FitApp Privacy Policy
Effective date: 2026-06-03 Last updated: 2026-06-03
1. Who we are
In short: FitApp is operated by Pagani Enterprises LLC, a Florida limited liability company. We are the "data controller" for the personal data described in this policy.
FitApp ("the app", "we", "us", "our") is owned and operated by Pagani Enterprises LLC, a limited liability company organized under the laws of the State of Florida, United States.
For privacy questions, data access requests, or to exercise any of the rights described below, contact us at:
- Email:
privacy@paganienterprises.com - Subject line: "Privacy Request — FitApp"
- Postal address: Pagani Enterprises LLC, 2139 N University Dr #2006, Coral Springs, FL 33071, United States
We respond to verifiable requests within 45 days. If a request is complex and we need more time, we will tell you within that window and explain why.
2. Scope
In short: this policy covers the FitApp mobile app and any web pages we publish that link to it. It does not cover third-party apps or websites you reach through links in the app.
This policy describes what personal data we collect when you use the FitApp mobile application, what we do with it, who we share it with, and what choices you have. It applies to anyone who creates a FitApp account or uses the app.
It does not cover:
- Third-party services you choose to use (e.g., the Apple App Store or Google Play store account that distributes the app to you).
- Independent websites we link to.
3. What we collect
In short: account credentials, basic profile details, body composition metrics from scans you upload, your workout and meal logs, PAR-Q safety answers, and minimal device info. We do NOT collect advertising IDs, location, contacts, or social-graph data.
We collect only what is necessary to provide the app. The categories below match what you actually see in the app today.
3.1 Account data
Collected when you sign up.
- Email address
- Password (stored only as a hashed credential by our authentication provider; we never see your plaintext password)
- Account creation timestamp
3.2 Profile and onboarding data
Collected during the 8-step onboarding flow.
- Name (or display name)
- Age / date of birth
- Sex assigned at birth (used for body composition calculations and macro targets)
- Height and weight
- Fitness goal (e.g., lose fat, build muscle, maintain, general health)
- Activity level
- Equipment availability (gym, home, bodyweight)
- PAR-Q safety screening answers — three yes/no questions about pain, recent surgery, and physician restrictions on exercise. If you answer "yes" to any question, we record the answers and timestamp your acceptance of an in-app medical disclaimer before you can continue.
3.3 Body scan data (sensitive)
Collected when you choose to use the body-scan feature.
- The image or PDF you upload (a photo of an InBody, DEXA, BodySpec, Tanita, Evolt, RENPHO, smart-scale, or similar body-composition report). Stored encrypted at rest in Supabase Storage in a per-user folder.
- Parsed body composition metrics extracted from the report by our AI processor (see Section 5), including: weight, body fat %, skeletal muscle mass, fat mass, lean body mass, basal metabolic rate (BMR), visceral fat level/area, total body water, ECW/TBW ratio, phase angle, bone mineral density (where present), and any device-specific raw values shown on the report.
- Detected scan device type (e.g., "InBody 270", "DEXA", "BodySpec").
- Plain-English explanations generated alongside each metric.
- AI-generated 7-day workout and meal plans derived from your scan and goal.
This category includes information that is treated as "data concerning health" under EU/UK GDPR Article 9 and as "sensitive personal information" under the California Consumer Privacy Act (CCPA/CPRA). We process it only with your explicit consent (you must initiate each scan upload yourself) and only for the purposes described in Section 4.
3.4 In-app activity data
Collected automatically as you use the app.
- Workout logs (exercise name, sets, reps, weight, dates, notes)
- Meal logs and food entries (calories, protein, carbs, fat, water intake)
- Weight history (manual weigh-ins)
- Saved recipes, custom meal plans, custom workout plans, shopping list items
- Saved/viewed exercises (so we can show your favorites and continue-where-you-left-off)
3.5 Device and technical data
Collected automatically when the app runs.
- Operating system and version (iOS / Android)
- App version
- Crash and error diagnostics (operational only — see Section 4)
- A randomly generated user ID issued by our authentication provider
We do not currently collect:
- Precise or coarse location
- Advertising identifiers (IDFA / GAID)
- Contacts, photos library beyond the file you explicitly pick to upload, microphone, calendar, or social-media graph data
- Behavioral analytics from third-party SDKs (no Google Analytics, Mixpanel, Amplitude, Firebase Analytics, Segment, Branch, AppsFlyer, etc. as of this Effective Date)
Crash and error diagnostics are collected via Sentry (see Section 5) for the sole purpose of finding and fixing bugs. Crash reports never include your health data, scan files, or account details.
4. How we use your data
In short: to run the app, generate your plans, keep you safe, and respond to your requests. We do not sell or rent your data, and we do not use your data to train AI models.
We use the data in Section 3 to:
| Purpose | Legal basis (GDPR) |
|---|---|
| Create and authenticate your account | Performance of contract (Art. 6(1)(b)) |
| Show you your workouts, meals, and progress | Performance of contract |
| Process the body-scan report you upload, extract metrics, and generate your 7-day plan | Explicit consent for health data (Art. 9(2)(a)); performance of contract |
| Honor the PAR-Q safety flow and surface a medical disclaimer when warranted | Legitimate interest in user safety; legal obligation in some jurisdictions |
| Diagnose crashes and fix bugs | Legitimate interest in maintaining a working product |
| Respond to your support, privacy, or deletion requests | Legal obligation; legitimate interest |
| Comply with applicable law, including responding to lawful legal process | Legal obligation |
We do not:
- Sell or rent your personal data to anyone.
- Share your data with advertisers or data brokers.
- Use your data, your photos, or your scan reports to train AI models. (See Section 5 — our AI processor's API terms also forbid training on your data.)
- Use automated decision-making that produces legal or similarly significant effects on you.
5. Who we share data with (sub-processors)
In short: a small number of US-based service providers help us run the app. Each one is contractually limited to the purpose listed and cannot use your data for their own purposes.
We rely on the following sub-processors. We are the data controller; each sub-processor below acts as a processor on our behalf.
| Sub-processor | Purpose | Data shared | Location | Their privacy policy |
|---|---|---|---|---|
| Supabase, Inc. | Database hosting, authentication, file storage (your account, profile, logs, body-scan files) | All data categories in Section 3 except device crash logs | United States | https://supabase.com/privacy |
| Anthropic, PBC | AI body-scan parsing and plan generation via the Claude API (model: claude-haiku-4-5-20251001) |
The body-scan image/PDF you upload, plus the prompt context required to generate your plan. Anthropic does not train on data sent through their commercial API per their Commercial Terms of Service. | United States | https://www.anthropic.com/legal/privacy |
| Apple, Inc. | App distribution via the iOS App Store (when published) | Your App Store account info — handled by Apple, not by us. We may receive aggregated download metrics. | United States | https://www.apple.com/legal/privacy/ |
| Google LLC | App distribution via Google Play (when/if we publish to Android) | Your Play account info — handled by Google, not by us. | United States | https://policies.google.com/privacy |
| Functional Software, Inc. (Sentry) | Crash and error diagnostics so we can find and fix bugs | Crash stack traces, device model, OS version, app version, and a random user ID. We do not send your name, email, health data, or scan files to Sentry. | United States | https://sentry.io/privacy/ |
| Open Food Facts | Nutrition lookup for foods you search by name | The food search string you type (e.g., "chicken breast") — sent to OFF's public food database. We do not send your user ID, account info, or any other personal data. | France (public database) | https://world.openfoodfacts.org/cgu#privacy |
| USDA FoodData Central | Nutrition lookup fallback when Open Food Facts has no match | The food search string you type. We do not send personal data. USDA is a US government agency, not a commercial vendor. | United States | https://fdc.nal.usda.gov |
Aside from Sentry crash diagnostics (above), we do not use any third-party analytics, advertising SDKs, attribution networks, or behavioral tracking pixels in the app.
We may also disclose data when legally required (subpoena, court order, regulatory request) or to protect the rights, safety, or property of users or the public.
6. Where your data is stored and processed
In short: in the United States. If you live outside the US, your data is transferred to the US under appropriate safeguards.
All sub-processors listed in Section 5 are based in the United States, and your data is stored and processed there.
For users in the European Economic Area, the United Kingdom, or Switzerland, transfers to the United States rely on:
- The European Commission's Standard Contractual Clauses (2021) between Pagani Enterprises LLC and each US sub-processor, and
- Each sub-processor's own supplementary measures (encryption in transit and at rest, role-based access controls, audit logging).
You can request a copy of the SCCs we rely on by emailing the address in Section 1.
7. How long we keep your data
In short: until you delete it. There is no automatic retention period.
We keep your data for as long as your account is active. Two ways to remove it:
7.1 Per-scan delete
You can delete an individual body scan at any time from the Progress tab. When you do, we cascade-purge:
- The scan record itself
- All metrics extracted from it
- All AI-generated plans derived from it
- The original uploaded file in our Storage bucket
7.2 Full account deletion
You can delete your entire account from the in-app Profile screen. This triggers our delete-account Edge Function which:
- Removes every body-scan file you ever uploaded from Storage.
- Deletes your
auth.usersrow, which cascades through the database and removes your profile, all body scans, all metrics, all plans, all workout logs, all meal logs, all weight logs, all saved recipes, all custom plans, and all shopping items.
After that, the only remaining trace is operational backups, which roll off on our hosting provider's standard schedule (typically up to 30 days for point-in-time recovery, after which the data is unrecoverable). We do not access these backups except for disaster recovery.
You can also email us at privacy@paganienterprises.com and we will delete your account on your behalf.
8. Your rights
In short: you can see your data, fix it, take it with you, or have it deleted. You will never be punished for asking.
8.1 Rights for users in the EU, UK, EEA, and Switzerland (GDPR / UK GDPR)
You have the right to:
- Access the personal data we hold about you.
- Rectify data that is inaccurate or incomplete (most fields are editable directly in the app).
- Erase your data ("right to be forgotten") — see Section 7.
- Portability — receive a machine-readable export of the data you provided.
- Restrict processing in certain circumstances.
- Object to processing based on our legitimate interests.
- Withdraw consent at any time where we rely on consent (e.g., the body-scan feature). Withdrawal does not affect prior lawful processing.
- Lodge a complaint with your local data protection authority.
8.2 Rights for California residents (CCPA / CPRA)
You have the right to:
- Know what personal information we collect, use, share, or disclose about you.
- Delete your personal information.
- Correct inaccurate personal information.
- Limit the use of sensitive personal information — your body composition data, PAR-Q answers, and account credentials are sensitive personal information under CPRA. We use them only for the purposes in Section 4.
- Opt out of "sale" or "sharing" — N/A, because we do not sell or share your personal information for cross-context behavioral advertising.
- Non-discrimination — we will not deny service, charge a different price, or provide a lower quality of service because you exercised any of your rights.
8.3 How to exercise your rights
The easiest way is in-app: edit fields directly on your Profile, delete individual scans, or delete your full account. For requests we cannot fulfill in-app (e.g., a portable export), email privacy@paganienterprises.com from the email tied to your account. We will verify the request and respond within 45 days.
9. Children
In short: FitApp is for adults. We do not knowingly collect data from anyone under 16.
FitApp is not directed to children under 16. We do not knowingly collect personal data from anyone under 16. If we learn that we have collected data from someone under 16 without verified parental consent, we will delete the account and the data.
If you believe a child has created an account, email privacy@paganienterprises.com and we will investigate.
This minimum-age policy is stricter than the US Children's Online Privacy Protection Act (COPPA), which sets the threshold at 13, because:
- The app collects health-related data, which is sensitive.
- The EU GDPR sets the digital-services consent age between 13 and 16 depending on member state.
- A 16+ floor avoids parental-consent verification overhead while remaining compliant in every market we serve.
10. Security
In short: we use industry-standard protections, but no system is perfectly secure.
We protect your data with:
- TLS 1.2+ for all data in transit between the app and our servers.
- Encryption at rest for the database and Storage buckets, provided by Supabase.
- Row-Level Security (RLS) policies on every Supabase table — users can only read and write their own rows. The body-scan Storage bucket is similarly partitioned by user folder.
- Hashed passwords (we never store plaintext credentials).
- Service-role keys kept only in server-side Edge Function secrets and never shipped in app code.
- Least-privilege access for the small number of operators who can read production data.
- No third-party advertising or behavioral-analytics SDKs that could exfiltrate data. (Sentry crash diagnostics is scoped to error reports only — see Section 5.)
No security control is absolute. If we ever experience a breach involving your personal data, we will notify you and the relevant authorities as required by applicable law (typically within 72 hours for GDPR).
11. Changes to this policy
In short: we will tell you if anything material changes.
We may update this policy from time to time. When we do, we will:
- Update the "Last updated" date at the top.
- Post the new version at the URL where this policy lives.
- For material changes (e.g., a new sub-processor, a new data category, or a change in legal basis), notify active users in-app and by email at least 14 days before the change takes effect.
Continued use of the app after a material change becomes effective constitutes acceptance of the updated policy.
12. Contact
For any privacy question or to exercise a right under this policy:
- Email:
privacy@paganienterprises.com - Entity: Pagani Enterprises LLC, Florida, United States
- Postal address: 2139 N University Dr #2006, Coral Springs, FL 33071, United States
This policy is published in English. If we publish translations, the English version controls in case of conflict.