Privacy Policy

Last updated: April, 2026

This Privacy Policy describes how fitsate collects, uses, and protects your personal data. We are committed to transparency and protecting your privacy.

1. Data We Collect

We collect the following categories of data to provide our nutrition and wellness tracking services:

Account Information
  • Email address, username, and password (securely hashed)
  • First name, last name, and date of birth (optional)
Health & Body Data
  • Height, weight, and target weight
  • Body measurements: waist, chest, hip, arm, thigh circumference
  • Body composition: body fat percentage, muscle mass, visceral fat
  • Calculated metrics: BMI, BMR, RMR
  • Gender, activity level, and wellness goals
Nutrition Data
  • Meal entries: foods consumed, portion sizes, timestamps
  • Drink and water intake entries
  • Nutrition goals and macro targets
  • Meal plans and scheduled meals
  • Dietary preferences and food allergies
User-Created Content
  • Recipes, snacks, and drinks you create
  • Grocery lists and shopping items
  • Personal notes and posts
  • File attachments and images
Activity & Wellness
  • Intermittent fasting schedules and logs
  • Exercise logs and workout data
  • Daily check-ins and achievements
  • Task items and time tracking
Technical Data
  • IP address (for security and fraud prevention)
  • Activity logs (page visits, actions taken)
  • Browser type and device information

2. AI Features — Local Processing

Your data stays with us. All AI features are powered by locally-hosted models. No data is sent to third-party AI providers.
  • Voice Transcription: Whisper speech-to-text runs entirely on our servers. Your voice recordings are transcribed locally and stored only in your account.
  • AI Coaching: Our AI assistant uses Ollama, a locally-hosted large language model. Your conversations are processed on our infrastructure, not sent to external services.
  • Meal Recommendations: Recipe suggestions and nutrition analysis are generated locally using your data.

Your AI conversation history is stored in your account and can be deleted at any time.

3. Cookies

We use only strictly necessary cookies to operate the service:

  • Authentication: To keep you logged in securely.
  • Anti-forgery: To protect against cross-site request forgery attacks.
  • Language preference: To remember your chosen language.
  • Theme preference: To remember your light/dark mode choice.
  • Cookie consent: To remember that you acknowledged this notice.

We do not use:

  • Tracking or advertising cookies
  • Third-party analytics cookies
  • Social media tracking pixels

4. How We Use Your Data

  • To provide nutrition tracking, meal planning, and wellness features
  • To generate personalized meal recommendations (locally)
  • To calculate nutritional information and progress metrics
  • To authenticate you and secure your account
  • To send transactional emails (password resets, account verification)
  • To improve service quality and fix issues
  • To prevent fraud and unauthorized access

5. Data Sharing

We do not sell your data.
  • We do NOT sell or rent your personal data to anyone.
  • We do NOT share your data with advertisers.
  • We do NOT use third-party analytics services.
  • All infrastructure is self-hosted — your data stays on our servers.

The only exceptions:

  • If required by law (court order, legal process)
  • Content you explicitly choose to share publicly (shared recipes)

6. Your Rights (GDPR)

You have the following rights regarding your personal data:

  • Right to Access: You can request a copy of all data we hold about you.
  • Right to Rectification: You can update or correct your personal information at any time through your account settings.
  • Right to Deletion: You can delete your account and all associated data.
  • Right to Portability: You can export your data in a machine-readable format (JSON).
  • Right to Object: You can opt out of non-essential data processing.
  • Right to Restrict Processing: You can request we limit how we use your data.

To exercise these rights, contact us at: privacy@fitsate.com

7. Data Retention

  • Active accounts: Your data is retained as long as your account is active.
  • Deleted accounts: When you delete your account, there is a 30-day grace period to recover it. After 30 days, all data is permanently deleted.
  • Activity logs: Automatically deleted after 90 days.
  • Backups: Encrypted backups are retained for disaster recovery and automatically expire.

8. Security

We implement industry-standard security measures to protect your data:

  • Passwords are hashed using secure, one-way algorithms
  • All connections are encrypted with HTTPS/TLS
  • Database connections are encrypted
  • Regular security updates and patches
  • Rate limiting to prevent brute-force attacks
  • Account lockout after failed login attempts

9. Children's Privacy

fitsate is not intended for children under 13 years of age. We do not knowingly collect personal data from children under 13. If you believe a child has provided us with personal data, please contact us immediately.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via email or through the service. The 'Last updated' date at the top indicates when this policy was last revised.

11. Contact

If you have questions about this Privacy Policy or your personal data, please contact us: