Fitness Tech

Privacy Policy

Effective date: May 17, 2026  ·  Last updated: June 3, 2026

MyFitnessTech ("the App") is developed and operated by Fitness Tech ("we," "us," or "our"), a small team of individuals currently organized as a Registered Student Organization (RSO) at the University of Washington, Seattle. Our organizational structure may evolve over time, but regardless of how we are organized, this Privacy Policy governs how the App handles your personal data. We are committed to protecting your privacy. This policy explains what data we collect, how we use it, and your rights regarding that data.

If any material changes occur to our data practices — including as a result of an organizational transition — we will update this policy and notify users through the App.

Data We Collect

Account Information A Firebase user ID (UID) and your email address, collected when you sign in via Email/Password, Google, Apple, or Phone verification. Your email and UID are used for authentication and account management only — they are never shown to other users. If you sign in by phone, your phone number is used for verification only.
Public Profile Information you choose to make part of the App's social features: your username, display name, an optional avatar image, and a friend code. This profile is visible to other users when you connect with them, and (if you enable it) discoverable through username search.
Friends & Social Graph Friend requests you send or receive, and the friendships that result once both people accept. This lets the App show your friends list and route messages between connected users.
Messages The content of 1:1 messages you send and receive, including text and photos. Message photos are handled on an ephemeral basis — see "Message Photos Are Ephemeral" below.
Notifications & Device Info A push-notification token and your device platform (iOS or Android) so we can deliver message and friend-request notifications to the correct device. Notifications are optional and controlled through your device's operating system settings.
Anti-Abuse Counters Lightweight counters and timestamps (for example, how many friend requests or messages have been sent in a given window) used solely to enforce rate limits and spam cooldowns and to keep the social features safe.
Workout & Fitness Data Exercise type, repetition counts, sets, weight, workout duration, and session history logged manually through the App or automatically via connected devices.
Health Metrics Heart rate, sleep logs, nutrition entries, hydration data, glucose, steps, active energy, body measurements, weight, workouts, and other health information you manually enter, sync from connected devices, or optionally import from Apple Health (HealthKit) on iOS and Health Connect on Android.
Progress Photos Photos you capture using the in-app camera or select from your device's photo library for the purpose of tracking physical progress over time. Photos may include metadata such as the date taken. Progress photos are stored in the cloud and associated with your authenticated account. They are private to you and are not shown to other users.
Bluetooth Device Data Sensor readings (accelerometer, gyroscope, flow rate, temperature) transmitted from BioBand, SipSync, and other compatible devices via Bluetooth Low Energy. Device connectivity is optional — the App is fully functional without any connected hardware.
Usage Data App interaction patterns, feature usage, crash reports, and performance metrics collected to improve the App experience.

Message Photos Are Ephemeral

Photos sent inside 1:1 messages are treated as ephemeral content. When you send a photo in a message:

Because recipients retain a local copy, you should only send photos to people you trust. Text messages are retained as part of your conversation history until the conversation is deleted (for example, by unfriending) or your account is deleted.

Device Permissions

The App may request the following device permissions. Each permission is optional and only used for the specific feature described. You can manage these permissions at any time through your device's Settings.

Camera Used to capture progress photos or take a photo to send in a message. The camera is only activated when you choose to take a new photo. We do not access your camera in the background.
Photo Library Used to select existing photos from your device for progress tracking or to attach to a message. We only access the specific photos you select — we do not scan, index, or access your full photo library.
Notifications Used to alert you about new messages and friend requests. Notifications are entirely optional and can be turned off at any time in your device's operating system settings.
Bluetooth Used to connect to Fitness Tech hardware devices (BioBand, SipSync) for enhanced workout and hydration tracking. Bluetooth access is entirely optional — all core App features work without it.
Apple Health (HealthKit) — iOS Used to read health and fitness data such as workouts, heart rate, steps, active energy, sleep, body measurements, and nutrition. The App currently only reads data from Apple Health and does not write data back. You choose which data types to share when you first connect Apple Health, and you can change or revoke access at any time in iOS Settings → Privacy & Security → Health. The App is fully functional without granting Apple Health access.
Health Connect — Android Used to read health and fitness data such as workouts, heart rate, steps, active energy, sleep, body measurements, and nutrition through Android's Health Connect platform. The App currently only reads data from Health Connect and does not write data back. You choose which data types to share when you first connect Health Connect, and you can change or revoke access at any time in the Health Connect settings on your device. The App is fully functional without granting Health Connect access.

How We Use Your Data

We use your data solely to operate, maintain, secure, and improve the App and its features. This includes authenticating your account; tracking workouts and displaying health dashboards; storing and displaying your private progress photos; powering the social features (profiles, username search, friend requests, friendships, and 1:1 messaging); delivering notifications; enforcing anti-abuse rate limits; generating personalized fitness insights; and powering AI-driven features.

We do not sell your data. We do not use your data for advertising or for any third-party advertising or data-broker purposes. App data is processed and stored using Google Firebase and Google Cloud infrastructure, subject to Google's Firebase Terms and the Firebase Privacy and Security policy.

Apple Health (HealthKit)

When you grant MyFitnessTech permission to read or write health data through Apple Health, the following applies:

You can revoke our access at any time from iOS Settings → Health → Data Access & Devices → MyFitnessTech.

When you grant access, the App reads data such as workouts, heart rate, steps, active energy, sleep, body measurements, and nutrition in order to display your progress, generate insights, and personalize features within the App. The App currently only reads data from Apple Health and does not write data back. If this changes in the future, we will update this policy and the in-app permission prompts to reflect the new data flows. HealthKit data is processed on your device whenever feasible, and is only synced to our cloud when needed to provide cross-device access or features you have enabled.

Your use of Apple Health is also governed by Apple's privacy practices.

Google Health Connect (Android)

When you grant MyFitnessTech permission to read or write health data through Health Connect, the following applies:

When you grant access, the App reads data such as workouts, heart rate, steps, active energy, sleep, body measurements, and nutrition in order to display your progress, generate insights, and personalize features within the App. The App currently only reads data from Health Connect and does not write data back. If this changes in the future, we will update this policy and the in-app permission prompts to reflect the new data flows. Health Connect data is processed on your device whenever feasible, and is only synced to our cloud when needed to provide cross-device access or features you have enabled.

Your use of Health Connect is governed by Google's privacy practices for that platform.

AI-Powered Features

The App may offer AI-powered features such as fitness coaching, exercise analysis, image recognition, and personalized recommendations. When you use these features, relevant data (such as text prompts, images, or fitness context) may be sent to third-party AI service providers for processing. These providers are contractually obligated to process your data only for the purpose of delivering the requested functionality and in accordance with their respective privacy policies.

AI service providers we may use include, but are not limited to, Google (Gemini), Anthropic (Claude), and OpenAI. The specific providers used may change over time as we optimize our technology stack. We will update this policy to reflect any material changes in how AI features process your data.

In-App Purchases

MyFitnessTech offers optional cosmetic purchases (themes, icon borders, username changes). All payments are processed by Apple or Google through their respective in-app purchase systems.

Third-Party Services

The App relies on the following categories of third-party services to operate. Firebase, our primary cloud provider, is operated by Google and hosted in the United States.

Cloud Infrastructure & Authentication We use Google Firebase and Google Cloud (United States) for user authentication, cloud database storage, messaging delivery, push notifications, app attestation, and analytics. Firebase acts as our data processor. Data is processed under Google's Privacy and Security policy and the Firebase Terms.
In-App Purchase Management RevenueCat manages purchase records and entitlements for our cosmetic in-app purchases. RevenueCat receives only an anonymized user identifier, the product purchased, and the transaction ID — not your name, email, or payment details.
Cloud Media Storage Progress photos and message photos are stored using cloud storage tied to your authenticated account and are not accessible to other users. Stored media is encrypted at rest. Message photos are deleted on the ephemeral schedule described above.
AI & Machine Learning Providers We use third-party AI services to power intelligent features and automated content-safety screening within the App. Data sent to these services is limited to what is necessary for the requested functionality.
Analytics & Performance We may use analytics services to understand how the App is used and to diagnose technical issues. This data is aggregated and not used to personally identify you.

We do not sell, rent, or trade your personal data to any third party for marketing or advertising purposes.

Data Storage & Security

We use industry-standard safeguards to protect your data, including:

While we implement reasonable security measures to protect your data, no method of electronic storage or transmission is 100% secure, and we cannot guarantee absolute security.

Social Features

If you opt into MyFitnessTech's social features (friends, messaging, leaderboards), the following data is stored on our servers (Firebase, hosted in the United States):

Photos sent in messages are ephemeral — they are deleted from our servers shortly after delivery and within at most 7 days of being sent.

We retain user-reported content for moderation review for up to 30 days after the report is resolved.

You can hide yourself from username search at any time via Settings → Social. You can delete your account at any time via Settings → Account → Delete Account. Account deletion removes all associated data within 30 days, except where retention is legally required.

Content & Conduct Policy

The App's social features are intended for friendly, fitness-oriented communication. You may not use messaging, profiles, or any other feature to send or display content that is sexually explicit or lewd, harassing, threatening, hateful, or otherwise abusive, or that is illegal or promotes illegal activity.

Images sent through the App are automatically screened for unsafe content. Accounts that violate this policy may be restricted, suspended, or terminated, and offending content may be removed. You can report abuse or unwanted contact at any time — see "Your Privacy Controls & Rights" below.

Your Privacy Controls & Rights

You have meaningful control over your data and how you appear in the App:

Discoverability toggle A privacy setting — "Discoverable by username search" — controls whether other people can find your profile by searching your username. When turned off, others can still connect with you only via your friend code or QR code.
Unfriend Unfriending a user removes the friendship and permanently wipes the 1:1 conversation for both sides, including any messages and message photos still held in the cloud.
Notifications Push notifications are optional and can be enabled or disabled at any time through your device's operating system settings.
Account deletion You can delete your account at any time from Settings → Account → Delete Account. Deletion is initiated immediately and all associated data — including your account record, public profile, username, friends and friend requests, conversations and messages, message and progress photos, push-notification token, and health and workout data — is removed from our active systems within 30 days, except where retention is required by law. See our account deletion instructions.
GDPR & CCPA rights — access, deletion, export If you are a resident of the EU/EEA, UK, or California (or another jurisdiction with similar protections), you have the right to access, correct, export, or request deletion of your personal data, and to restrict or object to certain processing. To exercise any of these rights, email us at [email protected] from the address tied to your account. We will respond within 30 days.
Report abuse You can report abusive messages or users from within the App, or by emailing us at [email protected]. We review reports and may restrict or remove violating accounts.

To request a copy of your data or full deletion of your account and data, you can use the in-app account deletion option or contact us at [email protected].

Data Retention

We retain your personal data for as long as your account is active or as needed to provide the App's services. Some categories of health and activity data are retained for shorter, fixed windows so that detailed data does not accumulate beyond what is useful:

Heart rate Retained for 1 day, then aggregated.
Sleep Retained for 365 days.
Glucose Retained for 180 days.
Water / hydration Retained for 90 days.
Weight Retained for 730 days.

Text messages are retained as part of your conversation history until the conversation is deleted (for example, by unfriending) or your account is deleted. Message photos follow the ephemeral schedule described above (deleted after delivery, and within 7 days at most). User-reported content is retained for moderation review for up to 30 days after the report is resolved.

If you delete your account, deletion is initiated immediately and all associated personal data — including profile, username, friends, messages, message and progress photos, push-notification token, and health and workout data — is removed from our active systems within 30 days, except where retention is required by law. See our account deletion instructions.

You may delete individual progress photos at any time from within the App. Deleted photos are removed from cloud storage promptly.

Age Requirements

The App is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with personal data, please contact us and we will delete it promptly.

App store age ratings differ by platform: MyFitnessTech is rated 16+ on the Apple App Store and 12+ on Google Play. You must meet the minimum age required by your platform's store rating and any applicable minimum age in your jurisdiction to use the App, and by using the App you confirm that you do.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or organizational structure. Material changes will be communicated through the App or via email. The "Effective date" and "Last updated" dates at the top of this page indicate when the policy was most recently revised. Continued use of the App after changes constitutes acceptance of the revised policy.

Contact

If you have questions about this Privacy Policy, your data, or wish to exercise your privacy rights, contact us at:

[email protected]

Fitness Tech — Seattle, Washington