Privacy Policy

Your privacy is very important to us. This Privacy Policy explains in detail how XFit Pro (“we,” “our,” or “us”) collects, uses, stores, shares, and protects your personal data when you use our mobile application and related services. By downloading, registering, or otherwise using XFit Pro, you agree to the practices described in this policy.

1. What Data Do We Collect?

When you sign up for or use XFit Pro, we collect several categories of personal data, including but not limited to:

1.1 Identification Data

• Name: Full name as provided during registration.
• Email Address: Used for account login, communication, and notifications.

1.2 Physical and Health Data

• Age and Date of Birth: To ensure compliance with minimum age requirements and to provide age-appropriate recommendations.
• Gender: Used to customize workout plans and dietary suggestions.
• Weight and Height: To calculate Body Mass Index (BMI) and tailor fitness goals.
• Body Measurements: (e.g., chest, waist, hips) if voluntarily provided, to track progress more accurately.

1.3 Fitness and Lifestyle Data

• Training History: Past workout routines, sessions completed, and performance metrics.
• Dietary Preferences: Food allergies, dietary restrictions, or meal plan preferences you choose to share.
• Health Conditions: Any chronic illnesses or injuries you voluntarily disclose for safety and personalized guidance.

1.4 Device and Usage Data

• Device Information: Device model, operating system version, unique device identifiers (e.g., advertising ID), and mobile network information.
• Usage Metrics: How you interact with the app, features used, session durations, and crash logs.

1.5 Payment Information

When you choose to subscribe after the free trial or make in-app purchases, we collect:

• Payment Method: Credit/debit card number (tokenized), expiration date, billing postal code. We do not store full card numbers on our servers. Instead, payment processing is handled through a secure, PCI-compliant third-party (e.g., Stripe, Apple Pay, Google Pay).

2. How We Collect Data

We collect information in the following ways:

1. Directly from You: When you create an account, fill out your profile, complete health questionnaires, or update personal information within the app.
2. Automatically: Through cookies, log files, and similar tracking technologies when you use the app. For example, we may automatically record your usage IP address, device type, and in-app behavior to improve performance and user experience.
3. From Third Parties: If you choose to link your XFit Pro account with third-party apps (e.g., health tracking platforms, social media), we may receive data such as step counts or profile details from those services. All sharing occurs only if you explicitly grant permission.

3. How We Use Data

We use the information we collect to:

• Personalize Your Experience: Tailor workout plans, recommend exercise routines, and suggest meal plans based on your profile and goals.
• Improve User Experience: Analyze usage patterns to optimize app performance, fix bugs, and enhance existing features.
• Communicate with You: Send push notifications, emails, or in-app messages about upcoming sessions, new content, subscription reminders, and special promotions.
• Process Transactions: Handle subscription payments, refunds, and related billing inquiries through our payment processor.
• Ensure Safety and Compliance: Verify user eligibility (minimum age requirement) and share information with healthcare professionals if you request tailored medical advice (only with explicit consent).
• Legal and Security Purposes: Prevent fraud, enforce our Terms of Service, comply with applicable laws and regulations, and respond to lawful requests by public authorities.

4. Data Storage and Security

We understand how critical data security is. Below is an overview of how and where your data is stored:

4.1 Where We Store Data

• Cloud Database: Most personal and fitness-related data is stored securely in Firebase (or a similar cloud backend). Firebase uses industry-standard encryption protocols (AES-256) both in transit (HTTPS/TLS) and at rest.
• Device Storage: Some non-sensitive settings (e.g., user interface preferences) may be cached locally on your device to improve loading times and offline access.

4.2 Security Measures

• Encryption: All data transferred between your device and our servers is encrypted using HTTPS (TLS 1.2 or higher).
• Access Controls: Access to our backend is restricted to authorized personnel only, protected with multi-factor authentication (MFA) and role-based permissions.
• Regular Audits: We conduct periodic security assessments and vulnerability scans to identify and patch potential issues.
• Third-Party Processors: Payment information is handled by PCI-compliant third-party processors. We do not store full credit card numbers on our servers.

4.3 Data Retention

We retain your personal data for as long as your account is active or as needed to provide you services. If you request account deletion, we will delete or anonymize your personal data within 30 days, except where we are legally required to retain certain information (e.g., transaction records) for tax or regulatory purposes.

5. Your Rights

You have control over your personal data. Under applicable data protection laws (such as GDPR, CCPA for California residents), you have the following rights:

• Access: You can request a copy of the personal data we hold about you.
• Correction: If any of your information is inaccurate or incomplete, you can update or correct it through account settings or by contacting us.
• Deletion: You can request that we delete your account and associated data. Once deleted, your data is removed from active databases and, where possible, from backups.
• Data Portability: You can request your data in a structured, commonly used, machine-readable format (e.g., CSV or JSON).
• Withdraw Consent: If you previously provided consent for certain processing activities (e.g., marketing emails), you can withdraw that consent at any time without affecting other legal grounds we rely on to process your data.

To exercise any of these rights, please contact us at [email protected]. We will respond to your request within 30 days, or sooner if required by law.

6. Minimum Age Requirement

XFit Pro is intended for users who are at least 14 years old. We do not knowingly collect or solicit personal information from children under the age of 14. If you become aware that we have any information from a child under 14, please contact us immediately at [email protected], and we will promptly delete such information.

7. Policy Changes

We may update this Privacy Policy from time to time to reflect changes in our practices, new legal requirements, or improvements to our services. When we make significant changes, we will:

• Update the “Last updated” date at the top of this page.
• Notify you via the email address you provided at registration or by displaying an in-app notification when you next open XFit Pro.

We encourage you to review this policy periodically to stay informed about how we protect your data.

8. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please reach out to us:

• Email: [email protected]

We strive to respond to all inquiries within 48 business hours.