Privacy Policy

Effective date: 30 May 2025

FitMe takes your privacy seriously, especially because we handle personal health data. This policy explains what we collect, how we use it, and your rights.

1. What we collect

When you sign in with Google we receive and store:

  • Your name and email address
  • Your Google profile photo URL
  • A Google OAuth access token and refresh token, used to read your Google Fit data on your behalf

From Google Fit we read (but do not permanently store):

  • Step count
  • Calories burned
  • Heart rate
  • Sleep activity

Fit data is fetched live on each dashboard load and is not saved to our database.

2. How we use your data

  • To authenticate you and maintain your session
  • To display your fitness summary on the dashboard
  • To refresh your Google Fit access when your token expires

We do not sell, rent, or share your data with third parties for advertising or marketing.

3. Google API data policy

FitMe's use of data received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:

  • We only request the Google Fit scopes necessary to show your fitness summary
  • We do not use your Google data to serve ads
  • We do not allow humans to read your Google data unless required by law or with your explicit consent
  • We do not transfer your Google data to third parties

4. Data storage and security

Your account data is stored in a Supabase database hosted in the Asia Pacific (Singapore) region. Access tokens are stored encrypted at rest. We use HTTPS for all data in transit.

5. Data retention

We retain your account data for as long as your account is active. You can request deletion at any time by emailing us. We will delete your profile and tokens within 30 days.

You can also revoke FitMe's access to your Google account at any time via Google Account Permissions.

6. Cookies and sessions

FitMe uses cookies solely to maintain your login session. We do not use tracking or advertising cookies.

7. Children's privacy

FitMe is not directed at children under 13. We do not knowingly collect data from children under 13.

8. Changes to this policy

We may update this policy. If we make material changes we will update the effective date above. Continued use of FitMe after changes are posted constitutes acceptance.

9. Contact

For privacy questions or data deletion requests, contact us at devatmadarth@gmail.com or kavin@madarth.com.