Back to fittable.ai
Privacy Policy

Fittable Privacy Policy

Effective date: April 19, 2026

This Privacy Policy explains how Fittable LLC ("Fittable," "we," "our," or "us") collects, uses, stores, discloses, and otherwise processes information when you use the Fittable mobile app, web app, marketing website, AI coaching features, connected trainer and gym workflows, community features, support pages, and related services that link to this Privacy Policy (collectively, the "Services").

This Policy is intended to cover current Fittable features and closely related connected services and integrations offered under the Fittable brand. If we provide an additional privacy notice, consent flow, or separate agreement for a specific feature, partner, or program, that additional notice or agreement will supplement this Policy.

1. Scope

This Policy applies to:

  • The Fittable iPhone app and any comparable mobile experiences we provide.
  • The Fittable web app, business-linked member surfaces, and support pages.
  • The public marketing website at fittable.ai and linked legal or support routes.
  • AI coaching, food logging, meal-photo, physique-photo, exercise-form, and similar analysis features.
  • Connected integrations such as health platforms, Strava, Spotify, social sign-in providers, grocery or food-delivery partners, payment or subscription providers, and CRM-linked gym or coaching services.

2. Information We Collect

The information we collect depends on how you use the Services, what permissions you grant, and which integrations or products you enable.

2.1 Account, identity, and profile information

  • Name, display name, username, email address, phone number, password or authentication credentials, and account identifiers.
  • Profile photo, profile settings, private-profile settings, coach or gym linkage status, subscription status, and purchase-access state.
  • Information received from sign-in providers such as Apple, Google, or Facebook, including linked account identifiers, email address, display name, and profile image, if made available to us.

2.2 Health, wellness, fitness, and similar sensitive information

  • Workout history, training plans, exercises, sets, reps, timers, readiness inputs, recovery inputs, check-ins, nutrition logs, recipes, pantry items, grocery preferences, and food diary entries.
  • Body and wellness information you provide directly, such as age, sex or gender, height, weight, body measurements, waist circumference, body-fat related data, goals, appetite, sleep, injuries, medical or physical limitations, surgery history, and other health or fitness context.
  • Health platform data you authorize us to access or write, which may include steps, exercise time, calories or energy expenditure, weight, height, BMI, body-fat percentage, sleep data, hydration, heart rate, HRV, blood pressure, blood glucose, temperature, birth date, and other health metrics supported by the connected platform and your permissions.
  • Derived data, inferences, scores, recommendations, and model outputs generated from your training, nutrition, biometrics, messages, or uploaded media.

2.3 Content and media you submit

  • Messages, support requests, coaching chats, prompts, comments, posts, reactions, follows, and other community or engagement content.
  • Profile photos, progress photos, reference physique photos, meal photos, exercise photos, exercise-form images or videos, recipes, labels, screenshots, and similar uploads.
  • Descriptions, notes, captions, annotations, and instructions you attach to workouts, meals, sessions, or media.

2.4 Integration and connected-service data

  • Strava connection status, tokens, scopes, activities, dates, routes, streams, distances, pace, speed, elevation, calories, heart-rate values, location fields, activity visibility, and related sync metadata.
  • Spotify connection status, tokens, scopes, account details, playback state, devices, playlists, suggested tracks, selected tracks, and workout music preferences.
  • Food-delivery, grocery, or comparable commerce data such as search queries, nutrition context, nearby store results, saved carts, orders, item selections, prices, checkout metadata, and order-confirmation status.
  • Business-platform, CRM, gym, trainer, or sales-program data such as linked location, trainer assignment, memberships, invitations, booked sessions, package status, purchased sessions, activation tokens, consultation records, or campaign attribution fields.

2.5 Payment, subscription, and transaction information

  • Subscription plan, entitlement status, renewal state, receipt or transaction identifiers, purchase package, coaching term, funded services, purchased sessions, and billing support history.
  • Limited transaction metadata from app stores, web billing providers, RevenueCat, payment processors, or sales systems. We do not intentionally store full payment-card numbers unless we expressly state otherwise.

2.6 Device, technical, analytics, and advertising information

  • IP address, device identifiers, push token, advertising identifier, app instance identifiers, browser type, operating system, device type, language, time zone, crash or performance data, and diagnostics.
  • Usage data such as pages viewed, screens visited, taps, feature usage, timestamps, referring links, session events, conversions, and approximate interaction history across the Services.
  • Cookies, pixels, SDK events, local storage, consent-state data, and similar identifiers used for authentication, preferences, analytics, attribution, security, and advertising.

2.7 Location information

  • Approximate or precise location, if you permit it, including device-based location for nearby search, food or grocery discovery, map or support features, and location-aware recommendations.
  • Location information associated with connected integrations, such as Strava activity city, state, country, route, or start and end coordinates, if shared through that integration.

2.8 Marketing, sales, and attribution data

  • Lead-source, campaign, ad, click, and conversion identifiers such as campaign ids, ad ids, fbclid, fbc, fbp, and related measurement fields.
  • Audience or segmentation fields used in growth, activation, and CRM workflows, such as age range, goal, activity level, package selection, consultation status, or onboarding state.

3. Sources of Information

We collect information:

  • Directly from you when you create an account, fill out forms, log workouts or meals, upload media, message coaches, or contact support.
  • Automatically from your device, browser, app usage, cookies, SDKs, analytics tools, advertising tools, and similar technologies.
  • From connected providers and integrations you choose to link, such as health platforms, Strava, Spotify, app stores, social sign-in services, payment providers, food-delivery or grocery partners, and CRM or gym systems.
  • From coaches, trainers, gyms, business customers, or sales and onboarding systems that invite, provision, activate, or manage your access.

4. How We Use Information

We use information to:

  • Provide, operate, maintain, troubleshoot, and improve the Services.
  • Create and manage accounts, authenticate users, secure sessions, and prevent fraud, abuse, or unauthorized activity.
  • Deliver workout tracking, meal logging, biometrics, community, support, coach, trainer, gym, and CRM-linked member workflows.
  • Read, sync, normalize, write, or display connected-service data, including health-platform data, Strava activities, Spotify workout music data, and related integrations.
  • Generate AI-assisted outputs such as food-photo estimates, meal entries, workout suggestions, body-progress notes, form feedback, coaching responses, search embeddings, recommendations, and plan-of-care style outputs.
  • Personalize content, surfaces, reminders, recommendations, search results, and coach or gym experiences.
  • Process subscriptions, purchases, package activations, purchased sessions, customer support, and operational communications.
  • Send push notifications, in-app notices, service announcements, onboarding messages, security alerts, and marketing communications where permitted.
  • Perform analytics, attribution, experimentation, campaign measurement, ad measurement, and performance reporting.
  • Comply with law, respond to lawful requests, enforce agreements, resolve disputes, and protect users, staff, partners, and the Services.

5. AI, Models, and Automated Processing

Fittable includes AI and machine-learning features. Depending on the feature, we may process your prompts, logs, messages, nutrition context, biometrics, and uploaded images or similar content to generate estimates, summaries, suggestions, classifications, embeddings, or recommendations.

To provide these features, we may send relevant inputs to internal models or third-party model and infrastructure providers that help us return the requested output. Depending on the feature, this may include text prompts, structured fitness or nutrition context, account or device metadata needed to process the request, and media such as meal or progress photos. Where available, we seek to use provider settings and contractual terms designed to limit processing to service delivery, security, and abuse prevention rather than unrelated commercial reuse.

Examples include:

  • Meal-photo estimation and food logging.
  • Coach chat, training or meal recommendations, and related AI assistance.
  • Exercise-form or body-progress analysis from submitted photos or similar media.
  • Search, retrieval, ranking, embeddings, and recommendation systems for foods, recipes, content, or users.
  • Physical-therapy style or recovery-related guided assessments when those features are used.

AI or automated outputs may be inaccurate, incomplete, or unsuitable for your situation. They are not a substitute for qualified medical, therapeutic, nutritional, financial, or legal advice. Except where we explicitly say otherwise, we do not use fully automated processing to make decisions that produce legal or similarly significant effects about you without human oversight.

6. Cookies, SDKs, Analytics, and Advertising

We and our vendors may use cookies, SDKs, pixels, tags, local storage, advertising identifiers, and similar technologies to:

  • Keep you signed in and remember preferences.
  • Measure usage, conversions, performance, and crashes.
  • Send or measure push notifications and engagement flows.
  • Support attribution, marketing measurement, ad delivery, or ad relevance, subject to applicable law and platform permissions.
  • Manage consent, fraud prevention, security, and abuse detection.

If you enable app-tracking or advertising permissions, or if applicable law otherwise permits it, we may share limited identifiers and event data with analytics, attribution, and advertising partners. Depending on your jurisdiction, some of this activity may be treated as a "sale," "sharing," or targeted advertising. You can reduce or limit certain tracking through your device settings, consent prompts, app permissions, browser controls, and by contacting us as described below.

Depending on the product surface and your configuration, these tools may include technologies or services provided by Google or Firebase, Apple, Meta, mobile ad network providers, app-store platforms, and subscription or attribution vendors such as RevenueCat.

7. When We Disclose Information

We may disclose information to the following categories of recipients:

7.1 Service providers and infrastructure partners

We may disclose information to vendors that help us host, store, secure, authenticate, analyze, support, message, measure, or operate the Services, including cloud infrastructure, databases, content storage, crash and analytics services, push-notification services, AI vendors, marketing and attribution vendors, subscription vendors, and payment-related vendors.

Depending on the feature, this may include providers and platforms such as Google or Firebase, Apple and the Apple App Store, Google Play, Meta, RevenueCat, OpenAI or similar model providers, cloud hosting providers, communications vendors, food or commerce partners, and customer-support or CRM vendors.

7.2 Connected integrations you enable

If you connect a third-party service, we exchange information with that provider as needed to operate the integration. For example:

  • Health-platform providers may receive data when you ask us to write approved health values back to your device.
  • Strava may receive or provide activity and sync data based on the scopes you approve.
  • Spotify may receive playback-control requests and provide device, account, and playback data.
  • Food, grocery, or delivery partners may receive search, cart, order, or store-context information required to complete those features.

7.3 Coaches, trainers, gyms, business customers, and CRM-linked organizations

If your account is linked to a coach, trainer, gym, location, or business program, we may disclose information reasonably necessary to support that relationship, including profile data, schedules, memberships, purchased-session status, progress information, messaging, check-ins, and operational context, subject to the permissions and workflows applicable to that relationship.

7.4 Community and sharing features

If you post, comment, react, follow, or otherwise use community, social, or sharing features, information you choose to submit may be visible to other users, coaches, trainers, gyms, or other intended audiences. Private-profile settings may limit visibility in some contexts, but they do not apply to content you intentionally submit for sharing, to authorized coaches or businesses, or to disclosures otherwise permitted by this Policy.

7.5 Marketing, attribution, sales, and CRM workflows

We may disclose identifiers, contact details, activation or purchase status, campaign fields, and related audience or onboarding metadata to our sales, CRM, attribution, and advertising partners to manage consultations, purchased coaching access, activation flows, campaign measurement, and customer lifecycle operations.

7.6 Legal, security, and corporate events

We may disclose information if we believe it is reasonably necessary to comply with law, regulation, court order, legal process, or a valid government request; enforce our terms or agreements; detect, investigate, or prevent fraud, abuse, security incidents, or illegal activity; protect rights, safety, and property; or in connection with a merger, financing, acquisition, reorganization, asset sale, or similar transaction.

8. Retention

We retain information for as long as reasonably necessary for the purposes described in this Policy, including to provide the Services, maintain your account, honor your choices, complete transactions, support coach or gym relationships, resolve disputes, enforce agreements, comply with law, preserve security evidence, and maintain backups or business records.

Retention periods vary by data type, context, sensitivity, whether the information is needed for an active feature or linked business workflow, and whether we must keep it for legal, tax, accounting, fraud-prevention, or audit reasons. We may retain de-identified or aggregated data for a longer period where permitted by law.

9. Security

We use administrative, technical, organizational, and physical safeguards designed to protect information. These may include access controls, authentication, transport security, storage protections, rate limiting, and operational monitoring. No method of transmission, storage, or processing is completely secure, and we cannot guarantee absolute security.

10. International Transfers

We and our vendors may process information in the United States and other countries that may have data-protection laws different from those in your place of residence. Where required by law, we use appropriate safeguards for cross-border transfers.

11. Your Choices and Rights

11.1 Account and feature controls

  • You may update certain profile information inside the Services.
  • You can disconnect supported integrations, change visibility settings, and adjust push-notification or marketing preferences where available.
  • You can change platform permissions such as camera, photos, health access, location, notifications, or app-tracking through your device or browser settings.

11.2 Access, correction, deletion, and portability requests

Subject to applicable law, you may request access to, correction of, deletion of, or a copy of certain personal information. We may need to verify your identity and may deny or limit a request where the law permits or requires us to do so.

If your request relates to Facebook Login or other Meta-connected data, follow the dedicated instructions at https://www.fittable.ai/dataDeletion.

11.3 U.S. state privacy rights

If you live in a state that provides privacy rights, you may have the right to know, access, delete, correct, or obtain a copy of certain personal information; opt out of certain sales, sharing, or targeted advertising; limit certain sensitive-data processing; or appeal a denied request. We do not knowingly sell personal information for money. To exercise rights that apply to you, contact us using the details below and include enough information for us to identify your account and request.

11.4 EEA, UK, and similar-region rights

If you are in the EEA, UK, or another region with similar rights, you may have the right to access, correct, erase, restrict, object to, or port certain personal data, and to withdraw consent where processing is based on consent. Our legal bases may include contract, legitimate interests, consent, and compliance with legal obligations, depending on the context.

12. Children

The Services are not directed to children under 13, and we do not knowingly collect personal information from children under 13 without appropriate authorization. If you believe a child provided us with personal information inappropriately, contact us and we will take steps consistent with applicable law.

13. Health, Wellness, and HIPAA Context

Fittable is generally offered as a fitness, wellness, nutrition, coaching, and performance platform. Even though the Services may process health-related or other sensitive information, the Services are not intended to create a doctor-patient, therapist-patient, or other licensed clinical relationship. Unless we expressly agree in a separate written contract, the Services are not offered as a HIPAA-covered healthcare service or business-associate service.

14. Changes to This Policy

We may update this Privacy Policy from time to time. If we do, we will post the updated version here and change the effective date above. Your continued use of the Services after an update means the updated Policy applies to the extent permitted by law.

15. Contact Us

Fittable LLC
Email: contact@fittable.ai

If you are making a privacy request, include your name, the email address or phone number associated with your account, your jurisdiction, and the specific request you want us to process.