Last updated: April 26, 2026 · About a 14 minute read
See section 26 for a list of recent changes.
This Privacy Policy explains how FitCommit Ltd. ("FitCommit," "we," "our," "us") collects, uses, stores, shares, and protects your personal information when you use the FitCommit iOS app, the fitcommit.ai website, and related features (together, the "Services").
This policy applies to all users of the Services worldwide. We disclose region-specific rights and obligations under applicable laws including the European Union General Data Protection Regulation (GDPR), the United Kingdom GDPR, the Swiss Federal Act on Data Protection, the Canadian Personal Information Protection and Electronic Documents Act (PIPEDA), the California Consumer Privacy Act and the California Privacy Rights Act (CCPA/CPRA), the Washington My Health My Data Act, the Delaware Personal Data Privacy Act (DPDPA), and other US state privacy laws. Region-specific notices are in section 16, section 17, section 18, and section 19.
Your use of the Services is also governed by our Terms of Service. If you do not agree with this Privacy Policy, do not use the Services.
We collect the following categories of Personal Information:
We do not knowingly collect Personal Information from children under 13. See section 20.
We collect Personal Information from these sources:
We use Personal Information for the following purposes:
If you are in the European Union, EEA, Switzerland, or the United Kingdom, we rely on one or more of the following legal bases under GDPR Article 6 to process your Personal Information:
For Health Data, we rely on your explicit consent (GDPR Article 9(2)(a)) granted at signup and reaffirmed each time you upload a Body Scan.
The Services use AI to generate estimates from your inputs (Body Scan, After Photo, calorie and macro targets, weight loss timelines). This is automated processing within the meaning of GDPR Article 22.
None of these AI outputs produce legal or similarly significant effects on you. They are informational and motivational estimates. They do not determine credit, employment, insurance, healthcare, housing, or any other legally significant outcome. See the Nutrition and Health Information section of our Terms of Service for the full disclaimer.
If you are in the EU, UK, or Switzerland, you have the right to request human review of an AI estimate that you believe is materially wrong. Contact privacy@fitcommit.ai.
Your identifiable photos are not used to train our AI models without your separate, opt-in consent.
Body Scan and progress photos you upload are processed by our AI to generate your estimates and visualizations. Photos are stored encrypted in our cloud storage and are accessible only to you and to FitCommit personnel under strict access controls for support and abuse-investigation purposes.
We may use aggregated and de-identified data derived from photos (for example, body composition statistics with no identifying information) to improve the accuracy of our AI models. This data cannot reasonably be linked back to you.
You may delete any individual photo from within the App at any time. Deleted photos are removed from active storage immediately and from backup storage within 30 days. See section 12 for the full retention schedule.
We do not sell your photos. We do not license your photos to third parties for any purpose. We do not use your photos in marketing without your separate written consent.
We share Personal Information only as described below. We do not sell Personal Information.
We do not sell Health Data. We do not use Health Data for advertising. We do not share Health Data with third parties for their own marketing or analytics.
Health Data and photos are processed only to deliver the Services to you and to maintain and improve the Services as described in this policy. This commitment applies in all jurisdictions, regardless of whether local law requires it. It also applies to any data we receive from Apple Health if you choose to connect it.
The fitcommit.ai website uses cookies and similar tracking technologies for the following purposes:
You can manage cookies through your browser settings. Blocking strictly necessary cookies may break parts of the website. The iOS app does not use third-party advertising trackers and does not request the App Tracking Transparency permission.
We retain Personal Information only as long as needed for the purposes described in this policy. Specific retention periods:
We use industry-standard technical and organizational measures to protect Personal Information, including encryption in transit (TLS 1.2 or higher) and at rest, access controls based on least privilege, audit logging, and periodic security assessments. Photos and Health Data receive additional access restrictions.
No method of transmission or storage is fully secure. If we become aware of a security incident affecting your Personal Information, we will notify you and the relevant supervisory authorities as required by applicable law.
FitCommit operates from Canada and the United States. Your Personal Information may be transferred to, stored in, and processed in countries other than your country of residence, including the United States, where data protection laws may differ from those in your country.
For transfers from the EEA, UK, or Switzerland to countries that have not received an adequacy decision, we rely on the European Commission's Standard Contractual Clauses (and the UK International Data Transfer Addendum, where applicable) and supplementary measures. For transfers from Canada, we comply with PIPEDA cross-border transfer requirements. You may request a copy of these safeguards by contacting privacy@fitcommit.ai.
Depending on where you live, you may have the following rights with respect to your Personal Information:
To exercise any right, contact privacy@fitcommit.ai. We will respond within 30 days (45 days for EEA/UK requests, extendable by 60 days for complex requests) and will verify your identity before disclosing or deleting any Personal Information. We do not discriminate against you for exercising your rights.
If you are a California resident, the California Consumer Privacy Act and California Privacy Rights Act (together, the "CCPA/CPRA") give you the rights described below. We do not sell your Personal Information and we do not share it for cross-context behavioral advertising.
Categories of Personal Information collected in the last 12 months:
Your CCPA/CPRA rights: right to know, right to delete, right to correct, right to portability, right to opt out of sale or sharing (we do not sell or share for behavioral advertising), right to limit use of sensitive personal information, right to non-discrimination. To exercise any of these rights, contact privacy@fitcommit.ai. You may also designate an authorized agent.
We do not knowingly sell or share Personal Information of consumers under 16 without affirmative authorization.
If you are located in the European Economic Area, United Kingdom, or Switzerland, the GDPR (and UK GDPR and Swiss FADP, as applicable) apply to our processing of your Personal Information.
Controller. FitCommit Ltd. is the data controller for the Personal Information described in this policy.
Legal bases. See section 6.
Your rights. Access, rectification, erasure, restriction of processing, data portability, objection to processing (including profiling), withdrawal of consent, and the right to lodge a complaint with your supervisory authority. To exercise any right, contact privacy@fitcommit.ai or our Data Protection Officer at dpo@fitcommit.ai.
EU representative. We are evaluating designation of an EU representative under GDPR Article 27. Until appointed, please send GDPR-related inquiries to dpo@fitcommit.ai for our prompt response.
International transfers. See section 14.
For Canadian residents, the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial privacy laws (including Quebec's Law 25, British Columbia's PIPA, and Alberta's PIPA) apply to our handling of your Personal Information.
You have the right to access and correct your Personal Information, withdraw consent, and file a complaint with the Office of the Privacy Commissioner of Canada or your provincial commissioner. Contact privacy@fitcommit.ai to exercise these rights.
If you are a resident of Washington, Texas, Virginia, Colorado, Connecticut, Utah, Oregon, Tennessee, Indiana, Iowa, Montana, or Delaware, the privacy laws of your state may apply.
Washington My Health My Data Act. Health Data and photos qualify as Consumer Health Data under this law. We collect and process Consumer Health Data only with your consent (granted at signup and at each Body Scan upload), only for the purposes described in section 5, and we do not sell Consumer Health Data. You have the right to access, delete, and withdraw consent. Contact privacy@fitcommit.ai.
Across all listed states, you generally have the rights to access, delete, correct, port, and opt out of the sale of Personal Information and targeted advertising. We do not sell Personal Information and we do not engage in targeted advertising. Contact privacy@fitcommit.ai to exercise your rights.
The Services are intended for users 13 and older. We do not knowingly collect Personal Information from children under 13 in compliance with the United States Children's Online Privacy Protection Act (COPPA). If you believe a child under 13 has provided us with Personal Information, contact us at privacy@fitcommit.ai and we will delete it. Users between 13 and 17 must have permission from a parent or legal guardian.
We send marketing communications only with your consent. You can opt out at any time by following the unsubscribe link in any marketing email or by contacting privacy@fitcommit.ai. Opting out of marketing does not affect transactional messages (security notices, billing, policy changes).
You can delete your FitCommit Account at any time directly within the App. Go to Settings, select Account, and tap Delete Account.
When you delete your Account, we permanently delete:
Deletion is permanent and cannot be undone. Active-storage deletion happens immediately. Backup-storage deletion completes within 30 days. We retain subscription and tax records as described in section 12.
The FitCommit App is distributed through the Apple App Store. Apple's privacy practices apply to your App Store account, App downloads, and in-app purchases.
If you connect Apple Health, only the data categories you authorize are shared with the App. We use Apple Health data only to provide the Services and we do not store Apple Health raw data on our servers beyond what is needed for active sessions, unless you explicitly opt in to a long-term sync.
The App does not use Apple's App Tracking Transparency permission. We do not engage in cross-app or cross-website tracking.
We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date at the top, list the change in section 26, and, for material changes, notify you in the App or by email at least 30 days before the change takes effect. Continued use of the Services after a change becomes effective means you accept the updated policy.
For questions about this Privacy Policy or to exercise any privacy right:
Privacy and data requests: privacy@fitcommit.ai
Data Protection Officer: dpo@fitcommit.ai
Account security: security@fitcommit.ai
General questions: hello@fitcommit.ai
Mailing address:
FitCommit Ltd.
611 South Dupont Highway, Suite 102
Dover, Delaware 19901
USA