Privacy Policy

Understand how your personal information is collected, used, and protected when using Fit4Me, and learn about your rights regarding your data.

IMPORTANT INFORMATION ABOUT PRIVACY

The purpose of this notice is to give you the information you need to make an informed decision about your use of this Product. We also tell you about your rights and how to use them. If you have any questions, please contact us.

To use the Product, you may be asked to answer questions about yourself, including your name, email address, current weight and height, goal weight, fitness level, areas for improvement, dietary preferences, and other personal information. We also automatically collect settings from your device such as language, IP address, time zone, device type and model, device settings, operating system, internet service provider, mobile service provider, hardware ID, Facebook ID, and other unique identifiers (for example, IDFA and AAID). We use this data to provide our services, analyze how you use them, and measure our advertising.

Some of this information is sensitive personal information and consumer health data under US laws. Section 11 explains how we treat it. Section 12 explains what we share for advertising. Section 13 explains the cookies, pixels, and SDKs we use.

To learn more, please read this Privacy Policy. The most important sections to start with are Section 3 (what we do with data), Section 8 (EEA/UK rights), Section 9 (California rights), Section 10 (sensitive data), Section 11 (consumer health data), and Section 13 (other US state rights). You can also email us at support@fit4me.io.
1. Who we are

The controller for the Product is Wellorithm Fit4Me Systems LLC (Company Number L26000213559) of Naples, Florida, USA.

For the avoidance of doubt:

Wellorithm Fit4Me Systems LLC operates as a reseller/distributor of the Fit4Me app and related digital services.
The owner of the Fit4Me app is Nutrionika LLC.

For privacy questions, write to privacy@fit4me.io or support@fit4me.io.

2. Categories of personal data we collect

We collect data that you give us voluntarily, data we receive from third parties, and data we collect automatically.

2.1. Data you give us

Name, age, gender, physical characteristics (height, weight, body areas you want to improve), fitness level, dietary preferences (food preferences, meal frequency, foods you dislike), meditation preferences, sleep preferences, type and duration of physical activity, food intake, email address, photos you upload, and similar information.

2.2. Data from third parties

When you sign in with Apple, we receive your name and a verified email address (real or a private relay address) from your Apple ID. When you pay through Apple, Stripe, PayPal, and other, we receive transaction confirmations from those services.

2.3. Data we automatically collect

a. How you found us. Source application or URL that led you to our site.

b. Device and location. Language preferences, IP address, time zone, device type and model, device settings, operating system, internet service provider, mobile network operator, device ID, Facebook ID, and approximate location derived from IP. We do not collect precise GPS location unless you turn it on for a specific feature.

c. Use of the Product. Clicks, features and content you interact with, workouts, time and duration of workouts, frequency, time in‑app, progress, and orders. We also record advertisements you see and links you click.

d. Advertising identifiers. Apple IDFA or Google AAID, depending on your device. You can reset these in your device settings.

e. Transaction data. Date, time, amount, and type of payment method. We do not collect or store full payment card numbers.

f. Cookies and similar technologies. See Section 13.

2.4. Sensitive personal information (US)

We collect the following categories that are sensitive personal information under California's CPRA and sensitive dataunder Virginia, Colorado, Connecticut, Texas, Oregon, Montana, Delaware, New Hampshire, New Jersey, Maryland, Minnesota, Rhode Island, Indiana, Tennessee, Kentucky, and Nebraska privacy laws:

Health information (weight, BMI, body composition, fitness level, dietary restrictions, medical conditions you disclose such as diabetes, pregnancy, post‑surgery status, amputee programs).
Information about your sex life or sexual orientation only if you choose to share it (for example, menstrual cycle data).
Account log‑in credentials.
Precise geolocation, only when you enable it for a feature that needs it.
Racial or ethnic origin, religious beliefs, or citizenship status — we do not request these.

We process sensitive data only for the purposes listed in Section 3. Where state law requires it (most states other than California), we ask for your opt‑in consent before we process sensitive data. In California, you can ask us to limit the use and disclosure of your sensitive personal information to what is necessary to provide the Product (see Section 10).

2.5. Consumer health data

The Product collects consumer health data as defined by Washington's My Health My Data Act (MHMDA) and Nevada SB 370, including weight, body measurements, dietary needs, fitness goals, fitness level, sleep patterns, mental wellness inputs, menstrual data, and any health condition you disclose. Section 12 explains how this data is treated.

2.6. Children's data

The Product is not directed to children under 13. We do not knowingly collect personal data from children under 13. See Section 15.

3. For what purpose we process your personal data

To provide our services. Operate the Product, prevent and fix errors. We use Amazon Web Services (AWS) for hosting.

To personalize your experience. Customize content and suggestions based on your inputs, including syncing your fitness plan with your menstrual cycle.

To provide customer support. Respond to your requests through HubSpot ticketing and email.

To communicate with you. Push notifications and emails about features, security, payments, terms, and this Policy. You can turn off notifications in device settings and unsubscribe from emails using the link in each email.

To research and analyze how the Product is used. Improve features and content using Facebook Analytics, Google Analytics, Amplitude, Firebase Remote Config, Firebase Analytics, Crashlytics, and AppsFlyer.

To send marketing. Personalized emails through Sendpulse and similar tools. You can unsubscribe at any time.

To personalize advertising. Show our ads on Facebook, Instagram, Google, and partner networks. See Section 12.

To process payments. Through Apple, Stripe, PayPal, and other providers.

To enforce our Terms of Use and prevent fraud. Detect and respond to abuse and protect our users and our business.

To comply with legal obligations. Respond to lawful requests and meet our retention duties.

4. Legal basis (EEA, UK, Switzerland)

This section applies to users in the EEA, the UK, and Switzerland. We rely on:

Your consent for marketing emails, push notifications, non‑essential cookies, and processing of special category data.
Performance of a contract with you to provide the services, manage your account, communicate with you about your use of the Product, and process payments.
Legitimate interests to research and analyze use of the Product, personalize advertising in a privacy‑respecting way, enforce our Terms, and prevent fraud.
Legal obligation to keep accounting records and respond to lawful requests.

5. Who we share your personal data with

We share information with service providers, processors, and contractors that help us run the Product:

Cloud and hosting: Amazon Web Services.
Analytics: Google, Facebook (Meta), Amplitude, Firebase, Crashlytics, AppsFlyer.
Marketing: Sendpulse, Meta, Google, Apple, partner ad networks.
Customer support: HubSpot, Zendesk.
Payments: Apple, Stripe, PayPal, and other.
Sign‑in: Apple, Google.

We may also share information with law enforcement and government bodies as required by law, and with other parties as part of a corporate transaction such as a sale, merger, or financing.

We require service providers and contractors to use your data only for the purposes we tell them, and we sign data processing terms with them where required by law.

6. Targeted advertising, "sale," and "sharing"

We do not sell personal information for money. However, when we use the Meta Pixel, Meta Custom Audiences, Google Ads, AppsFlyer, and similar advertising tools, your personal information may be shared with these partners for cross‑context behavioral advertising. Under California's CPRA this counts as "sharing." Under several other state laws this can count as "sale" or "targeted advertising."

You have the right to opt out of all of this. Email us at privacy@fit4me.io with the subject line "Opt out of sale and sharing".

We will apply your opt‑out across known browsers and devices when you are signed in.
In the last 12 months, we have shared the following categories with the following categories of recipients for cross‑context behavioral advertising and targeted advertising:

Identifiers (advertising IDs, device ID, hashed email) — ad networks (Meta, Google), measurement partners (AppsFlyer).
Internet activity (in‑app events, page views) — analytics and ad networks.
Inferences (interest segments) — ad networks.

We do not share sensitive personal information for cross‑context behavioral advertising or targeted advertising.

7. Cookies, pixels, and SDKs

We use the following categories. A full, up‑to‑date list and an opt‑out tool are available in our cookie banner.

Necessary (always on): session, security, fraud prevention.
Preferences: language, preferences.
Statistics: Google Analytics, Firebase Analytics, Amplitude, Crashlytics.
Marketing: Meta Pixel, Meta Custom Audiences, Google Ads remarketing, AppsFlyer, partner ad networks.

We load advertising and analytics technologies only after you give consent through the cookie banner (or, in the US, in line with the choices you make). The "Reject all" option is as easy to use as "Accept all."

8. Your privacy rights (EEA, UK, Switzerland)

You have rights of access, rectification, erasure, restriction, objection, portability, and to withdraw consent, as set out in the GDPR or UK GDPR. The right to erasure has limits set out in Article 17 of the GDPR.

You can use most rights through your account or through the contact options at the end of this Policy. We will respond within one month and may extend by two further months for complex requests.

If you believe we have processed your data unlawfully, you may complain to your local data protection authority. For example:

UK: Information Commissioner's Office, https://ico.org.uk/.
Ireland: Data Protection Commission, https://www.dataprotection.ie/.
Other EEA: list at https://edpb.europa.eu/about-edpb/board/members_en.

9. California privacy rights (CCPA/CPRA)

If you are a California resident, you have the rights listed below. To exercise them, email us at privacy@fit4me.io.

Right to know. Categories and specific pieces of personal information we collect, use, disclose, sell, or share, the sources, the purposes, and the categories of third parties that received your information.
Right to delete. Subject to the exceptions in CCPA section 1798.105(d).
Right to correct. Inaccurate personal information.
Right to opt out of sale and sharing. See Section 6. Global Privacy Control is not supported yet.
Right to limit the use and disclosure of sensitive personal information. You can ask us to limit use and disclosure of your sensitive personal information to what is necessary to provide the Product.
Right to non‑discrimination. We will not deny services, charge different prices, or provide a different quality of service because you used a privacy right.
Right to no retaliation against employees and applicants.

We respond to verifiable consumer requests within 45 days, with one 45‑day extension if needed. We confirm receipt within 10 business days. Opt‑out requests take effect within 15 business days. You may use an authorized agent by giving them written permission and verifying your identity with us.

In the last 12 months, we have:

Collected the categories listed in Section 2.
Disclosed for a business purpose identifiers, customer records, internet activity, geolocation (approximate), commercial information (transactions), inferences, health information, and account credentials, to the categories of recipients listed in Section 5.
Shared the categories listed in Section 6 for cross‑context behavioral advertising.
Not sold personal information for monetary consideration.

Shine the Light. California residents can request information about disclosures of personal data to third parties for their direct marketing in the prior calendar year. Email privacy@fit4me.io with the subject "Shine the Light."

10. Sensitive personal information

We use sensitive personal information only to provide the Product, personalize your plan, perform safety and security functions, prevent fraud, comply with the law, and verify the quality of our service. We do not use it to infer characteristics about you for advertising. Where state law requires it, we ask for your opt‑in consent before processing sensitive data. California residents can ask us to limit the use and disclosure of sensitive personal information, as described in the Your Privacy Choices section.

11. Consumer health data (Washington MHMDA, Nevada SB 370, and similar laws)

If you are a Washington or Nevada resident, or any other resident protected by a consumer health data law, the following extra rights apply.

Authorization. We will ask for your separate authorization before we share or sell consumer health data. You can withdraw authorization at any time without affecting processing that took place before withdrawal.
Right to confirm. You can ask whether we are processing your consumer health data, and which third parties have received it.
Right to delete. You can ask us to delete your consumer health data, and we will pass the request to our processors and affiliates.
No geofencing. We do not use geofences around any in‑person healthcare facility to identify, track, or send messages to consumers.
Contact. Email privacy@fit4me.io.

We retain consumer health data only as long as needed to provide the Product or as required by law (see Section 17).

12. Florida Digital Bill of Rights

If you are a Florida resident, you may have rights to access, correct, delete, and obtain a portable copy of your personal information, opt out of targeted advertising, sale, and certain profiling, and opt out of the collection or processing of sensitive data and biometric data, to the extent the Florida Digital Bill of Rights applies to us. We will not knowingly sell personal data of a consumer under 18 or process such data for targeted advertising. To use these rights, contact privacy@fit4me.io.

13. Other US state privacy rights

If you are a resident of Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, Iowa, Tennessee, Indiana, Delaware, New Hampshire, New Jersey, Maryland, Minnesota, Rhode Island, Kentucky, or Nebraska, you generally have the rights below.

The exact scope depends on your state.

Right to confirm processing and access your personal data.
Right to correct inaccurate personal data.
Right to delete personal data we hold about you.
Right to a portable copy of your personal data.
Right to opt out of sale, targeted advertising, and certain profiling that produces legal or similarly significant effects.
Right to opt in before we process sensitive data, including consumer health data, precise geolocation, and data of known children.
Right to appeal a denial of any of these rights. We respond to appeals within 60 days. If we deny the appeal, we tell you how to contact your state Attorney General.

To use these rights, email us at privacy@fit4me.io. We respond within 45 days, and we may extend that period once by an additional 45 days. You may use an authorized agent with written permission and identity verification. We do not currently support universal opt‑out signals (including Global Privacy Control).

14. Children

The Product is not directed to children under 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and you believe your child has given us personal information, please email privacy@fit4me.io and we will delete it.

For users between 13 and 16 in the EEA and UK, processing requires consent in line with local law. For users under 16 in California, we will not sell or share their personal information without their opt‑in consent (or the opt‑in consent of a parent or guardian for users under 13).

We do not knowingly process personal data of users under 18 for targeted advertising or sale.

15. International data transfers

We do business worldwide. We may transfer personal data to countries other than the country where it was collected. For transfers from the EEA, UK, and Switzerland to the United States and other countries without an adequacy decision, we use Standard Contractual Clauses with our processors and, where relevant, the UK International Data Transfer Addendum and the Swiss SCC addendum. Where available, we rely on the EU‑US Data Privacy Framework and its UK and Swiss extensions.

16. Retention

We keep your data only as long as needed for the purpose for which we collected it, then delete or anonymize it. Indicative retention periods:

Account data: until you delete your account, then up to 30 days for backups.
Health and fitness data: until account deletion or withdrawal of authorization, then up to 30 days for backups.
Payment and tax records: 7 years (US tax law).
Marketing data: until you unsubscribe, then up to 30 days.
Support tickets: up to 3 years after the last contact.
Server and security logs: up to 12 months.
Cookies and SDK identifiers: per the cookie banner, typically 13 months or less.

We may keep limited records longer where the law requires it or where we need to defend or bring a legal claim.

17. Changes to this Privacy Policy

We may change this Policy. If we make material changes, we will notify you in the Product or by email and ask for new consent where the law requires it. The "last updated" date at the bottom of this Policy shows when it was last changed. We keep prior versions and provide them on request.

18. Do Not Track and Global Privacy Control

Many browsers offer a Do Not Track signal. Industry standards for Do Not Track are not settled, so we do not respond to it. We do not currently support Global Privacy Control (GPC) signals.

19. How to delete your account

You can request deletion in the App:

iOS: Open the Fit4Me app → Plan → Profile → Personal Data Management → Delete personal data.
Android: Open the Fit4Me app → Plan → Profile → Personal Data Management → Request Data Deletion.

This action cannot be undone. You will be logged out and your progress will be deleted. You can also email privacy@fit4me.io to request account deletion.

20. Authorized agents and how to verify a request

You can use an authorized agent to act for you. Send us a signed permission, plus enough information so we can verify your identity (typically your account email and a one‑time code we send to that email). Businesses cannot use the consumer rights in this Policy.

21. Right to appeal

If we deny a rights request, you can appeal by replying to our decision email within 60 days, or by emailing privacy@fit4me.io with the subject "Privacy appeal." We respond within 60 days. If we still deny the appeal, we will explain how to contact your state Attorney General.

22. Contact us

For any privacy question, contact:
Email: privacy@fit4me.io (privacy) or support@fit4me.io (general).

Appendix A — Your Privacy Choices

Use this section to control how Fit4Me uses your personal information. You can opt out of sale and sharing, limit the use of your sensitive personal information, manage your consumer health data, and send rights requests. This section works together with this Privacy Policy.

A1. What this section does

From this section you can:

Opt out of the sale of your personal information.
Opt out of the sharing of your personal information for cross‑context behavioral advertising.
Opt out of targeted advertising under Virginia, Colorado, Connecticut, Texas, Oregon, Montana, Delaware, New Hampshire, New Jersey, Maryland, Minnesota, Rhode Island, Indiana, Tennessee, Kentucky, and Nebraska law.
Limit the use and disclosure of your sensitive personal information under California's CPRA.
Manage consumer health data under Washington's My Health My Data Act and Nevada SB 370.
Send a verifiable consumer request to access, correct, delete, or port your personal information.
File an appeal if we deny a rights request.

Global Privacy Control (GPC) is not supported yet.

A2. Your privacy choices

You can submit the choices below by email to privacy@fit4me.io. Please include the email address linked to your Fit4Me account, and clearly state which choices you want to apply.

Choice	What it does	Default
Do Not Sell or Share My Personal Information	Stops sale and sharing for cross‑context behavioral advertising. Disables Meta Pixel, Google Ads remarketing, and similar tools for your account.	Off (opted in) until you change it by contacting us.
Do Not Use My Information for Targeted Advertising	Stops processing of your personal information for targeted advertising under non‑California state laws.	Off until you change it by contacting us.
Limit Use of My Sensitive Personal Information	Restricts use of sensitive personal information to what is necessary to provide the Product, in line with CPRA section 1798.121.	Off until you change it by contacting us.
Do Not Use My Information for Significant Profiling	Stops profiling that produces legal or similarly significant effects under VA, CO, CT, OR, TX, MT, DE.	Off until you change it by contacting us.

A3. Send a rights request

Use this form to access, correct, delete, port, or appeal. We confirm receipt within 10 business days and respond within 45 days (with one 45‑day extension if needed). Opt‑out requests take effect within 15 business days.

Right to know or access
Right to correct
Right to delete
Right to a portable copy
Right to opt out of sale, sharing, or targeted advertising
Right to limit the use of sensitive personal information
Right to opt out of profiling
Appeal of a denied request

Required fields

Full name
Email address linked to your Fit4Me account
State of residence
Description of your request
If you are using an authorized agent: signed authorization and a copy of the agent's ID

We verify identity by sending a one‑time code to the email on your Fit4Me account. We may ask for additional information if the request involves sensitive data.

Send the form to privacy@fit4me.io with the subject line "Privacy rights request – [your state]".

A4. Consumer health data

This section applies to Washington and Nevada residents and to anyone covered by a similar consumer health data law.

Withdraw authorization. Send an email to privacy@fit4me.io with the subject "Withdraw health data authorization." We will stop sharing or selling your consumer health data and confirm within 45 days.
Confirm processing. Ask which categories of consumer health data we process and which third parties have received it.
Delete consumer health data. Ask us to delete your consumer health data and pass the request to our processors and affiliates.
No geofencing. We do not use geofences around any in‑person healthcare facility to identify, track, or send messages to consumers.

Third parties that may receive consumer health data when you choose to share it: Amazon Web Services (hosting), Amplitude (analytics), Firebase (configuration and analytics), AppsFlyer (attribution), HubSpot and Zendesk (support), Sendpulse (email).

A5. What we collect, share, and sell

In the last 12 months we have:

Category	Collected	Disclosed for a business purpose	Shared for advertising	Sold for money
Identifiers (name, email, device IDs, IDFA/AAID)	Yes	Yes	Yes	No
Customer records (account info)	Yes	Yes	No	No
Internet activity (in‑app events, page views)	Yes	Yes	Yes	No
Geolocation (approximate)	Yes	Yes	No	No
Commercial information (transactions)	Yes	Yes	No	No
Sensitive personal information (health, dietary, menstrual)	Yes	Yes	No	No
Inferences (interest segments)	Yes	Yes	Yes	No

Categories of recipients are listed in Section 5 of this Privacy Policy.

A6. Children and teens

We do not knowingly collect data from children under 13 and do not knowingly process data of users under 18 for targeted advertising or sale. Parents and guardians can request access, correction, or deletion on behalf of a child by emailing privacy@fit4me.io with the subject "Parental request."

A7. Authorized agents

You can use an authorized agent to act for you. Send us a signed authorization (or a power of attorney), plus enough information for us to verify your identity. We may contact you to confirm the agent's authority before we act on the request.

A8. Appeals

If we deny a rights request, you can appeal within 60 days by replying to our decision email or by emailing privacy@fit4me.io with the subject "Privacy appeal." We respond within 60 days. If we still deny the appeal, we will explain how to contact your state Attorney General.

A9. Records and timelines

We keep a confidential log of rights requests for 24 months to comply with the CPRA and similar state laws. The log records the request date, type, state, response date, and outcome. We do not use this log for any other purpose.

A10. Contact

Email: privacy@fit4me.io.