or shared with third parties beyond the providers listed below.

Coach conversations

Messages exchanged with ALEX are stored in Supabase so the coach retains memory across sessions. Conversation content is transmitted to Anthropic (Claude AI) via a secure server-side proxy — your API key is never embedded in the app. Only aggregated fitness summaries are included in prompts, not raw health records.

Social content

Posts, likes, comments, and follower relationships that you create in the Social tab are stored in Supabase and visible to other FitGo users according to your privacy settings.

In-App Purchases

Purchase transactions are processed entirely by Apple via StoreKit 2. FitGo only receives a confirmation of a successful purchase to unlock content; no payment card information is ever handled or stored by FitGo.

Apple Watch & Garmin

Live workout state (exercise, sets, rest timers) is transmitted between your iPhone and Apple Watch or Garmin device using WatchConnectivity / Connect IQ exclusively for workout control. No watch data is stored separately from the workout record already on your iPhone.

2. How we use your data

  • Deliver and personalise the FitGo training experience
  • Power ALEX coaching responses and proactive insights
  • Send waitlist and launch updates (email only, opt-out available)
  • Restore your data when you switch devices
  • Detect platform issues and fix bugs (no personal content is read for debugging)
  • Process and verify In-App Purchases

We do not use your data for advertising, behavioural profiling, or sell it to any third party.

3. Service providers

FitGo relies on the following sub-processors. Each is bound by a data processing agreement:

Supabase

Cloud database, authentication, and Edge Functions. Hosted in the EU (Frankfurt) by default. Privacy policy →

Anthropic (Claude AI)

Powers ALEX. Requests are routed through our Supabase Edge Function — your data is never sent directly from your device to Anthropic. Privacy policy →

Apple (HealthKit, StoreKit, Sign in with Apple)

Health data access and payment processing. Governed by Apple's platform privacy policies.

4. Data retention

Your data is retained as long as your account is active. You can delete your coaching data (conversations, check-ins, insights) at any time from Profile → Settings → Delete coach data. To delete your full account and all associated data, email us at the address below. Deletion is permanent and processed within 30 days.

5. Your rights (GDPR / CCPA)

If you are in the EU, UK, or California you have the right to:

  • Access a copy of the personal data we hold about you
  • Correct inaccurate data
  • Request erasure of your data
  • Restrict or object to certain processing
  • Data portability

Exercise any of these rights by emailing hello@fitgo.app with the subject line "Privacy Request". We respond within 30 days.

6. Security

All data in transit is encrypted via TLS. Data at rest is encrypted by Supabase's managed infrastructure. The Claude API key is stored exclusively as a server-side secret and is never bundled in the iOS app. We follow OWASP best practices for our server-side endpoints.

7. Children

FitGo is not directed at children under 13 (or under 16 in the EU). We do not knowingly collect data from minors. If you believe a child has provided us with personal data, contact us immediately.

8. Changes to this policy

We may update this policy as FitGo evolves. Material changes will be communicated by email (for registered users) or by a notice in the app. Continued use after the effective date constitutes acceptance of the updated policy.

Contact

Privacy questions, deletion requests, or data access inquiries: hello@fitgo.app

You can also visit our Support page for common questions.