Privacy Policy

Welcome to FitLinkPro! This Privacy Policy explains how we collect, use, and protect your information when you use our fitness coaching platform.

1. Information We Collect

Account Information

• Apple Sign-in: When you sign in with Apple, we receive your Apple user identifier and may receive your email address (if you choose to share it)
• Email Authentication: If you create an account with email and password, we collect your email address, store a password hash, manage email verification, and process login and security metadata
• Profile Data: First name, last name, contact information, avatar, and professional or coaching details you provide
• Subscription Information: Purchase history and subscription status

Fitness and Coaching Data

• Workout Information: Workout plans, exercises, sets, reps, weights, timing, scheduled sessions, execution results, and progress data
• Trainer-Athlete Linking Data: Invitation data, link status, and profile identifiers needed to connect trainers and athletes and show who is sharing with whom
• Physical Stats: Height, weight, weight history, body measurements, measurement settings, and record comments
• Client and Athlete Data: Information that trainers and athletes add to manage coaching relationships and training history

User Content, Media, and Reports

• User Content and Media: Exercise content, avatars, media files, notes, comments, and other information you upload or create in the app
• Content Reports: Reports about shared workouts, exercise content, or misuse, including reason codes, optional comments, target identifiers, review status, and moderation context

Technical Information

• Device Information: Device type, operating system, app version, app language, and display settings used for diagnostics
• Push Notification Data: Push notification identifiers and related device, app, delivery, and error metadata used for visible and background push notifications
• Usage Data: Pseudonymous analytics and diagnostics about how you interact with the app, which may include internal identifiers needed to understand feature usage
• Crash Reports: Technical data to improve app stability
• Security and Audit Logs: Event type, account identifiers, authentication, account deletion, content-report, and operational metadata needed for security, fraud prevention, abuse handling, and service integrity

2. How We Use Your Information

• Authentication: To verify your identity and provide secure access
• Service Delivery: To provide fitness coaching features, athlete mode, and account-based functionality
• Linking and Sharing: To create trainer-athlete links, display trainer or athlete identity in invitations, share workout plans, receive workout execution results, and sync physical stats when users choose these features
• Subscription Management: To process payments and manage your subscription
• Communication: To send important account, verification, support, and subscription messages
• Notifications: To send local reminders and remote or background push notifications for account activity, trainer-athlete linking, workout sharing, sync, and app refresh, subject to iOS permissions and in-app preferences where available
• Improvement: To analyze pseudonymous usage patterns, diagnose crashes, and improve our services
• Support: To provide customer support and respond to inquiries
• Security and Abuse Prevention: To secure accounts, investigate misuse, maintain service integrity, review content reports, and enforce our Terms

Legal Bases for Processing (GDPR)

• Performance of a contract: To provide and operate the Service you request
• Legitimate interests: To maintain security, prevent fraud, and improve the Service
• Consent: For optional features and device permissions such as notifications and calendar integration; you can withdraw consent in iOS Settings
• Legal obligations: Where we must retain or disclose data to comply with the law

3. Data Storage and Security

• Encryption: Data is encrypted in transit using HTTPS/TLS. The app also encrypts selected sensitive local fields on your device. Server-side data is protected by access controls and infrastructure and storage safeguards where available
• Local Storage: Many app records are stored locally on your device to support offline use
• Server-Side Storage: We store certain data in server-side systems when necessary to provide account-based features, including authentication, email verification, subscription validation, account deletion, trainer-athlete linking, workout sharing, push notification delivery, notification preferences, content reports, and syncing of profile and physical statistics data
• Media and File Storage: Avatars, exercise media, and related files may be stored using secure file storage and accessed through temporary file access links
• Access Controls: Strict access controls and authentication requirements
• Infrastructure: Secure infrastructure providers with industry-standard protections

4. Data Sharing

We do not sell or rent your personal information. We share data only in the limited cases described below.

• Apple: For Apple Sign-in authentication, App Store purchases, subscription management, and push notification delivery
• Linked Trainers and Athletes: If you create or accept an invitation, link an account, or share a workout, the linked user may receive profile identifiers such as first name and last name, workout plans, workout progress or execution results, and physical stats or body measurement records that you choose to sync through the service
• Analytics and Crash Reporting: Analytics and crash reporting providers for pseudonymous usage analytics and crash diagnostics (no advertising, no cross-app tracking, no IDFA)
• Transactional Email: Transactional email providers used to send account verification, support, and service messages
• Hosting and Infrastructure: Hosting, storage, and infrastructure providers used to operate authentication, subscriptions, linking, sharing, sync, media storage, and temporary file access features
• Service Providers: Trusted partners who help us operate our service and who must provide the same or equal protection of user data as described in this Privacy Policy
• Legal Requirements: When required by law or to protect our rights and safety
• Business Transfer: In the event of a merger or acquisition (with notice to users)

5. Your Rights and Choices

• Access: Request a copy of your personal data
• Correction: Update or correct your information
• Deletion: Request deletion of your account and data
• Portability: Export your data in a standard format
• Withdrawal: Withdraw consent for data processing
• Objection: Object to certain types of data processing
• Optional Permissions: You can disable optional permissions such as notifications and calendar access in iOS Settings

6. Children's Privacy

FitLinkPro is not intended for children under 13. We do not knowingly collect personal information from children under 13. If we discover we have collected such information, we will delete it immediately.

7. International Data Transfers

Your data may be processed in countries other than your own. We ensure appropriate safeguards are in place to protect your data in accordance with this Privacy Policy.

8. Data Retention

• Account Data: Retained while your account is active
• Coaching and Fitness Data: Workout sharing records, linking data, and physical statistics are retained while your account is active or until you delete them or request account deletion, unless a longer retention period is required for security, fraud prevention, or legal obligations
• Deleted Data: We aim to permanently delete or anonymize personal data from our active systems within 30 days of verified account closure, unless longer retention is required by law or for legitimate security reasons
• Notification Records: Retained while your account is active or until notification identifiers are invalidated, disabled, or your account is deleted, subject to operational log retention
• Security, Audit, and Abuse Records: Short-lived operational events may be retained for about 14 days. Security, audit, account deletion, content-report, and abuse-prevention records may be retained for up to 365 days or longer if required by law, dispute resolution, fraud prevention, or service security
• Contact and Email Records: Support requests, contact form messages, and transactional email metadata are retained as needed to answer requests, maintain account security, and meet legal obligations
• Shared Data Copies: If you have shared data with a linked trainer or athlete, copies already synced to that other user's account or device may remain under that user's control until they delete them
• Legal Requirements: Some data may be retained longer if required by law

9. Cookies and Tracking

Our mobile app does not use cookies. We collect pseudonymous usage analytics and crash diagnostics to improve the app experience through analytics and crash reporting providers. Analytics events may include app and device context and internal identifiers needed to understand feature usage. We do not use the advertising identifier (IDFA) and do not track you across apps and websites owned by other companies.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes through the app or by email. Your continued use of FitLinkPro after changes constitutes acceptance of the new policy.

11. California Privacy Rights

If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA), including the right to know and delete. We do not sell or share personal information as defined by the CCPA and do not engage in cross-context behavioral advertising.

12. GDPR Rights

If you are in the European Union, you have rights under the General Data Protection Regulation (GDPR), including the right to access, rectify, erase, restrict processing, data portability, and object to processing.

Apple HealthKit

FitLinkPro does not use Apple HealthKit.

Account Deletion

You can delete your account at any time in the app: Profile → Settings → Delete Account. You may also contact us using the email below to request deletion or exercise your privacy rights. Deleting your account removes your personal data from our active systems as described in this Policy, subject to limited retention for legal, fraud-prevention, security, audit, content-report, and dispute-resolution purposes.

International Data Transfers

Where data is transferred outside your country, we use appropriate safeguards such as Standard Contractual Clauses (SCCs) to protect your information.

This Privacy Policy is effective as of the date listed above and governs the use of FitLinkPro by users worldwide.