Privacy Policy

This Privacy Policy explains how fitMetrics Inc., a Delaware USA corporation (“Company,” “we,” “us,” or “our”) collects, uses, discloses, and protects Personal Data when you use the fitMetrics mobile device application (the “App”). The fitMetrics Privacy Policies apply to Personal Data including Fitness & Health Data collected through the App and related services (collectively, the “Services”).

Scope.

Part I is the fitMetrics General Privacy Policy Disclosures.

Part II is a Jurisdiction Specific Consumer Health Data Supplement (“Consumer Health Data Supplement” and discloses to the subscriber (“you” or “your”) how we collect and process “Consumer Health Data” as certain applicable US state laws define the term and in some cases also require a separate/supplemental Consumer Health Data Supplement disclosures and restrictions for Consumer Health Data. The Consumer Health Data Supplement applies to the extent required by applicable US state laws. Since the Consumer Health Data Supplement augments our general Privacy Policy, in the event of a conflict between our General Privacy Policy (Part I) and the Consumer Health Data Supplement (Part II), the Consumer Health Data Supplement applies to the extent that it is required by and consistent with applicable US state law. The following may not be an exhaustive list of states that have specific regulations for Consumer Health Data: Washington’s My Health My Data Act RCW 19.373; Nevada’s Consumer Health Data Privacy Law NRS 603A et seq.; the Connecticut Data Privacy Act CT Gen. Stat. Title 42, Ch. 743jj, C.G.S. § 42-515 et seq.; and the Maryland Online Data Privacy Act).

Part III is for Artificial Intelligence and Machine Learning Use of Fitness & Health Data.

Part IV is for International AI & Data Protection Notice (EU / EEA / UK).

Part I: General Privacy Policy

1. Key Definitions

1.1 “Personal Data” means information that identifies, relates to, describes, or could reasonably be linked to an identified or identifiable individual. To the extent applicable law defines Personal Data, Personal Data used throughout these policies is defined by such applicable law.

1.2 “Fitness & Health Data” means fitness, health, and wellness data related to your physical or mental health, fitness activities, medical conditions, symptoms, treatments, biometric data, and wellness metrics, all of which You enter, generate, ingest into, and/or import through the App.

2. Personal Data Our App Collects and/or Processes

2.1 Personal Data You Input Directly

You may choose to provide the following categories of Personal Data including Fitness & Health Data:

(a)   Account Information: name, email address, username, password.

(b)  Profile Information: age, height, weight, sex or gender (optional).

(c)   basic health and Fitness Data: workouts, activity levels, nutrition logs, sleep data, vital signs, symptoms, medical history you choose to enter, fitness, health, and wellness goals, and similar information.

(d)  Journal Entries: These include without limitation the following: diet/food, pharmaceuticals, and other lifestyle data, e.g., caffeine consumption, alcohol consumption, and (in a future release of the App) user created categories.

(e)  Other User Content: notes, messages, AI prompts, Feedback and in-app interactions or other content you create in or import into the App.

(f)    Support Communications: communications with customer support.

Source: User input uploaded into basic user profile and in-app analytics tools.

2.2 Device and Application Usage Information Collected Automatically. Description: When you use the App, we may collect technical and interaction data and it is used to improve the App performance and user experience including:

(a)   Device Information: device type, operating system version, app version.

(b)  Usage Data: features used, session duration, error/crash logs, performance data.

(c)   Identifiers: IP address, device identifiers, or similar identifiers.

Source: User device and in-app analytics tools

2.3 Fitness & Health Data from Wearable Devices, Apple Health (HealthKit) and other Third Party Applications. Description: Fitness & Health Data collected by wearable devices (e.g., Garmin, Fitbit, Oura, Whoop, Polar, etc.) and healthcare provider, e.g., Apple Health. This Fitness & Health Data is accessed only with your action and permission to share through the mobile device (e.g., IOS) developers’ frameworks, such as Apple’s HealthKit. In addition to the Fitness & Health Data collected, our App also supplements your Fitness & Health Data by computing and recording values like Readiness Score, Exertion Score and Sleep Score. This Fitness & Health Data is used solely to provide App functionality to you and is not used for third party advertising or otherwise sold by us. It includes without limitation the following:

(a)   Heart rate and heart rate variability (HRV).

(b)  Step count and distance.

(c)   Other Workout sessions/activities.

(d)  Active and resting energy expenditure.

(e)  Sleep data.

(f)    VO2 max.

(g)   Blood oxygen (SpO₂).

Source: Sharing wearable device data, and some non-wearable health app data (user-authorized and enabled)

2.4. Fitness & Health Data from Other Device Integrations (e.g., CGM, Weight Scale via Apple Health or Direct APIs). Description: Physiological and activity data captured by wearable devices and made available either. Devices such as Abbott Labs Libre, Dexcom and other CGM’s, Bluetooth enable body weight scales, etc.

(a)   Typically includes blood sugar, body weight, blood pressure and other biometrics.

Source: Through Apple Health (primary pathway), or direct API integrations (if implemented and supported in our App)

2.5. Fitness & Health Data from Electronic Health Record (EHR) Integrations (If User Enabled)

Description: Clinical health information shared with fitMetrics at the user’s request, including:

(a)   Lab results.

(b)  Diagnoses.

(c)   Medications.

(d)  Encounter summaries.

(e)  Vital signs.

(f)    Physician notes.

This Fitness & Health Data is transmitted only when authorized by the user, including via an institutional agreement with a partner organization.

Source: Connected healthcare providers or EHR systems (e.g., Power2Practice, CharmHealth, or other partner systems) that you as the user request to provide you Fitness & Health Data for your use in the App.

2.6. Fitness & Health Data from Laboratory Data (If Enabled)

Processing occurs only with user authorization requesting the labs provide lab data directly to the App. Description: Structured laboratory test results and biomarker data, including:

(a)   Blood chemistry panels.

(b)  Hormone panels.

(c)   Lipid profiles.

(d)  Metabolic markers.

(e)  Inflammatory markers.

(f)    DNA data.

Source: Direct lab integrations or partner platforms (e.g., Labcorp, Quest, Function Health or similar services).

2.7. Fitness & Health Data from AI Interaction Data

Source: In-app AI assistant (fitMetrics “FitBot”)
Description: User queries and system-generated responses within the app. May include:

(a)   Questions about Fitness & Health Data.

(b)  Educational inquiries.

(c)   Personalized recommendations.

This Fitness & Health Data may be processed using secure AI developer/service providers under contractual data protection terms. We anonymize the input data and then re-ingest into the App and re-associate the output data to you as the user so that you are not identified to the AI developers when the AI creates the outputs.

2.8. Personal Data including Fitness & Health Data from Partner Organization Membership-User Data (White-Label / Enterprise Clients).

Description: User eligibility or enrollment data provided by enterprise clients (e.g., gyms, health programs, employer wellness programs), limited to what is contractually required.
Source: Contracted partner organizations direct transfer to fitMetrics.

3. How We Use Fitness & Health Data

We use Personal Data including Fitness & Health Data for the following purposes:

(a)   Provide and operate the App, including personalized fitness and wellness features,

(b)  Process, analyze and display your Fitness & Health Data at your direction,

(c)   Improve and develop our Services,

(d)  Communicate with you, including service-related notices,

(e)  Maintain security, prevent fraud, and ensure system integrity, and

(f)    Comply with legal obligations and enforce our terms.

We do not use Personal Data including any Fitness & Health Data for targeted advertising.

Data Flow Summary

fitMetrics receives Personal Data from the user, their devices and authorized providers (e.g., physicians or third party apps).  Personal Data including Fitness & Health Data is maintained in a secure system. The Personal Data is anonymized by stripping personally identifiable information before data is shared with third party services (like AI providers). All Fitness & Health related data is processed with the permission and therefore consent of you as the user in accordance with these policies and applicable laws.

4. Legal Bases for Processing

(where such bases are required by applicable law)

Depending on the jurisdiction, we process Personal Data based on:

(a)   Your consent, particularly for Fitness & Health Data.

(b)  Performance of a contract (e.g., Terms of Service providing the App).

(c)   Legitimate interests, particularly for non-Fitness & Health Data, such as security and service improvement.

(d)  Legal obligations, where required by law.

5. How We Share Personal Data Including Fitness & Health Data

We do not sell your Personal Data or Fitness & Health Data.

We may share information only as follows:

5.1 Service Providers. We contract with trusted vendors who provide services processing at some level Personal Data including Fitness & Health Data such as:

• Cloud hosting,

• Software development (outsourced),

• Analytics,

• Customer support, and

• Security and monitoring.

These providers are contractually required to protect your Personal Data and use it only in accordance with our instructions.

5.2 Legal Requirements. We may disclose information if required to do so by law, regulation, discovery request, subpoena, or court order.

5.3 Business Transfers. If we are involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction, subject to this Policy. If the transferee is unsatisfactory to you, you may withdraw your consent to processing by deleting your account, and we will securely delete your data including Personal Data.

6. Your Privacy Rights

(U.S. States, e.g., CCPA/CPRA)

Depending on your state of residence, you may have the right to:

• Access your Personal Data,

• Correct inaccurate data,

• Delete Personal Data,

• Opt out of certain processing, or

• Appeal a denied request.

We will not discriminate against you for exercising these rights.

7. HIPAA Notice

The App is a consumer fitness, health and wellness application and fitMetrics therefore is not a “covered entity” or “business associate” under the Health Insurance Portability and Accountability Act (“HIPAA”).

Any Fitness & Health Data you enter or generate in the App is not subject to HIPAA, unless explicitly stated otherwise in a separate agreement. If applicable law or our business or both changes resulting in our becoming a “Covered Entity” or “Business Associate” under HIPAA, this Privacy Policy will be updated accordingly.

8. Data Retention

We retain Personal Data and Fitness & Health Data:

(a)   For as long as your account is active; or

(b)  As needed to provide the Services; or

(c)   As required by law.

You may delete your account at any time, after which we will delete or de-identify your data unless retention is legally required.

9. Personal Data Security

We implement administrative, technical, and physical safeguards designed to protect Personal Data and Fitness & Health Data, including:

(a)   Encryption in transit and at rest,

(b)  Access controls, or

(c)   Regular security monitoring.

No system is 100% secure, and we cannot guarantee absolute security.

10. How to Exercise Your Rights

You may submit privacy requests by:

(a)   Email: support@fitMetrics.com, attention President & Data Protection Officer, or

(b)  In-App: Settings → Privacy.

We may verify your identity before processing requests.

11. Children’s Privacy

The App is not directed to minors under 16 years old, and we do not knowingly collect Personal Data from minors under 16. If we become aware of such collection, we will delete the information.

12. International Users

The App is operated from the United States. If you access the App from outside the U.S., your information may be processed and stored in the United States.

13. Changes to This Policy

The Service and our business may change from time to time. As a result, we may change this Privacy Policy at any time. When we do we will post an updated version here, unless another type of notice is required by the applicable law. Material changes to the Privacy Policy will be communicated via at least one of the following:

(a)   in-app notification, or

(b)  email,

and also,

(c)   an updated posting of the Privacy Policy here with the effective date indicated on the Privacy Policy.

By continuing to use our Service or providing us with Personal Data after we have posted an updated Privacy Policy or notified you by the means described in this Section , you consent to the revised Privacy Policy and practices described in it.

14. Contact Us

If you have questions or concerns about this Privacy Policy or our privacy practices, contact us at:

fitMetrics Inc.
Email: support@fitMetrics.com

Part II: Consumer Health Data Supplement for Specific States

Consumer Health Data Rights and Notices

Where state consumer health data laws apply:

• The App ingests, collects, and shares Consumer Health Data only with your consent or as otherwise permitted by law.

• We do not sell Consumer Health Data.

• We do not share Consumer Health Data for targeted advertising.

• You may request:

  • Access to your Consumer Health Data

  • Deletion of your Consumer Health Data

  • Withdrawal of consent

You may withdraw your consent to processing Consumer Health Data only by deleting your account, and we will securely delete your personal information including any Fitness & Health Data and/or Consumer Health Data. Requests may be submitted as described in Section 10 of Part I.

A. Washington My Health My Data Act Notice and Compliance

This section applies to Washington State residents and supplements the Privacy Policy.

1. Washington Consumer Health Data

For purposes of this section, “Consumer Health Data” has the meaning set forth in RCW 19.373, and includes personal information that is linked or reasonably linkable to a consumer and identifies the consumer’s past, present, or future physical or mental health status.

Consumer Health Data processed by the App may include:

(a)   Fitness & Health Data,

(b)  Symptoms, conditions, or medical information you choose to enter, or

2. Categories of Consumer Health Data We Collect

We may collect Fitness & Health Data that also cover the following categories of Consumer Health Data with your consent because you control what Fitness & Health Data you allow the App to process:

(a)   Health and wellness metrics you enter or generate,

(b)  Fitness, activity, and exercise data,

(c)   Sleep, nutrition, and recovery data,

(d)  Health-related notes or journal entries, and

(e)   Data imported from Apple HealthKit or similar APIs (only with your authorization).

We collect this Consumer Health Data solely to provide the Services as you request through your configurations.

3. Sources of Consumer Health Data

We collect Consumer Health Data from:

(a)   You directly, when you enter data into the App

(b)  Your connected devices or services, such as Apple HealthKit, if you choose to connect them

4. Purposes for Collecting and Using Consumer Health Data

We collect and use Consumer Health Data for the following purposes:

(a)   Providing, operating, and personalizing the App,

(b)  Displaying, analyzing, and tracking your fitness and wellness information at your direction,

(c)   Improving App functionality and performance,

(d)  Maintaining security, preventing fraud, and ensuring system integrity, and

(e)   Complying with legal obligations.

We do not use Consumer Health Data for targeted advertising.

5. Sharing Consumer Health Data

We do not sell Consumer Health Data. We may share Consumer Health Data only as follows:

(a)   service providers that process data on our behalf to provide the Services (such as cloud hosting, software development (outsourced) and analytics providers), subject to contractual confidentiality and security obligations, and

(b)  legal or regulatory disclosures, if required by law.

We do not share Consumer Health Data with third parties for advertising, marketing, or profiling.

6. Consumer Health Data Rights (Washington Residents)

If you are a Washington resident, you have the right to:

(a)   Access your Consumer Health Data,

(b)  Confirm whether we are collecting, using, or sharing your Consumer Health Data,

(c)   Withdraw consent for the collection and use of your Consumer Health Data, and

(d)  Delete your Consumer Health Data.

You may withdraw your consent to processing Consumer Health Data only by deleting your account, and we will securely delete your personal information including any Fitness & Health Data and/or Consumer Health Data. Deletion requests will be honored unless retention is required by law.

7. How to Exercise Your Washington Rights

You may exercise your rights by:

(a)   Emailing: support@fitMetrics.com, or

(b)  Using the App: Settings → Privacy.

We will respond within the time required by Washington law and may verify your identity before fulfilling your request.

8. Appeals

If we deny your request, you may appeal the decision by contacting us at support@fitMetrics.com with the subject line “Washington Health Data Appeal.” If your appeal is denied, you may submit a complaint to the Washington State Attorney General.

9. Consent and Withdrawal

We collect and process Consumer Health Data only with your affirmative express consent, unless otherwise permitted by law. You may withdraw your consent at any time by:

(a)   Adjusting your App settings,

(b)  Disconnecting integrations such as Apple HealthKit, or

(c)   Deleting your account.

You may withdraw your consent to processing Consumer Health Data only by deleting your account, and we will securely delete your personal information including any Fitness & Health Data and/or Consumer Health Data. Withdrawal of consent will not affect processing that occurred prior to withdrawal.

10. Prohibition on Geofencing

We do not use geofencing to identify, track, collect data from, or send notifications to consumers in connection with healthcare services or facilities, as prohibited by Washington law.

11. Changes to This Section

If we materially change how we collect, use, or share Consumer Health Data, we provide notice of the changes and will obtain new consent where required.

B. Other State Health Privacy Addendum

(California, Nevada, and Connecticut)

This Addendum supplements the Privacy Policy and any Washington My Health My Data Act notice. It applies to residents of California, Nevada, and Connecticut.

1. Sensitive Personal Information and Health Data

Certain Fitness & Health Data we process, including health, fitness, medical, and wellness information, may be considered:

(a)   “Sensitive Personal Information” under California law,

(b)  Sensitive data under Connecticut law, and

(c)   Covered data under Nevada consumer privacy law.

We process such data only for purposes permitted by law and are consistent with this Privacy Policy and more importantly, you control how the App processes your Fitness & Health Data.

2. California (CCPA/CPRA) – Notice at Collection and Rights

2.1 Categories of Sensitive Personal Information Collected. We may collect the following categories of Sensitive Personal Information, as defined by California law:

(a)   Health and wellness data you provide or generate,

(b)  Biometric or physiological measurements,

(c)   Fitness, activity, and sleep data, and

(d)  Medical or health-related notes you choose to enter.

2.2 Purposes of Collection. We collect and use this information solely to:

(a)   Provide and operate the App,

(b)  Personalize fitness, health, and wellness features at your request,

(c)   Maintain security and prevent fraud, and

(e)   Comply with legal obligations.

We do not use Sensitive Personal Information to infer characteristics for advertising purposes.

2.3 Sale, Sharing, and Targeted Advertising.

(a)   We do not sell Personal Data.

(b)  We do not share Personal Data for cross-context behavioral advertising.

(c)   We do not use health or wellness data for targeted advertising.

Accordingly, we do not offer a “Do Not Sell or Share My Personal Information” link.

2.4 California Consumer Rights. If you are a California resident, you have the right to:

(a)   Know what Personal Data we collect, use, and disclose,

(b)  Access your Personal Data,

(c)   Correct inaccurate Personal Data,

(d)  Delete Personal Data,

(e)   Limit the use of Sensitive Personal Information (where applicable), and

(f)    Not be discriminated against for exercising your rights.

You may exercise these rights as described in the “How to Exercise Your Rights” section of the Privacy Policy.

3. Nevada Privacy Rights

Nevada law provides residents the right to opt out of the sale of certain covered information.

(a)   We do not sell covered information, including health or wellness data, as defined by Nevada law.

(b)  No opt-out request is required to prevent sale.

Nevada residents may submit inquiries or requests by contacting us as described in the Privacy Policy.

4. Connecticut Privacy Rights (Including Health Data)

4.1 Sensitive Data Processing. Under Connecticut law, health data is classified as sensitive data.

We process sensitive data only:

(a)   With your consent, or

(b)  As otherwise permitted by law.

You may withdraw consent at any time as described below.

4.2 Connecticut Consumer Rights. If you are a Connecticut resident, you have the right to:

(a)   Access your Personal Data,

(b)  Correct inaccuracies,

(c)   Delete Personal Data,

(d)  Obtain a copy of Personal Data in a portable format, and

(e)   Opt out of targeted advertising, sale, or profiling in furtherance of decisions producing legal or similarly significant effects.

We do not engage in targeted advertising or profiling using health data. You may withdraw your consent to processing Personal Data or you may request deletion of personal data only by deleting your account, and we will securely delete your personal data including any Fitness & Health Data and/or Consumer Health Data.

4.3 Appeals. If we deny a Connecticut privacy request, you may appeal the decision by contacting us at support@fitMetrics.com with the subject line “Connecticut Privacy Appeal.”

5. Maryland Privacy Rights

5.1 If you are a Maryland resident, you may have certain rights regarding your personal data under the Maryland Online Data Privacy Act, including the right to:

(a)   confirm whether we process your personal data

(b)  access your personal data

(c)   correct inaccuracies

(d)  delete personal data

(f)    obtain a copy of your personal data in a portable format

If we process your Fitness & Health Data, we do so only at your request by enabling sharing of that data with us from third parties which is your consent under Maryland law. We collect and process personal data including your Fitness & Health Data only as reasonably necessary and proportionate to provide the Services you request. We do not sell any of your Fitness & Health Data.

6. Consent, Withdrawal, and Controls (All States)

Where required by law:

(a)   It is solely your choice what Fitness & Health Data you enable and transfer into the Service. Thus, your sole choice to enable the Service to process your Fitness & Health Data is your affirmative express consent for us to do so.

(b)  You may withdraw consent at any time by:

(i)    Updating App privacy settings,

(ii)   Disconnecting third party integrations, e.g., Apple HealthKit, or

(iii)  Deleting your account.

You may withdraw your consent to processing or request deletion of your Consumer Health Data by deleting your account, and we will securely delete your personal information including any Fitness & Health Data and/or Consumer Health Data. Withdrawal of consent does not affect processing that occurred before withdrawal.

7. Data Minimization and Retention

We collect only the health and wellness data reasonably necessary to provide the App’s features.

We retain such data:

(a)   While your account remains active,

(b)  As necessary to provide the Services, and

(c)   As required by law

You may request deletion at any time, subject to legal retention obligations.

7. Non-Discrimination

We will not deny services, charge different prices, or provide a different level of quality based on your exercise of privacy rights under California, Nevada, or Connecticut law.

8. Contact Information

For questions or requests relating to this Addendum, contact:

Email: support@fitMetrics.com, attention President & Data Protection Officer

Part III: Artificial Intelligence and Machine Learning Use of Fitness & Health Data.

This section explains how we use artificial intelligence (“AI”) and machine learning (“ML”) technologies in connection with health, fitness, medical, and wellness data.

1. AI/ML Features in the App

The App may use AI/ML technologies to:

(a)   Analyze health, fitness, or wellness data you provide or generate,

(b)  Identify trends, patterns, or correlations in your data,

(c)   Generate personalized insights, summaries, or recommendations, or

(d)  Improve App performance and feature accuracy.

AI/ML outputs are provided for informational and wellness purposes only and do not constitute medical advice, diagnosis, or treatment.

2. Fitness & Health Data Used for AI/ML Processing

Subject to your consent and App settings, AI/ML processing may involve:

(a)   Fitness and activity metrics,

(b)  Sleep, nutrition, and recovery data,

(c)   Health-related notes or journal entries you choose to create, or

(d)  Data imported from Apple HealthKit or similar integrations (only with authorization).

We do not use Fitness & Health Data for AI-driven advertising.

3. Consent for AI/ML Processing of Fitness & Health Data

Where required by law (e.g., Washington and Connecticut):

(a)   We obtain your affirmative express consent by this disclosure and your choice within the App to enable and use AI Features for Consumer Health Data or sensitive health data for AI/ML analysis.

(b)  Consent may be provided through:

(i)    In-app consent screens,

(ii)   Feature-specific opt-ins, or

(iii)  Integration authorizations (such as Apple HealthKit).

You may withdraw consent at any time as described in Section 6 below.

4. Model Training and Improvement

4.1 No Sale or Commercial Licensing. We do not sell, license, or rent your Fitness & Health Data for AI model training outside of training solely to benefit you managing and tracking your fitness, health and wellness.

4.2 Training Scope. AI/ML models may be:

(a)   Trained on de-identified or aggregated data, or

(b)  Used to analyze your individual data solely to provide personalized features and capabilities to you

We do not use your identifiable Fitness & Health Data to train models that are made available to third parties.

5. Automated Processing and Human Oversight

AI/ML features:

(a)   Are designed to support user understanding, NOT to make medical or legal decisions,

(b)  Do NOT produce decisions with legal or similarly significant effects,

(c)   Include human oversight, validation, or review during development and testing, and

(d)  You remain in control of how you interpret and use AI-generated insights.

6. Your Choices and Controls

You may control AI/ML use of your Fitness & Health Data by:

(a)   Adjusting App privacy or AI feature settings,

(b)  Opting out of specific AI-powered features,

(c)   Disconnecting data sources such as Apple HealthKit, or

(d)  Deleting your account or requesting deletion of your data.

Withdrawal of consent will stop future AI/ML processing but will not affect processing that occurred before withdrawal.

7. Data Minimization and Retention for AI/ML

We apply data minimization principles to AI/ML processing:

(a)   Only data necessary for the specific AI feature is used,

(b)  Data is retained only as long as needed to support the feature or as required by law, and

(c)   De-identification or aggregation is used where feasible.

8. Security of AI/ML Systems

We implement safeguards designed to protect Fitness & Health Data used in AI/ML systems, including:

(a)   Access controls,

(b)  Encryption, and

(c)   Monitoring and testing of AI systems for misuse or errors.

9. State-Specific Rights Related to AI Processing

Depending on your state of residence, you may have the right to some or all of the following:

(a)   Access information about AI-based processing of your Fitness & Health Data,

(b)  Withdraw consent for AI-based processing,

(c)   Request deletion of data used in AI/ML analysis, or

(d)  Appeal denied requests (Washington and Connecticut).

Requests may be submitted as described in the How to Exercise Your Rights section.

10. No Targeted Advertising or Profiling

We do not use AI or ML to:

(a)   Engage in targeted advertising using Fitness & Health Data,

(b)  Profile users for advertising purposes, and

(c)   Make decisions that produce legal or similarly significant effects.

Part IV: International AI & Data Protection Notice (EU / EEA / UK).

This section applies if you access or use the App from the European Union, European Economic Area, or United Kingdom.

1. Role Under EU Data Protection Law

For purposes of EU data protection law:

• fitMetrics, Inc., acts as a data controller with respect to Personal Data processed through the App, and

• if third-party service providers process data on our behalf, they act as processors under written agreements.

2. Categories of Data Processed

We may process the following categories of Personal Data:

(a)   Account and contact information,

(b)  Device and usage information, and

(c)   Health, fitness, medical, and wellness data you choose to provide or generate.

Health-related data is treated as special category personal data under EU law.

3. Lawful Bases for Processing (GDPR)

We process Personal Data based on the following lawful bases:

3.1 Contract - to provide the App and its core functionality at your request.

3.2 Consent (Article 6(1)(a) & Article 9(2)(a)) - we rely on explicit consent to process health-related data and to perform AI/ML analysis of such data. Since you control enabling AI/ML, your choice to use or enable AI/MLK is your explicit consent to perform AI/ML analysis of such data.  You may withdraw consent at any time by disabling or ceasing to use AI/ML features in the Services without affecting prior lawful processing.

3.3 Legitimate Interests - for security, fraud prevention, and service improvement, where such interests are not overridden by your rights.

4. AI Systems Used in the App (EU AI Act)

4.1 AI Risk Classification. The AI features used in the App are designed as limited-risk AI systems under the EU AI Act.

They:

(a)   Provide informational insights, summaries, and wellness recommendations,

(b)  Do not diagnose medical conditions, and

(c)   Do not determine eligibility for healthcare, insurance, employment, or other regulated services.

4.2 Transparency Obligations. Where AI is used to generate insights or recommendations:

(a)   You are informed that AI is involved,

(b)  Outputs are clearly labeled as AI-generated, and

(c)   You are informed of the purpose and limitations of AI processing.

4.3 Human Oversight. AI features:

(a)   Are designed to support user understanding, not replace professional judgment,

(b)  Are monitored and tested by humans during development, and

(c)   Do not operate autonomously in ways that affect your legal rights.

5. Automated Decision-Making (GDPR Article 22)

The App does not engage in:

(a)   Automated decision-making that produces legal effects, and

(b)  Automated profiling that significantly affects you.

If this changes, we will provide advance notice and obtain additional consent where required.

6. Use of Fitness & Health Data for AI/ML

6.1 Purpose Limitation. Fitness & Health Data is used for AI/ML processing only to:

(a)   Provide personalized insights to you,

(b)  Improve feature accuracy and reliability,

(c)   Maintain and improve App performance, and

We do not use Fitness & Health Data for advertising, credit scoring, or behavioral profiling.

6.2 Model Training. AI/ML models may be trained using:

(a)   De-identified or aggregated data, or

(b)  Your individual data solely to provide personalized features to you.

We do not train general-purpose AI models on identifiable Fitness & Health Data for external use.

7. Data Protection by Design and by Default

We apply privacy-by-design and privacy-by-default principles, including:

(a)   Data minimization,

(b)  Purpose limitation,

(c)   Access controls,

(d)  Feature-level consent, and

(e)   Default privacy-protective settings.

8. Data Subject Rights (EU / UK)

You have the right to:

(a)   Access your Personal Data,

(b)  Rectify inaccurate data,

(c)   Erase your data (“right to be forgotten”),

(d)  Restrict processing,

(e)   Object to processing,

(f)    Data portability,

(g)   Withdraw consent at any time, and

(h)   Lodge a complaint with a supervisory authority.

Requests may be submitted as described in the How to Exercise Your Rights section of the Privacy Policy. You may withdraw your consent to processing or request erasure of your Personal Data by deleting your account, and we will securely delete your personal data including any Fitness & Health Data and/or Consumer Health Data.

9. International Data Transfers

If Personal Data is transferred outside the EU/EEA/UK:

(a)   We rely on approved transfer mechanisms, such as:

(i)    Standard Contractual Clauses (SCCs), and

(ii)   Supplementary technical and organizational safeguards.

You may request further information about transfer safeguards.

10. Security Measures

We implement appropriate technical and organizational measures to protect Personal Data and AI systems, including:

(a)   Encryption,

(b)  Access controls,

(c)   Monitoring and testing, and

(d)  Incident response procedures.

11. Medical Disclaimer (EU)

AI-generated insights and recommendations:

(a)   Are not medical advice,

(b)  Are not a substitute for professional healthcare services, and

(c)   Should not be relied upon for diagnosis or treatment decisions

12. Changes to AI Processing

If we materially change how AI systems process Fitness & Health Data or affect user rights:

(a)   We will update this notice, and

(b)  We will obtain new consent where required by law.