Fitness Tech
Privacy Policy
Effective date: May 17, 2026 · Last updated: May 17, 2026
MyFitnessTech ("the App") is developed and operated by Fitness Tech ("we," "us," or "our"), a small team of individuals currently organized as a Registered Student Organization (RSO) at the University of Washington, Seattle. Our organizational structure may evolve over time, but regardless of how we are organized, this Privacy Policy governs how the App handles your personal data. We are committed to protecting your privacy. This policy explains what data we collect, how we use it, and your rights regarding that data.
If any material changes occur to our data practices — including as a result of an organizational transition — we will update this policy and notify users through the App.
Data We Collect
Account Information
A Firebase user ID (UID) and your email address, collected when you sign in via Email/Password, Google, Apple, or Phone verification. Your email and UID are used for authentication and account management only — they are never shown to other users. If you sign in by phone, your phone number is used for verification only.
Public Profile
Information you choose to make part of the App's social features: your username, display name, an optional avatar image, and a friend code. This profile is visible to other users when you connect with them, and (if you enable it) discoverable through username search.
Friends & Social Graph
Friend requests you send or receive, and the friendships that result once both people accept. This lets the App show your friends list and route messages between connected users.
Messages
The content of 1:1 messages you send and receive, including text and photos. Message photos are handled on an ephemeral basis — see "Message Photos Are Ephemeral" below.
Notifications & Device Info
A push-notification token and your device platform (iOS or Android) so we can deliver message and friend-request notifications to the correct device. Notifications are optional and controlled through your device's operating system settings.
Anti-Abuse Counters
Lightweight counters and timestamps (for example, how many friend requests or messages have been sent in a given window) used solely to enforce rate limits and spam cooldowns and to keep the social features safe.
Workout & Fitness Data
Exercise type, repetition counts, sets, weight, workout duration, and session history logged manually through the App or automatically via connected devices.
Health Metrics
Heart rate, sleep logs, nutrition entries, hydration data, glucose, steps, active energy, body measurements, weight, workouts, and other health information you manually enter, sync from connected devices, or optionally import from Apple Health (HealthKit) on iOS and Health Connect on Android.
Progress Photos
Photos you capture using the in-app camera or select from your device's photo library for the purpose of tracking physical progress over time. Photos may include metadata such as the date taken. Progress photos are stored in the cloud and associated with your authenticated account. They are private to you and are not shown to other users.
Bluetooth Device Data
Sensor readings (accelerometer, gyroscope, flow rate, temperature) transmitted from BioBand, SipSync, and other compatible devices via Bluetooth Low Energy. Device connectivity is optional — the App is fully functional without any connected hardware.
Usage Data
App interaction patterns, feature usage, crash reports, and performance metrics collected to improve the App experience.
Message Photos Are Ephemeral
Photos sent inside 1:1 messages are treated as ephemeral content. When you send a photo in a message:
- It is stored encrypted at rest in our cloud only for as long as needed to deliver it.
- It is automatically deleted from the cloud after delivery, and in all cases no later than 7 days after it is sent, whichever comes first.
- The recipient keeps a local copy on their own device only. After the cloud copy is deleted, we no longer hold the image on our servers.
Because recipients retain a local copy, you should only send photos to people you trust. Text messages are retained as part of your conversation history until the conversation is deleted (for example, by unfriending) or your account is deleted.
Device Permissions
The App may request the following device permissions. Each permission is optional and only used for the specific feature described. You can manage these permissions at any time through your device's Settings.
Camera
Used to capture progress photos or take a photo to send in a message. The camera is only activated when you choose to take a new photo. We do not access your camera in the background.
Photo Library
Used to select existing photos from your device for progress tracking or to attach to a message. We only access the specific photos you select — we do not scan, index, or access your full photo library.
Notifications
Used to alert you about new messages and friend requests. Notifications are entirely optional and can be turned off at any time in your device's operating system settings.
Bluetooth
Used to connect to Fitness Tech hardware devices (BioBand, SipSync) for enhanced workout and hydration tracking. Bluetooth access is entirely optional — all core App features work without it.
Apple Health (HealthKit) — iOS
Used to read health and fitness data such as workouts, heart rate, steps, active energy, sleep, body measurements, and nutrition. The App currently only reads data from Apple Health and does not write data back. You choose which data types to share when you first connect Apple Health, and you can change or revoke access at any time in iOS Settings → Privacy & Security → Health. The App is fully functional without granting Apple Health access.
Health Connect — Android
Used to read health and fitness data such as workouts, heart rate, steps, active energy, sleep, body measurements, and nutrition through Android's Health Connect platform. The App currently only reads data from Health Connect and does not write data back. You choose which data types to share when you first connect Health Connect, and you can change or revoke access at any time in the Health Connect settings on your device. The App is fully functional without granting Health Connect access.
How We Use Your Data
We use your data solely to operate, maintain, secure, and improve the App and its features. This includes authenticating your account; tracking workouts and displaying health dashboards; storing and displaying your private progress photos; powering the social features (profiles, username search, friend requests, friendships, and 1:1 messaging); delivering notifications; enforcing anti-abuse rate limits; generating personalized fitness insights; and powering AI-driven features.
We do not sell your data. We do not use your data for advertising or for any third-party advertising or data-broker purposes. App data is processed and stored using Google Firebase and Google Cloud infrastructure, subject to Google's Firebase Terms and the Firebase Privacy and Security policy.
Apple Health (HealthKit) & Health Connect
On iOS, the App may integrate with Apple Health through Apple's HealthKit framework. On Android, the App may integrate with Health Connect. These integrations are entirely optional. You choose whether to enable them, and you control which specific data types the App can read through the Apple Health or Health Connect permission screens. You can revoke access at any time from your device's settings.
When you grant access, the App reads data such as workouts, heart rate, steps, active energy, sleep, body measurements, and nutrition in order to display your progress, generate insights, and personalize features within the App. The App currently only reads data from Apple Health and Health Connect — it does not write data back to either platform. If this changes in the future, we will update this policy and the in-app permission prompts to reflect the new data flows.
We treat data obtained from Apple Health (HealthKit) and Health Connect with the highest level of care. Specifically:
No advertising or marketing use
We do not use HealthKit or Health Connect data for advertising, marketing, or other use-based data mining purposes.
No sale or sharing for advertising
We do not sell, rent, or disclose HealthKit or Health Connect data to advertising platforms, data brokers, or information resellers.
Disclosure only with your consent
We do not disclose HealthKit or Health Connect data to third parties without your explicit consent, except as required to provide a feature you have requested or as required by law.
Local processing where possible
HealthKit and Health Connect data is processed on your device whenever feasible. Data is only synced to our cloud when needed to provide cross-device access or features you have enabled.
Your use of Apple Health is also governed by Apple's privacy practices, and your use of Health Connect is governed by Google's privacy practices for that platform.
AI-Powered Features
The App may offer AI-powered features such as fitness coaching, exercise analysis, image recognition, and personalized recommendations. When you use these features, relevant data (such as text prompts, images, or fitness context) may be sent to third-party AI service providers for processing. These providers are contractually obligated to process your data only for the purpose of delivering the requested functionality and in accordance with their respective privacy policies.
AI service providers we may use include, but are not limited to, Google (Gemini), Anthropic (Claude), and OpenAI. The specific providers used may change over time as we optimize our technology stack. We will update this policy to reflect any material changes in how AI features process your data.
Third-Party Services
The App relies on the following categories of third-party services to operate:
Cloud Infrastructure & Authentication
We use Google Firebase and Google Cloud for user authentication, cloud database storage, messaging delivery, push notifications, app attestation, and analytics. Data is processed under Google's Privacy and Security policy and the Firebase Terms.
Cloud Media Storage
Progress photos and message photos are stored using cloud storage tied to your authenticated account and are not accessible to other users. Stored media is encrypted at rest. Message photos are deleted on the ephemeral schedule described above.
AI & Machine Learning Providers
We use third-party AI services to power intelligent features and automated content-safety screening within the App. Data sent to these services is limited to what is necessary for the requested functionality.
Analytics & Performance
We may use analytics services to understand how the App is used and to diagnose technical issues. This data is aggregated and not used to personally identify you.
We do not sell, rent, or trade your personal data to any third party for marketing or advertising purposes.
Data Storage & Security
We use industry-standard safeguards to protect your data, including:
- Encryption in transit and at rest: all data is transmitted over encrypted connections (TLS) and stored encrypted at rest.
- Server-side access controls: security rules restrict data so that authenticated users can only access their own information and the conversations they are a part of.
- App attestation (App Check): requests to our backend are verified using app attestation to block traffic from tampered or unauthorized clients.
- Automated content-safety screening: images sent through the App are automatically screened for unsafe content before they are delivered.
- Rate limits and spam cooldowns: friend requests and messaging are rate-limited, with cooldown periods to deter spam and abuse.
While we implement reasonable security measures to protect your data, no method of electronic storage or transmission is 100% secure, and we cannot guarantee absolute security.
Content & Conduct Policy
The App's social features are intended for friendly, fitness-oriented communication. You may not use messaging, profiles, or any other feature to send or display content that is sexually explicit or lewd, harassing, threatening, hateful, or otherwise abusive, or that is illegal or promotes illegal activity.
Images sent through the App are automatically screened for unsafe content. Accounts that violate this policy may be restricted, suspended, or terminated, and offending content may be removed. You can report abuse or unwanted contact at any time — see "Your Privacy Controls & Rights" below.
Your Privacy Controls & Rights
You have meaningful control over your data and how you appear in the App:
Discoverability toggle
A privacy setting — "Discoverable by username search" — controls whether other people can find your profile by searching your username. When turned off, others can still connect with you only via your friend code or QR code.
Unfriend
Unfriending a user removes the friendship and permanently wipes the 1:1 conversation for both sides, including any messages and message photos still held in the cloud.
Notifications
Push notifications are optional and can be enabled or disabled at any time through your device's operating system settings.
Account deletion
Deleting your account immediately and permanently erases all of your data, including your account record, public profile, username, friends and friend requests, conversations and messages, message and progress photos, push-notification token, and health and workout data. No personal data is retained after account deletion. See our account deletion instructions.
Access & export
Depending on your jurisdiction, you may have the right to access, correct, export, or restrict the processing of your personal data. Contact us using the information below and we will respond within 30 days.
Report abuse
You can report abusive messages or users from within the App, or by emailing us at [email protected]. We review reports and may restrict or remove violating accounts.
To request a copy of your data or full deletion of your account and data, you can use the in-app account deletion option or contact us at [email protected].
Data Retention
We retain your personal data for as long as your account is active or as needed to provide the App's services. Text messages are retained as part of your conversation history until the conversation is deleted (for example, by unfriending) or your account is deleted. Message photos follow the ephemeral schedule described above (deleted after delivery, and within 7 days at most). If you delete your account, deletion is immediate: we permanently remove your personal data — including profile, username, friends, messages, message and progress photos, push-notification token, and health and workout data — and no personal data is retained after account deletion. See our account deletion instructions.
You may delete individual progress photos at any time from within the App. Deleted photos are removed from cloud storage promptly.
Age Requirements
The App is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with personal data, please contact us and we will delete it promptly.
App store age ratings differ by platform: MyFitnessTech is rated 16+ on the Apple App Store and 12+ on Google Play. You must meet the minimum age required by your platform's store rating and any applicable minimum age in your jurisdiction to use the App, and by using the App you confirm that you do.
Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or organizational structure. Material changes will be communicated through the App or via email. The "Effective date" and "Last updated" dates at the top of this page indicate when the policy was most recently revised. Continued use of the App after changes constitutes acceptance of the revised policy.
Contact
If you have questions about this Privacy Policy, your data, or wish to exercise your privacy rights, contact us at:
[email protected]
Fitness Tech — Seattle, Washington