Fitto Logo
Fitto

Privacy Policy

Last updated: 3/23/2026
Welcome to the Fitto Privacy Policy. This document explains how we collect, use, share, and protect your personal information when you use our application and services (Fitto v2.0.4).

1. Information We Collect

1.1. Account and profile: When you create an account, we collect information such as email address, password (stored securely), and profile details you choose to provide—for example username, display name, and photo URL or uploaded profile image.
1.2. Nutrition, fitness, and tracking: We store data you enter or generate in the app, such as nutritional goals, calorie and macro targets, weight entries, and meal tracking records.
1.3. Recipes and interactions: We may store recipe-related activity you use in the app, such as bookmarks and comments, where those features are available.
1.4. Subscriptions: Subscription status and entitlements are processed through our subscription partner (RevenueCat), which helps us manage billing and access to paid features.
1.5. Usage and operational data: We collect information needed to run the service, such as how you use core features (for example searches, favorites, and saved items) and technical metadata needed for reliability and support.
1.6. Device data, push notifications, and permissions: To send reminders and deliver notifications in your local time, we may process your Expo push token and timezone. Push notifications depend on your device permission settings. Our app may declare advertising-related permissions (for example AD_ID) where required by the platform or for future compatibility; we do not use those identifiers for broad profiling in the app today. We do not routinely collect detailed device model lists, carrier identifiers, or mobile network data unless needed for a specific support or security issue.
1.7. Images and uploads: If you upload images—such as a profile picture, meal-related photos for AI or logging, or attachments for support or error reports—those files may be stored in our cloud infrastructure. Some assets may be served via URLs that are not secret if someone obtains the link; please do not upload highly sensitive personal information in images.

2. How We Use Your Information

2.1. Service provision: We use your information to provide, personalize, and improve Fitto, including food equivalence search, macronutrient tracking, comparisons, meal logging, and related features.
2.2. Communications: We may contact you through email, in-app notices (where available), and push notifications (if you allow them) for purposes such as security and account events, reminders, service updates, and operational messages.
2.3. Application improvements: We analyze usage and operational data to improve functionality, performance, and reliability.
2.4. Advertising: Product rules may describe the free plan as supported with ads. At this time, ad personalization and interest-based ad profiling are not active in the app, and ad delivery may be placeholder. We may introduce ads in the future; if we do, we will update this Policy before rollout.
2.5. AI-powered features: When you use AI-related features (such as parsing meal text, analyzing food images, or processing voice input transcribed to text), relevant input may be sent through our secure backend proxy to third-party AI providers solely to provide those features—for example food extraction, nutritional matching, and assistant-like parsing. Providers may change over time (for example services accessed via Google Gemini, OpenRouter, or similar). If our processors change in a material way, we will update this Policy as appropriate.

3. Information Sharing

3.1. Service providers: We share data with categories of providers that help us operate Fitto, including: backend, database, authentication, and file storage (for example Supabase); subscription and entitlement management (RevenueCat); AI inference through our backend proxy (third-party AI providers as described above); and push notification infrastructure (Expo and related services). They process data only as needed to perform services for us, under appropriate agreements.
3.2. Legal requirements: We may disclose your information when we believe, in good faith, that disclosure is necessary to comply with a legal obligation, protect our rights, your safety, or the safety of others.
3.3. With your consent: We may share information with third parties when you give us consent to do so.

4. Data Security

We implement technical and organizational measures designed to protect your information against unauthorized access, alteration, disclosure, or destruction. However, no method of transmission over the Internet or method of electronic storage is 100% secure.

5. Your Rights

Depending on your location, you may have rights related to your personal data, including:
To exercise these rights, including requesting deletion of your data, please visit our Data Deletion Request page.
  • Access the personal data we hold about you
  • Correct inaccurate or incomplete data
  • Delete your personal data
  • Restrict or object to the processing of your data
  • Request data portability
  • Withdraw consent at any time

6. Data Retention

We retain personal information for as long as your account is active and as needed to provide the service. We may retain certain data longer where required by law, to resolve disputes, enforce our terms, or protect our rights and users. When retention ends, we delete or anonymize data according to our processes.

7. Children

Our services are not directed to children under 13, and we do not knowingly collect personal information from children under 13. If we learn that we have collected personal information from a child under 13, we will take steps to delete or anonymize that information, consistent with applicable law and our app store disclosures.

8. Changes to this Policy

We may update this Privacy Policy from time to time. We will post the updated policy on this page with a revised "Last updated" date. For material changes, we may also provide additional notice—for example in the app, by email, or both—where appropriate.

What changed (v2.0.4)

  • Clarified advertising: interest-based ads are not active; free plan may be described as ad-supported; future ads will be reflected here before rollout.
  • Added disclosures for AI processing (backend proxy and third-party providers), push notification data (token, timezone), narrower device/permission language, and uploads in cloud storage.
  • Expanded categories of data we collect, service providers we use, and communications channels.
  • Clarified deletion paths (web request and in-app), retention criteria, and international processing.

9. Contact

If you have questions or concerns about this Privacy Policy or our data practices, please contact us by email: privacy@fitto.app

10. International Users

Fitto may be operated from or processed using infrastructure in countries other than where you live. When we transfer personal data across borders, we take steps consistent with applicable law and rely on appropriate safeguards where required (such as contractual protections offered by providers).