Fitness Tech
Privacy Policy
Effective date: May 17, 2026 · Last updated: June 3, 2026
MyFitnessTech ("the App") is developed and operated by Fitness Tech ("we," "us," or "our"), a small team of individuals currently organized as a Registered Student Organization (RSO) at the University of Washington, Seattle. Our organizational structure may evolve over time, but regardless of how we are organized, this Privacy Policy governs how the App handles your personal data. We are committed to protecting your privacy. This policy explains what data we collect, how we use it, and your rights regarding that data.
If any material changes occur to our data practices — including as a result of an organizational transition — we will update this policy and notify users through the App.
Data We Collect
Account Information
A Firebase user ID (UID) and your email address, collected when you sign in via Email/Password, Google, Apple, or Phone verification. Your email and UID are used for authentication and account management only — they are never shown to other users. If you sign in by phone, your phone number is used for verification only.
Public Profile
Information you choose to make part of the App's social features: your username, display name, an optional avatar image, and a friend code. This profile is visible to other users when you connect with them, and (if you enable it) discoverable through username search.
Friends & Social Graph
Friend requests you send or receive, and the friendships that result once both people accept. This lets the App show your friends list and route messages between connected users.
Messages
The content of 1:1 messages you send and receive, including text and photos. Message photos are handled on an ephemeral basis — see "Message Photos Are Ephemeral" below.
Notifications & Device Info
A push-notification token and your device platform (iOS or Android) so we can deliver message and friend-request notifications to the correct device. Notifications are optional and controlled through your device's operating system settings.
Anti-Abuse Counters
Lightweight counters and timestamps (for example, how many friend requests or messages have been sent in a given window) used solely to enforce rate limits and spam cooldowns and to keep the social features safe.
Workout & Fitness Data
Exercise type, repetition counts, sets, weight, workout duration, and session history logged manually through the App or automatically via connected devices.
Health Metrics
Heart rate, sleep logs, nutrition entries, hydration data, glucose, steps, active energy, body measurements, weight, workouts, and other health information you manually enter, sync from connected devices, or optionally import from Apple Health (HealthKit) on iOS and Health Connect on Android.
Progress Photos
Photos you capture using the in-app camera or select from your device's photo library for the purpose of tracking physical progress over time. Photos may include metadata such as the date taken. Progress photos are stored in the cloud and associated with your authenticated account. They are private to you and are not shown to other users.
Bluetooth Device Data
Sensor readings (accelerometer, gyroscope, flow rate, temperature) transmitted from BioBand, SipSync, and other compatible devices via Bluetooth Low Energy. Device connectivity is optional — the App is fully functional without any connected hardware.
Usage Data
App interaction patterns, feature usage, crash reports, and performance metrics collected to improve the App experience.
Message Photos Are Ephemeral
Photos sent inside 1:1 messages are treated as ephemeral content. When you send a photo in a message:
- It is stored encrypted at rest in our cloud only for as long as needed to deliver it.
- It is automatically deleted from the cloud after delivery, and in all cases no later than 7 days after it is sent, whichever comes first.
- The recipient keeps a local copy on their own device only. After the cloud copy is deleted, we no longer hold the image on our servers.
Because recipients retain a local copy, you should only send photos to people you trust. Text messages are retained as part of your conversation history until the conversation is deleted (for example, by unfriending) or your account is deleted.
Device Permissions
The App may request the following device permissions. Each permission is optional and only used for the specific feature described. You can manage these permissions at any time through your device's Settings.
Camera
Used to capture progress photos or take a photo to send in a message. The camera is only activated when you choose to take a new photo. We do not access your camera in the background.
Photo Library
Used to select existing photos from your device for progress tracking or to attach to a message. We only access the specific photos you select — we do not scan, index, or access your full photo library.
Notifications
Used to alert you about new messages and friend requests. Notifications are entirely optional and can be turned off at any time in your device's operating system settings.
Bluetooth
Used to connect to Fitness Tech hardware devices (BioBand, SipSync) for enhanced workout and hydration tracking. Bluetooth access is entirely optional — all core App features work without it.
Apple Health (HealthKit) — iOS
Used to read health and fitness data such as workouts, heart rate, steps, active energy, sleep, body measurements, and nutrition. The App currently only reads data from Apple Health and does not write data back. You choose which data types to share when you first connect Apple Health, and you can change or revoke access at any time in iOS Settings → Privacy & Security → Health. The App is fully functional without granting Apple Health access.
Health Connect — Android
Used to read health and fitness data such as workouts, heart rate, steps, active energy, sleep, body measurements, and nutrition through Android's Health Connect platform. The App currently only reads data from Health Connect and does not write data back. You choose which data types to share when you first connect Health Connect, and you can change or revoke access at any time in the Health Connect settings on your device. The App is fully functional without granting Health Connect access.
How We Use Your Data
We use your data solely to operate, maintain, secure, and improve the App and its features. This includes authenticating your account; tracking workouts and displaying health dashboards; storing and displaying your private progress photos; powering the social features (profiles, username search, friend requests, friendships, and 1:1 messaging); delivering notifications; enforcing anti-abuse rate limits; generating personalized fitness insights; and powering AI-driven features.
We do not sell your data. We do not use your data for advertising or for any third-party advertising or data-broker purposes. App data is processed and stored using Google Firebase and Google Cloud infrastructure, subject to Google's Firebase Terms and the Firebase Privacy and Security policy.
Apple Health (HealthKit)
When you grant MyFitnessTech permission to read or write health data through Apple Health, the following applies:
- Your Apple Health data is not used for advertising or marketing purposes.
- Your Apple Health data is not sold to third parties or shared without your explicit consent.
- Apple Health data is stored on your device and encrypted in transit when synced to our servers.
You can revoke our access at any time from iOS Settings → Health → Data Access & Devices → MyFitnessTech.
When you grant access, the App reads data such as workouts, heart rate, steps, active energy, sleep, body measurements, and nutrition in order to display your progress, generate insights, and personalize features within the App. The App currently only reads data from Apple Health and does not write data back. If this changes in the future, we will update this policy and the in-app permission prompts to reflect the new data flows. HealthKit data is processed on your device whenever feasible, and is only synced to our cloud when needed to provide cross-device access or features you have enabled.
Your use of Apple Health is also governed by Apple's privacy practices.
Google Health Connect (Android)
When you grant MyFitnessTech permission to read or write health data through Health Connect, the following applies:
- Your Health Connect data is accessed only with your explicit permission, granted through Health Connect's own permission UI.
- Your Health Connect data is not used for advertising and is not sold to third parties.
- You can revoke our access at any time from Health Connect's Settings → App permissions.
When you grant access, the App reads data such as workouts, heart rate, steps, active energy, sleep, body measurements, and nutrition in order to display your progress, generate insights, and personalize features within the App. The App currently only reads data from Health Connect and does not write data back. If this changes in the future, we will update this policy and the in-app permission prompts to reflect the new data flows. Health Connect data is processed on your device whenever feasible, and is only synced to our cloud when needed to provide cross-device access or features you have enabled.
Your use of Health Connect is governed by Google's privacy practices for that platform.
AI-Powered Features
The App may offer AI-powered features such as fitness coaching, exercise analysis, image recognition, and personalized recommendations. When you use these features, relevant data (such as text prompts, images, or fitness context) may be sent to third-party AI service providers for processing. These providers are contractually obligated to process your data only for the purpose of delivering the requested functionality and in accordance with their respective privacy policies.
AI service providers we may use include, but are not limited to, Google (Gemini), Anthropic (Claude), and OpenAI. The specific providers used may change over time as we optimize our technology stack. We will update this policy to reflect any material changes in how AI features process your data.
In-App Purchases
MyFitnessTech offers optional cosmetic purchases (themes, icon borders, username changes). All payments are processed by Apple or Google through their respective in-app purchase systems.
- We use RevenueCat to manage purchase records and deliver entitlements. RevenueCat receives an anonymized user identifier, the product purchased, and the transaction ID. RevenueCat does not receive your name, email, or payment details.
- We do not store credit card or payment information. All payment processing is handled exclusively by Apple or Google.
- Refunds are handled by Apple (apps.apple.com/account/billing) or Google (play.google.com), per their platform refund policies.
Third-Party Services
The App relies on the following categories of third-party services to operate. Firebase, our primary cloud provider, is operated by Google and hosted in the United States.
Cloud Infrastructure & Authentication
We use Google Firebase and Google Cloud (United States) for user authentication, cloud database storage, messaging delivery, push notifications, app attestation, and analytics. Firebase acts as our data processor. Data is processed under Google's Privacy and Security policy and the Firebase Terms.
In-App Purchase Management
RevenueCat manages purchase records and entitlements for our cosmetic in-app purchases. RevenueCat receives only an anonymized user identifier, the product purchased, and the transaction ID — not your name, email, or payment details.
Cloud Media Storage
Progress photos and message photos are stored using cloud storage tied to your authenticated account and are not accessible to other users. Stored media is encrypted at rest. Message photos are deleted on the ephemeral schedule described above.
AI & Machine Learning Providers
We use third-party AI services to power intelligent features and automated content-safety screening within the App. Data sent to these services is limited to what is necessary for the requested functionality.
Analytics & Performance
We may use analytics services to understand how the App is used and to diagnose technical issues. This data is aggregated and not used to personally identify you.
We do not sell, rent, or trade your personal data to any third party for marketing or advertising purposes.
Data Storage & Security
We use industry-standard safeguards to protect your data, including:
- Encryption in transit and at rest: all data is transmitted over encrypted connections (TLS) and stored encrypted at rest.
- Server-side access controls: security rules restrict data so that authenticated users can only access their own information and the conversations they are a part of.
- App attestation (App Check): requests to our backend are verified using app attestation to block traffic from tampered or unauthorized clients.
- Automated content-safety screening: images sent through the App are automatically screened for unsafe content before they are delivered.
- Rate limits and spam cooldowns: friend requests and messaging are rate-limited, with cooldown periods to deter spam and abuse.
While we implement reasonable security measures to protect your data, no method of electronic storage or transmission is 100% secure, and we cannot guarantee absolute security.
Social Features
If you opt into MyFitnessTech's social features (friends, messaging, leaderboards), the following data is stored on our servers (Firebase, hosted in the United States):
- Your username, display name, avatar, and friend connections
- Messages you send to friends, including text and photos
- Reports and blocks you submit
Photos sent in messages are ephemeral — they are deleted from our servers shortly after delivery and within at most 7 days of being sent.
We retain user-reported content for moderation review for up to 30 days after the report is resolved.
You can hide yourself from username search at any time via Settings → Social. You can delete your account at any time via Settings → Account → Delete Account. Account deletion removes all associated data within 30 days, except where retention is legally required.
Content & Conduct Policy
The App's social features are intended for friendly, fitness-oriented communication. You may not use messaging, profiles, or any other feature to send or display content that is sexually explicit or lewd, harassing, threatening, hateful, or otherwise abusive, or that is illegal or promotes illegal activity.
Images sent through the App are automatically screened for unsafe content. Accounts that violate this policy may be restricted, suspended, or terminated, and offending content may be removed. You can report abuse or unwanted contact at any time — see "Your Privacy Controls & Rights" below.
Your Privacy Controls & Rights
You have meaningful control over your data and how you appear in the App:
Discoverability toggle
A privacy setting — "Discoverable by username search" — controls whether other people can find your profile by searching your username. When turned off, others can still connect with you only via your friend code or QR code.
Unfriend
Unfriending a user removes the friendship and permanently wipes the 1:1 conversation for both sides, including any messages and message photos still held in the cloud.
Notifications
Push notifications are optional and can be enabled or disabled at any time through your device's operating system settings.
Account deletion
You can delete your account at any time from Settings → Account → Delete Account. Deletion is initiated immediately and all associated data — including your account record, public profile, username, friends and friend requests, conversations and messages, message and progress photos, push-notification token, and health and workout data — is removed from our active systems within 30 days, except where retention is required by law. See our account deletion instructions.
GDPR & CCPA rights — access, deletion, export
If you are a resident of the EU/EEA, UK, or California (or another jurisdiction with similar protections), you have the right to access, correct, export, or request deletion of your personal data, and to restrict or object to certain processing. To exercise any of these rights, email us at [email protected] from the address tied to your account. We will respond within 30 days.
Report abuse
You can report abusive messages or users from within the App, or by emailing us at [email protected]. We review reports and may restrict or remove violating accounts.
To request a copy of your data or full deletion of your account and data, you can use the in-app account deletion option or contact us at [email protected].
Data Retention
We retain your personal data for as long as your account is active or as needed to provide the App's services. Some categories of health and activity data are retained for shorter, fixed windows so that detailed data does not accumulate beyond what is useful:
Heart rate
Retained for 1 day, then aggregated.
Sleep
Retained for 365 days.
Glucose
Retained for 180 days.
Water / hydration
Retained for 90 days.
Weight
Retained for 730 days.
Text messages are retained as part of your conversation history until the conversation is deleted (for example, by unfriending) or your account is deleted. Message photos follow the ephemeral schedule described above (deleted after delivery, and within 7 days at most). User-reported content is retained for moderation review for up to 30 days after the report is resolved.
If you delete your account, deletion is initiated immediately and all associated personal data — including profile, username, friends, messages, message and progress photos, push-notification token, and health and workout data — is removed from our active systems within 30 days, except where retention is required by law. See our account deletion instructions.
You may delete individual progress photos at any time from within the App. Deleted photos are removed from cloud storage promptly.
Age Requirements
The App is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with personal data, please contact us and we will delete it promptly.
App store age ratings differ by platform: MyFitnessTech is rated 16+ on the Apple App Store and 12+ on Google Play. You must meet the minimum age required by your platform's store rating and any applicable minimum age in your jurisdiction to use the App, and by using the App you confirm that you do.
Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or organizational structure. Material changes will be communicated through the App or via email. The "Effective date" and "Last updated" dates at the top of this page indicate when the policy was most recently revised. Continued use of the App after changes constitutes acceptance of the revised policy.
Contact
If you have questions about this Privacy Policy, your data, or wish to exercise your privacy rights, contact us at:
[email protected]
Fitness Tech — Seattle, Washington