Privacy Policy

Last Updated: January 9, 2026

Introduction

Welcome to extraFit ("we," "our," or "us"). We respect your privacy and are committed to protecting your personal data. This privacy policy explains how we collect, use, store, and protect your information when you use our fitness tracking mobile application.

Information We Collect

1. Personal Information You Provide

Account Information: Name, email address, password (encrypted)
Profile Information: Age, height, weight, fitness goals, activity level
Health & Fitness Data: Workout history, exercise logs, step counts, nutrition logs, water intake
Buddy Connections: Workout buddy relationships and activity sharing preferences

2. Automatically Collected Information

Device Information: Device type, operating system, unique device identifiers
Usage Data: App features used, time spent in app, workout completion rates
Location Data: If you grant permission, we collect location for step tracking features (processed locally on device)
Health Data: Step counts from Apple Health/Google Fit (only with your explicit permission)

3. Information from Third Parties

Authentication Services: If you sign in with third-party services (future feature)
Payment Information: Payment processing handled by Stripe (we don't store card details)
Email Services: Email delivery handled by Resend for welcome and verification emails

How We Use Your Information

We use your information to:

1. Provide Core Services

Track your workouts, steps, nutrition, and water intake
Calculate progress and provide personalized recommendations
Enable workout buddy features and social interactions

2. Improve User Experience

Personalize workout recommendations
Provide progress analytics and insights
Send reminders and motivational notifications

3. Communication

Send email verification and welcome emails
Notify you about buddy requests and activity
Send important service updates (rare)

4. Security & Safety

Verify your email address
Prevent fraud and abuse
Ensure secure access to your account

5. Legal Compliance

Comply with legal obligations
Resolve disputes and enforce agreements

How We Share Your Information

            Information We Share
            Workout Buddies: If you connect with buddies, they can see your shared activities, workout stats, and progress (only what you choose to share)
Service Providers: We use trusted third parties:
                    Firebase (Google) for authentication and database
Resend for email delivery
Stripe for payment processing
Apple/Google for push notifications

                


            Information We Never Share
            We never sell your personal data to advertisers or third parties
We never share your health data with insurance companies
We never use your data for advertising targeting outside our app

        

Data Storage and Security

Where We Store Data

Cloud Storage: Firebase Cloud Firestore (Google Cloud, US servers)
Local Storage: Some data cached on your device for offline access
Backups: Automated daily backups for data recovery

Security Measures

All data transmitted using TLS/SSL encryption
Passwords hashed using industry-standard bcrypt
Firebase security rules restrict data access
Email verification required for social features
Regular security audits and monitoring

Data Retention

Active Accounts: Data retained while your account is active
Deleted Accounts: Data deleted within 30 days of account deletion
Backups: Backup data may persist for up to 90 days
Legal Requirements: Some data retained if required by law

Your Rights and Choices

Access and Control

View Your Data: Access all your data through the app profile
Update Information: Edit profile, goals, and preferences anytime
Export Data: Request data export in machine-readable format
Delete Account: Permanently delete your account and all associated data

Privacy Controls

Email Verification: Required for buddy features (optional for solo tracking)
Workout Buddy Sharing: Choose what activities to share with buddies
Push Notifications: Disable in-app or device settings
Step Tracking: Grant/revoke Apple Health or Google Fit access anytime
Location Services: Enable/disable location access in device settings

How to Exercise Your Rights

Email us at: support@extrafitness.co.uk

We will respond within 30 days of your request.

Children's Privacy

extraFit is not intended for users under 13 years old. We do not knowingly collect personal information from children. If we learn we have collected data from a child under 13, we will delete it immediately.

Health Data and Integrations

Apple Health (iOS)

We request permission to read step count data
Data processed locally on your device
We never upload raw Health data to our servers
Only aggregated daily step counts stored in cloud

Google Fit (Android)

We request permission to read step count data
Data processed according to Google Fit API policies
Only aggregated daily step counts stored in cloud

YouTube Video Content

Exercise demo videos embedded from YouTube
YouTube's privacy policy applies when watching videos
We don't track which videos you watch
No data sent to YouTube about your workouts

Cookies and Tracking

We do not use cookies or tracking technologies for advertising. Our app uses:

Local Storage: To cache data for offline use
Analytics: Firebase Analytics for app usage insights (anonymized)
Crash Reporting: Firebase Crashlytics for error monitoring (anonymized)

You can disable analytics in app settings.

International Data Transfers

Your data may be transferred to and stored in countries outside your residence, including the United States (where Firebase servers are located). We ensure appropriate safeguards are in place to protect your data.

GDPR Compliance (EU Users)

If you're in the European Economic Area (EEA), you have additional rights:

Right to access your data
Right to rectification
Right to erasure ("right to be forgotten")
Right to data portability
Right to object to processing
Right to withdraw consent

California Privacy Rights (CCPA)

California residents have the right to:

Know what personal information is collected
Know whether personal information is sold or disclosed
Opt-out of the sale of personal information (we don't sell data)
Request deletion of personal information
Non-discrimination for exercising privacy rights

Changes to This Privacy Policy

We may update this privacy policy from time to time. We will notify you of significant changes via:

In-app notification
Email to your registered address
Updated "Last Updated" date at the top

Continued use after changes means you accept the updated policy.

Contact Us

If you have questions about this privacy policy or your data:

Email: support@extrafitness.co.uk
Website: extrafitness.co.uk
Data Controller: extraFit

For EU users, you also have the right to lodge a complaint with your local data protection authority.

Third-Party Services

We use the following third-party services, each with their own privacy policies:

Firebase (Google): firebase.google.com/support/privacy
Resend: resend.com/legal/privacy-policy
Stripe: stripe.com/privacy
YouTube: policies.google.com/privacy

Data Breach Notification

In the event of a data breach that affects your personal information, we will:

Notify affected users within 72 hours
Inform relevant authorities as required by law
Provide information on steps taken to resolve the breach
Offer guidance on protecting your account

Your privacy matters to us. If you have any concerns, please contact us at support@extrafitness.co.uk.